Telegram, the encrypted messaging app loved by terrorists, has been in the news lately. Terrorists have long used existing commercial and public communications infrastructure to send commands and plan operations. This is nothing new. What is causing so much distress is that Telegram provides a secret chat feature that is end to end encrypted.

Encryption, whats in a name?

There are problems with this encryption, but it hasn’t been publicly broken. I’m not a crypto guy so I don’t know the details, however I’ll just quote Dr Matthew Green “Like seriously. Wtf is even going on here.” On the other hand, some serious cryptographers did try to win the $300,000 prize from Telegram for breaking the crypto and failed. So it isn’t obviously broken.

Personally, I wouldn’t trust the encryption protection in Telegram against a nation state adversary.

Candygram for Mr NSA

Even if Telegram’s encryption is solid, there are serious problems with the safe operational use of the program.

Linked Identifiers

Telegram requires a working phone number to register, and then uses this as the primary identifier for the account. Users will make security mistakes and register with their personal mobile numbers:

Shumukh thread dump. Bros signs up for Telegram with own phone #. Others tell how to fix his “security catastrophe” http://pastebin.com/9QApJEKn

Source: @switch_d

Error Prone Defaults

Messages are not end to end encrypted by default. There is no way to opportunistically encrypt an existing session. Instead users must get select a “New Secret Chat” and then start chatting. This is error prone. The most likely case is that people will make the mistake of clicking on the contact they wish to speak to rather than going through the multi step process of setting up a “Secret Chat.” Tools that allow for mistakes encourate operational errors. If it is possible, it will happen.

Contact Theft

When registering an account with Telegram, the app helpfully uploads the entire Contacts database to Telegram’s servers (optional on iOS). This allows Telegram to build a huge social network map of all the users and how they know each other. It is extremely difficult to remain anonymous while using Telegram because the social network of everyone you communicate with is known to them (and whomever has pwned their servers).

Contact books are extremely valuable information. We know that the NSA went to great lengths to steal them from instant messenger services. On mobile the contact lists are even more important because they are very frequently linked to real world identities.

Voluminous Metadata

Anything using a mobile phone exposes a wide range of metadata. In addition to all the notification flows through Apple and Google’s messaging services, there is the IP traffic flows to/from those servers, and the data on the Telegram servers. If I were a gambling man, I’d bet those servers have been compromised by nation state intelligence services and all that data is being dumped regularly.

This metadata would expose who talked with who, at what time, where they were located (via IP address), how much was said, etc. There is a huge amount of information in those flows that would more than compensate for lacking access to the content (even if, big assumption, the crypto is solid).

Safe Operational Telegram Use

The safest way to use Telegram would be not to. However, if you have no other choice, the best approach would be to use a clean burner phone to communicate with another clean burner phone. Change them regularly.

That good, huh?

In summary, Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger.

For a messenger with better encryption and security, use Signal. For better encryption and a yearly subscription, then use Silent Circle. For better encryption (probably) and an unlinked identity, use Threema. For an identical interface with better encryption (including soon on iOS) use WhatsApp (no, don’t use WhatsApp it has problems too, use Signal.)

In short, for better protection, use anything else.