The messaging app is under direct attack from Russian domestic intelligence. The real target may be Facebook and Twitter.
Every government involved in today’s cyberwars has some interest in surveilling the users of messenger apps; but more oppressive states don’t bother to hide it. Telegram, the encrypted messenger in Russia, recently received a letter from the country’s domestic intelligence service, the FSB that highlights this disparity — and the dangers of trusting tech companies’ privacy-related assurances.
Telegram, which has more than 100 million monthly active users, enjoys outsize popularity in the Middle East, where U.S. products are often distrusted. According to App Annie, it’s the most downloaded communication app on Android devices in Iran, while WhatsApp with its more than 1 billion users comes second. In a way, that’s understandable: it wasn’t so long ago that Iran tried to ban WhatsApp because of Mark Zuckerberg, calling the chief executive officer of WhatsApp owner Facebook “an American Zionist.” To many Iranians, a Russian connection is safer, but that doesn’t mean the Iranian government won’t go after Telegram as well: Tehran prosecutors have recently filed charges of child pornography and extremist propaganda against Durov.
To Americans or, for example, to protesters in Hong Kong, the probable compromise of China-based messengers such as WeChat and QQ (the Chinese government being the obvious culprit) is a strong reason not to use them. In 2014, now-impeached South Korean President Park Geun-hye had prosecutors trail the local messenger app, Kakao Talk, for insulting comments about her, inducing a mass migration to Telegram, which promised end-to-end encryption.
In Russia, the encryption promise without either a U.S. or any noticeable local presence has brought Telegram about 10 million users. The messenger’s “channel” capability, which allows a user to broadcast content to subscribers, has attracted anonymous commentators with inside knowledge of Russian politics, as well as talented entertainers; the most popular political and entertainment channels have followers in the tens of thousands, and they are widely quoted and discussed in the media. Channel owners sell ads, something Telegram itself doesn’t do, and some entrepreneurs have even sold their channels. This phenomenon probably wouldn’t have been possible without a perception of safety and neutrality.
People know by now not to put too much of their lives on social networks such as Facebook, Instagram or Twitter. These services are too easy for employers and governments to track; in Russia and other countries with authoritarian regimes, people have been jailed for comments on public social networks. The risks of putting too much on email is obvious to anyone who has followed the U.S. scandals during the 2016 election campaign. Messengers have projected a sense of greater security by claiming they use end-to-end encryption (which doesn’t necessarily mean they are much safer) and simply by not putting our interactions out in the open where everyone can read them, the way the social networks do. But the Russian security services’ interest in Telegram — like the WeChat case in China or the U.K. government’s persistent attempts to have a backdoor built into WhatsApp — is a sign that each of these systems is eventually likely to be penetrated. Spy services are persistent, and they have a lot of power to both demand entry and gain entry illegally.
This poses a danger for anyone using messenger apps developed by any corporate entity. These are easy targets for open and covert government pressure anywhere, but especially in authoritarian countries such as Russia. For the highest possible level of privacy and security, an app needs to be open-source and constantly watched over by an engaged, distributed developer community; Signal, the app Snowden recommends, fits that description most closely. For Telegram, the game may well be up soon.