Sponsored Links
-->

Sunday, September 30, 2018

India sends its last telegram ... stop - NBC News
src: media4.s-nbcnews.com

Telegram is a cloud-based instant messaging and voice over IP service developed by Telegram Messenger LLP, a privately held company registered in London, United Kingdom, founded by the Russian entrepreneur Pavel Durov. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS and Linux. Users can send messages and exchange photos, videos, stickers, audio and files of any type.

Telegram's client-side code is open-source software but the source code for recent versions is not always immediately published, whereas its server-side code is closed-source and proprietary. The service also provides APIs to independent developers. In March 2018, Telegram stated that it had 200 million monthly active users. According to its CEO, as of April 2017, Telegram's annual growth rate was greater than 50%.

Messages and media in Telegram are only client-server encrypted and stored on the servers by default. The service provides end-to-end encryption for voice calls, and optional end-to-end encrypted "secret" chats between two online users, yet not for groups or channels.

Telegram's security model has received notable criticism by cryptography experts. They criticized the general security model of permanently storing all contacts, messages and media together with their decryption keys on its servers by default and by not enabling end-to-end encryption for messages by default. Pavel Durov has argued that this is because it helps to avoid third-party unsecure backups, and to allow users to access messages and files from any device. Cryptography experts have furthermore criticized Telegram's use of a custom-designed encryption protocol that has not been proven reliable and secure.

Telegram has faced censorship or outright bans in some countries over accusations that the app's services have been used to facilitate illegal activities, such as protests and terrorism, as well as declining demands to facilitate government access to user data and communications.


Video Telegram (service)



History

Development

Telegram was launched in 2013 by the brothers Nikolai and Pavel Durov. Previously the pair founded the Russian social network VK, they left VK when it was taken over by the Mail.ru Group. Nikolai Durov created the MTProto protocol that is the basis for the messenger, while Pavel provided financial support and infrastructure through his Digital Fortress fund with partner Axel Neff joining as a second co-founder. Telegram Messenger states that its end goal is not to bring profit, but it is not currently structured as a non-profit organization.

Telegram is registered as both an English LLP and an American LLC. It does not disclose where it rents offices or which legal entities it uses to rent them, citing the need to "shelter the team from unnecessary influence" and protect users from governmental data requests. Pavel Durov has said that the service was headquartered in Berlin, Germany, between 2014 and early 2015, but moved to different jurisdictions after failing to obtain residence permits for everyone on the team. Durov left Russia and is said to be moving from country to country with a small group of computer programmers. According to press reports, Telegram had employees in St. Petersburg. The Telegram team is currently based in Dubai.

In December 2017, Cointelegraph reported that Telegram was planning to launch a blockchain platform and native cryptocurrency. In January 2018, TechCrunch confirmed the news, referring to multiple sources. To fund the TON launch as well as the ongoing support and development of Telegram Messenger, Telegram launched an Initial Coin Offering (ICO). The cryptocurrency platform is to be based on an entirely new blockchain and may be called the "Telegram Open Network" (TON), while the TON currency may be called "Gram". A 23-page white paper and a detailed 132-page technical paper of the project were released sequentially.

Pavel Durov formed TON Issuer Inc in February 2018. The corporation has raised $850M in the first round, 81 investors participated in this issuance. As of April 2018, the firm has reported raising $1.7 billion through the ongoing ICO. Company officials have not made any public statements regarding the ICO. As of spring 2018, the only official sources of information are the two Forms D that Telegram filed with the U.S. Securities and Exchange Commission.

Usage numbers

In October 2013, Telegram had 100,000 daily active users. On 24 March 2014, Telegram announced that it had reached 35 million monthly users and 15 million daily active users. In October 2014, South Korean governmental surveillance plans drove many of its citizens to switch to Telegram. In December 2014, Telegram announced that it had 50 million active users, generating 1 billion daily messages, and that it had 1 million new users signing up on its service every week; traffic doubled in five months with 2 billion daily messages. In September 2015, an announcement stated that the app had 60 million active users and delivered 12 billion daily messages. In February 2016, Telegram announced that it had 100 million monthly active users, with 350,000 new users signing up every day, delivering 15 billion messages daily. In December 2017, Telegram reached 180 million monthly active users. In March 2018, Telegram reached 200 million monthly active users.


Maps Telegram (service)



Features

Account

Telegram accounts are tied to telephone numbers and are verified by SMS or phone call. Users can add multiple devices to their account and receive messages on each one. Connected devices can be removed individually or all at once. The associated number can be changed at any time and when doing so, the user's contacts will receive the new number automatically. In addition, a user can set up an alias that allows them to send and receive messages without exposing their phone number. Telegram accounts can be deleted at any time and they are deleted automatically after six months of inactivity by default, which can optionally be changed to 1 month and 12 months. Users can replace exact "last seen" timestamps with broader messages such as "last seen recently".

The default method of authentication that Telegram uses for logins is SMS-based single-factor authentication. All that is needed in order to log into an account and gain access to that user's cloud-based messages is a one-time passcode that is sent via SMS to the user's phone number. These login SMS messages are known to have been intercepted in Iran, Russia and Germany, possibly in coordination with phone companies. Pavel Durov has said that Telegram users in "troubled countries" should enable two-factor authentication by creating passwords, which Telegram allows, but does not require.

Cloud-based messages

Telegram's default messages are cloud-based and can be accessed on any of the user's connected devices. Users can share photos, videos, audio messages and other files (up to 1.5 gigabyte in size). Users can send messages to other users individually or to groups of up to 100,000 members. Sent messages can be edited and deleted on both sides within 48 hours after they have been sent. This gives user an ability to correct typos and retract messages that were sent by mistake. The transmission of messages to Telegram Messenger LLP's servers is encrypted with the service's MTProto protocol. According to Telegram's privacy policy, "all data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions. This way local engineers or physical intruders cannot get access to user data". This makes the messages' security roughly comparable to that of e-mail. Here, most providers employ client-server encryption as well, however usually with the standardized protocol Transport Layer Security. E-mails may or may not be encrypted on the servers. Telegram cloud messages and media remain on the servers at least until deleted by all participants.

Bots

In June 2015, Telegram launched a platform for third-party developers to create bots. Bots are Telegram accounts operated by programs. They can respond to messages or mentions, can be invited into groups and can be integrated into other programs. It also accepts online payments with credit cards and Apple Pay. Dutch website Tweakers reported that an invited bot can potentially read all group messages when the bot controller changes the access settings silently at a later point in time. Telegram pointed out that it considered implementing a feature that would announce such a status change within the relevant group. Also there are inline bots, which can be used from any chat screen. In order to activate an inline bot, user needs to type in the message field a bot's username and query. The bot then will offer its content. User can choose from that content and send it within a chat.

Channels

Channels can be created for broadcasting messages to an unlimited number of subscribers. Channels can be publicly available with an alias and a permanent URL so anyone can join. Users who join a channel can see the entire message history. Each message has its own view counter, showing how many users have seen this message. Users can join and leave channels at any time. Furthermore, users can mute a channel, meaning that the user will still receive messages, but won't be notified.

Stickers

Stickers are cloud-based, high-definition images intended to provide more expressive emoji. When typing in an emoji, the user is offered to send the respective sticker instead. Stickers come in collections called "sets", and multiple stickers can be offered for one emoji. Telegram comes with one default sticker set, but users can install additional sticker sets provided by third-party contributors. Sticker sets installed from one client become automatically available to all other clients. Sticker images use WebP file format, which is better optimized to be transmitted over internet.

Drafts

Drafts are unfinished messages synced across user devices. One can start typing a message on one device and continue on another. The draft will persist in editing area on any device until it is sent or removed.

Secret chats

Messages can also be sent with client-to-client encryption in so-called secret chats. These messages are encrypted with the service's MTProto protocol. Unlike Telegram's cloud-based messages, messages sent within a secret chat can be accessed only on the device upon which the secret chat was initiated and the device upon which the secret chat was accepted; they cannot be accessed on other devices. Messages sent within secret chats can, in principle, be deleted at any time and can optionally self-destruct.

Secret chats have to be initiated and accepted by an invitation, upon which the encryption keys for the session are exchanged. Users in a secret chat can verify that no man-in-the-middle attack has occurred by comparing pictures that visualize their public key fingerprints.

According to Telegram, secret chats have supported perfect forward secrecy since December 2014. Encryption keys are periodically changed after a key has been used more than 100 times or has been in use for more than a week. Old encryption keys are destroyed.

Windows and Linux users are still not able to use secret chats using the official Telegram Desktop app while the official macOS-only client supports them.

Secret chats are not available for groups or channels.

Telegram's local message database is not encrypted by default. Some Telegram clients allow users to encrypt the local message database by setting a passphrase.

Voice calls

In the end of March 2017, Telegram introduced its own voice calls. The calls are built upon the end-to-end encryption of Secret Chats. Connection is established as peer-to-peer whenever possible, otherwise the closest server to the client is used. According to Telegram, there is a neural network working to learn various technical parameters about call to provide better quality of the service for future uses. After a brief initial trial in Western Europe, voice calls are now available for use in most countries.

Telescope (video messages)

Since version 4.0, released in May 2017, Telegram offers a dedicated video hosting platform called Telescope. The round videos can be up to one minute long and autoplay. When posted in a public channel on Telegram, the videos are also uploaded to and viewable without an account at telesco.pe. However, Telegram video messages and "Telescope" videos sent within non-public chats or groups are not published.

Live locations

For either 15 minutes, one hour, or eight hours, Telegram users can share their live location in a chat since version 4.4 released in October 2017. If multiple users share their live location within a group, they are shown on an interactive map. Sharing the 'live location' can be stopped at any time.

Social login

In February 2018, Telegram launched their social login feature to its users, named as Telegram Login. It features a website widget that could be embedded into websites, allowing users to sign into a third party website with their Telegram account. The gateway sends users' Telegram name, username, and profile picture to the website owner, while users' phone number remains hidden. The gateway is integrated with a bot, which is linked with the developer's specific website domain.

Passport

In July 2018, Telegram introduced their online authorisation and identity management system, Telegram Passport, for platforms that requires real-life identification. It asks users to upload their own official documents such as passport, identity card, driver license, etc. When an online service requires such identification documents and verification, it forwards the information to the platform with the user's permission. Telegram stated that it does not have access to the data, while the platform will only share the information to the authorised recipient. However, the service was criticised for being vulnerable to online brute force attacks.


Kharkov Ukraine April 2018 Mobile Phone Telegram App Screen ...
src: st3.depositphotos.com


Architecture

Encryption scheme

Telegram uses a symmetric encryption scheme called MTProto. The protocol was developed by Nikolai Durov and other developers at Telegram and is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption and Diffie-Hellman key exchange.

Servers

Telegram Messenger LLP has servers in a number of countries throughout the world to improve the response time of their service. Telegram's server-side software is closed-source and proprietary. Pavel Durov has said that it would require a major architectural redesign of the server-side software to connect independent servers to the Telegram cloud.

Client apps

Telegram has various client apps, some developed by Telegram Messenger LLP and some by the community. Most of them are free and open-source and released under the GNU General Public Licence version 2 or 3.

Common specifications:

  • No cloud backup option for secret chat

Users can also access Telegram's cloud-based messages via an official JavaScript web browser interface called Telegram Web (aka Webogram). Users can share images, files and emojis with previously-added contacts; this works in most modern browsers, such as Firefox, Safari, and Google Chrome.

APIs

Telegram has public APIs with which developers can access the same functionality as Telegram's official apps to build their own messaging applications. In February 2015, creators of the unofficial Whatsapp+ client released the Telegram Plus app, later renamed to Plus Messenger, after their original project got a cease-and-desist order from WhatsApp. In September 2015, Samsung released a messaging application based on these APIs.

Telegram also offers an API that allows developers to create bots, which are accounts controlled by programs. In February 2016, Forbes launched an AI-powered news bot that pushes popular stories to subscribers and replies to search queries with relevant articles. TechCrunch launched a similar bot in March 2016.


Death of the Telegraph service: The last telegram ever! - YouTube
src: i.ytimg.com


Reception

Security

Cryptography experts have expressed both doubts and criticisms on Telegram's MTProto encryption scheme, saying that deploying home-brewed and unproven cryptography may render the encryption vulnerable to bugs that potentially undermine its security, due to a lack of scrutiny. It has also been suggested that Telegram did not employ developers with sufficient expertise or credibility in this field.

Critics have also disputed claims by Telegram that it is "more secure than mass market messengers like WhatsApp and Line", because WhatsApp applies end-to-end encryption to all of its traffic by default and uses the Signal Protocol, which has been "reviewed and endorsed by leading security experts", while Telegram does neither and insecurely stores all messages, media and contacts in their cloud. Since July 2016, Line has also applied end-to-end encryption to all of its messages by default.

On 26 February 2014, the German consumer organization Stiftung Warentest evaluated several data-protection aspects of Telegram, along with other popular instant-messaging clients. Among the aspects considered were: the security of the data transmission, the service's terms of use, the accessibility of the source code and the distribution of the app. Telegram was rated 'critical' (kritisch) overall. The organization was favorable to Telegram's secure chats and partially open source code, but criticized the mandatory transfer of contact data to Telegram's servers and the lack of an imprint or address on the service's website. It noted that while the message data is encrypted on the device, it could not analyse the transmission due to a lack of source code.

The Electronic Frontier Foundation (EFF) listed Telegram on its "Secure Messaging Scorecard" in February 2015. Telegram's default chat function received a score of 4 out of 7 points on the scorecard. It received points for having communications encrypted in transit, having its code open to independent review, having the security design properly documented, and having completed a recent independent security audit. Telegram's default chat function missed points because the communications were not encrypted with keys the provider didn't have access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen. Telegram's optional secret chat function, which provides end-to-end encryption, received a score of 7 out of 7 points on the scorecard. The EFF said that the results "should not be read as endorsements of individual tools or guarantees of their security", and that they were merely indications that the projects were "on the right track".

In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto does not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. The researchers stressed that the attack was of a theoretical nature and they "did not see any way of turning the attack into a full plaintext-recovery attack". Nevertheless, they said they saw "no reason why [Telegram] should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist". The Telegram team responded that the flaw does not affect message security and that "a future patch would address the concern". Telegram 4.6, released in December 2017, supports MTProto 2.0, which Telegram claims now satisfied the conditions for IND-CCA.

In April 2016, accounts of several Russian opposition members were hijacked by intercepting the SMS messages used for login authorization. In response, Telegram recommended using the optional two-factor authentication feature. In May 2016, the Committee to Protect Journalists and Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, recommended against using Telegram because of "its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green".

In June 2017, Pavel Durov claimed publicly that U.S. intelligence agencies tried to bribe the company's developers to weaken Telegram's encryption or install a backdoor during their visit to the U.S. in 2016.

Cryptography contests

Telegram has organized two cryptography contests to challenge its own security. Third parties were asked to break the service's cryptography and disclose the information contained within a secret chat between two computer-controlled users. A reward of respectively US$200,000 and US$300,000 was offered. Both of these contests expired with no winners. Security researcher Moxie Marlinspike and commenters on Hacker News criticized the first contest for being rigged or framed in Telegram's favor and said that Telegram's statements on the value of these contests as proof of the cryptography's quality are misleading.

Censorship

Telegram was open and working in Iran without any VPN or other circumvention methods in May 2015. In August 2015, the Iranian Ministry of ICT asserted that Telegram had agreed to restrict some of its bots and sticker packs in Iran at the request of the Iranian government. According to an article published on Global Voices, these features were being used by Iranians to "share satirical comments about the Iranian government". The article also noted that "some users are concerned that Telegram's willingness to comply with Iranian government requests might mean future complicity with other Iranian government censorship, or even allow government access to Telegram's data on Iranian users". Telegram has stated that all Telegram chats are private territory and that they do not process any requests related to them. Only requests regarding public content (bots and sticker packs) will be processed. In May 2016, the Iranian government asked all messaging apps, including Telegram, to move all Iranian users' data to Iranian servers. On 20 April 2017, the Iranian government completely blocked Telegram's new voice calls, a service that allows individuals to make calls via secure, end-to-end encryption, and keep their conversations private.

In July 2015, it was reported that China blocked access to Telegram Messenger. According to state-owned People's Daily, Chinese human rights lawyers used Telegram to criticize the Chinese Government and the Communist Party of China.

In June 2016, it was found that some ISPs in Bahrain had started to block Telegram. In June 2017 the service faced serious pressure from Russian regulator Roscomnadzor, who tried to force Telegram to register in the official telecommunication services registry, which implies serious liability for a registered party. After week-long negotiations and seeming imminent blockage of the service, the conflict ceased after high officials pulled some strings with the regulator. On 14 July 2017, eleven domain name servers related to Telegram were banned by the Indonesian Communication and Information Ministry with the possibility of closing all Telegram applications in Indonesia if Telegram did not make a standard operating procedure to maintain content that was considered unlawful in the apps. In August 2017, Indonesian Government has opened full access of Telegram, after Telegram has made self censorship about negative contents mainly radicalism and terrorism. Telegram said that about 10 channels/groups have been deleted from Telegram everyday due to are categorized as negative contents.

In October 2017, Telegram was inaccessible to users in Pakistan, and as of 17 November 2017, it has been completely blocked as per instructions from PTA, Pakistan's largest ISP, PTCL mentioned this in a tweet to a user.

On December 30, 2017, during anti-government demonstrations across Iran, Telegram has shut down a channel of the Iranian opposition that published calls to use Molotov cocktails against the police, after receiving a complaint from the Iranian government. Pavel Durov explained that the reason for the blocking was a "no calls to violence" policy and confirmed that criticizing local authorities, challenging the status quo and engaging in political debate were seen as "OK" by the platform, while "promoting violence" was not. The opposition group promised to comply with Telegram rules and created a new channel which amassed 700,000 subscribers in less than 24 hours. On December, 31, the Iranian government announced that Telegram has been "temporarily restricted" in order to "ensure calm and security" after the company said it refused to shut down peaceful protesting channels. On January, 13, the app was unblocked by an order of the president Hassan Rouhani, who said that "more than 100,000 jobs had been lost" in Iran as a result of the ban on Telegram. Channels of the opposition remain operational.

In March 2018, Iran's chairman for the Committee for Foreign policy and National Security Alaeddin Boroujerdi announced that Telegram has been targeted to be fully blocked in Iran by 20 April 2018, citing Telegram's role in facilitating the winter protests and the need to promote local apps. President Rouhani agreed with the need to break Telegram's monopoly in Iran, but maintained that he was opposed to a new blockade and did not see it as an effective measure to promote local apps. Iranian MP Mahmoud Sadeghi noted that during the two weeks that Telegram was blocked in January 2018, 30 million Iranians (75% of Telegram's users in Iran) did not start using local messaging apps, but instead turned to VPN services to circumvent the block, rendering the blockade ineffective.

On 13 April 2018, Telegram was banned in Russia by a Moscow court, due to its refusal to grant the Federal Security Service (FSB) access to encryption keys needed to view user communications as required by federal anti-terrorism law. The ban has been enforced using by blocking over 19 million IP addresses associated with the service. They include many used by Amazon Web Services and Google Cloud Platform, due to Telegram's use of the providers to route messages. However, this led to unintended collateral damage due to usage of the platforms by other services in the country, including retail, Mastercard SecureCode, and Mail.ru's Tamtam messaging service. Users ended up needing to use VPN to access the service as a result of the internet censorship. In 17 April 2018, Russia asked App Store, Play Store and APKMirror to pull Telegram from stores. App Store and Play Store refused the request of Russian government.

On 28 March 2018, Roskomnadzor reportedly sent a legally binding letter to Apple asking it to remove the app from its Russian App Store and block it from sending push notifications to local users who have already downloaded the app.

Use by terrorists

In September 2015, in response to a question about the use of Telegram by Islamic State of Iraq and the Levant (ISIS), Pavel Durov stated: "I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism." Durov sarcastically suggested to ban words because terrorists use them for communication. ISIS recommended Telegram to its supporters and members and in October 2015 they were able to double the number of followers of their official channel to 9,000. In November 2015, Telegram announced that it had blocked 78 public channels operated by ISIS for spreading propaganda and mass communication. Telegram stated that it would block public channels and bots that are related to terrorism, but it would not honor "politically-motivated censorship" based on "local restrictions on freedom of speech" and that it allowed "peaceful expression of alternative opinions." Telegram's usage for ISIS propaganda reignited the encryption debate and encrypted messaging applications faced new scrutiny. It also led to tabloids labeling Telegram as a "jihadi messaging app".

In August 2016, French anti-terrorism investigators asserted that the two ISIS-directed Jihadists who fatally cut the throat of a priest in Saint-Étienne-du-Rouvray in Normandy, France, and videoed the murder, had communicated via Telegram and "used the app to coordinate their plans for the attack". ISIS's media wing subsequently posted a video on Telegram, showing the pair pledging allegiance. A CNN news report stated that Telegram had "become known as a preferred means of communication for the terror group ISIS and was used by the ISIS cell that plotted the Paris terror attacks in November".

In June 2017, the Russian communications regulator Roscomnadzor hinted at the possibility of blocking Telegram in Russia due to its usage by terrorists.

In July 2017, Director General of Application and Informatics of the Indonesian Ministry of Communication and Informatics, Semuel Abrijani Pangerapan, said eleven Telegram DNS servers were blocked because many channels in the service promoted radicalism, terrorism, hatred, bomb assembly, civil attack, disturbing images, and other propaganda contrary to Indonesian laws and regulations. In August 2017, Indonesia lifted the block after countermeasures against negative content were deployed in association with Telegram LLP.


Kharkov Ukraine April 2018 Mobile Phone Telegram App Screen ...
src: st3.depositphotos.com


See also

  • Comparison of instant messaging clients
  • Internet privacy
  • List of virtual communities with more than 100 million active users
  • Secure instant messaging

iTelegram (@itelegram) | Twitter
src: pbs.twimg.com


References


Russia's Supreme Court rejects Telegram complaint about Federal ...
src: russophile.org


Further reading


KHARKOV, UKRAINE - APRIL 30, 2018: A Mobile Phone With The ...
src: previews.123rf.com


External links

Media related to Telegram Messenger at Wikimedia Commons

  • Official website
  • Even as Bitcoin Languishes, Telegram Raises $1.7 Billion Ahead of Largest ICO Ever Fortune Magazine, Lucinda Shen, March 30, 2018

Source of article : Wikipedia