Since the WhatsApp policy update, Signal and Telegram have seen a massive shift of userbase. In fact, several Indians, too, have moved to Signal and Telegram after WhatsApp started asking users to accept a controversial new privacy policy. But these apps have not been out of controversies. There have been conflicting reports on how Telegram isn't providing end-to-end encryption (a very basic feature in all other messenger apps). Thus, Pavel Durov shares some facts about Telegram and the ongoing discussions on user data privacy.
On encryption vs. usability when using Secret Chats vs Cloud Chats
“Telegram's real-time secure cloud is a feature the majority of our users want. It is one of the competitive advantages of Telegram. It allows for seamless multi-device sync with access to past chat history, huge group chats and channels, persistent message history, sending large documents and videos, instant media forwarding without re-upload, minimizing storage usage on your phone, never losing your messages even if you lose your phone - and many other great features which decrease bandwidth, battery and storage usage.
The minority which doesn't want any of that and wants to maximize security at the expense of usability is welcome to use Secret Chats on Telegram - or install any of the apps that only have Secret Chats and nothing on top. But we are not going to cripple Telegram by throwing away dozens of its great features for some folks misled by marketing tricks from our competitors. Or for people too lazy to start Secret Chats when they think they need them”
How is Telegram maximizing the security of communications?
“Secret Chats are stored only on one device. Backups and sync of any kind decrease security, because any of the end-points can be compromised. Super-secure communication should always be device-specific. Ideally, you should have a burner phone with a SIM card registered to a random person and use it only from locations you rarely go with your normal phone, and - of course - without logging into your real Google/Apple account.
Everything else is an illusion of security because both iOS and Android have plenty of backdoors. Some three-letter agencies can hack into your phone and access your private data. This is the world we are living in, unfortunately.”
Why Isn’t Telegram End-to-End Encrypted by-default?
Back in 2013, when we were launching Telegram, we carefully considered both approaches. We knew we didn’t want to violate our users’ privacy by shifting the responsibility for their data to third-party backups. Neither did we want to deprive our users of functionality that they enjoyed in other apps and doom Telegram to join the ranks of niche apps. So after some research, we decided to introduce 2 kinds of chats – Secret chats and Cloud chats.
Here's the founder explaining it all.
On a privacy-conscious upcoming ad-platform
“We will never force you to view 30-second ads on Telegram. If we ever introduce ads, the ads will be shown only in large one-to-many channels which are expensive to run due to server and traffic costs (like my channel @durov) and not targeted based on any private data (unlike Facebook). So, no collecting private data, no user profiling etc. And if you don't use our one-to-many channels (which are non-existent in all other messaging apps), you won't see a single ad.”
On US-based encrypted apps
“I don't see how someone can compare these two apps. Telegram is a feature-rich social media platform that you can use to stay free from the Facebook-WhatsApp monopoly. Signal represents one feature of Telegram, which is Secret Chats. If you think you need a separate app for that feature only, installing it might make sense for you. Personally, though, I find Secret Chats much more usable - and secure. After PRISM I have trouble trusting anything US-based, let alone cryptographers funded by the US government.”