I have been using Telegram for over five years now. It has been a treasure trove of features and is one of the most incredible chat applications.
Arguably, one of the most common refrains I have heard from Twitter influencers is that Telegram isn’t “secure”. It would be impossible to delve into several encryption protocols or even do a formal analysis in this blog. However, I’d start with the obvious- way to avoid mainstream social media networks and shift to Telegram as a private alternative.
Most publications online use the words anonymous, secure and private interchangeably. I think before we start off, it would be worthwhile to understand them in the proper context based on a “threat-model”. It starts with the assumption that you have something vital to share with another individual or with the public, and if you are exposed, there would be repercussions.
- Anonymously– No one would know who released the information. There is no way to know your identity.
- Security- The medium that you use to share information, has “encryption layer” that would make it difficult, if not impossible for anyone to “snoop” on.
- Private– The information, when shared with others remains between them. Privacy is used for doctor-patient interaction or delivering some information to the family members.
The following graphic represents these ideas crudely:
As an oncologist, your threat model would veer towards anonymity if you are keen to expose systemic wrongdoings at your workplace, for example. However, this is an extreme example and only illustrative.
We need a secure and “private” alternative instead.
How is security ensured? It is done through encryption. Without making it too technical, encryption is a mathematical software code which ensures the integrity of messages and that recipient is assured that the contents have not been tampered with.
It involves the use of “software lock and key”. The lock stays with the user while the key stays with the entity which issues the lock. I agree it is a very crude way to explain, but as a lay user, I am assuming it would suffice.
Therefore, the central lock assumes an importance which is again based on your threat model. If you trust the entity to ensure the integrity of lock and key, that should suffice for the majority of use case scenarios.
The problem is that mainstream companies that issue both lock and the key also have massive advertising networks for behavioural targeting. I’ll come to that in a moment.
These entities are not a problem for the majority of users, but the lock and key combination can be mined for government requests. However, Telegram distributes the key to several servers and assuming one server is nabbed to know the identity of the user, it would be incomplete without the other part of the key in some different geographic location.
Therefore, Telegram is both resilient and scalable, and this is one of the most fascinating aspects of its architecture. A crude way to explain the concept above is as follows:
What is the problem with behavioural advertising? It is targeted based on a person’s perceived sexual orientation, level of depression, income levels or your social interaction with others.
Facebook didn’t buy WhatsApp for its technology; it ponied up $22 billion to understand and mine social interaction as it was popular as a text message replacement. The data is so valuable to technology companies because if this collection of information is restricted, their massive valuations will vanish in thin air in no time.
It is good to interact on Twitter, for example, but its invisible algorithm decides which posts you are likely to see. Social validation in terms of “followers”/ re-tweets or “likes” on the post are only superfluous puff markers.
In my personal opinion, Twitter (and other social media) is a time suck that thrives on propagating negativity to drive up attention span, run targeted behavioural advertising and mine profits from your social graph (as it surreptitiously prompts you to enter your phone numbers).
Telegram remains both “secure” and “private”, and I am comfortable enough to get my family to use it. We have our private channel to post pictures of family vacations and a space to share common concerns. Telegram doesn’t have a stated model to “profit” from the social graph of its end users.
A random Google search for Telegram would alarm anyone- “security breaches”, “Russian developers” and association with “Iran”. First- there has been no “breach”- my data is as secure as any other reliable online service. Second, as stated in their FAQ’s, the owner had differences with the authorities in Russia and left the country. Third, it is the most popular mode of communication in Iran as it remains uncensored source. There have been attempts to steal credentials through falsified and fraudulent SMS verifications, but Telegram encourages every user to set up two-factor authentication (a password and an optional email address for confirmation).
I am not affiliated with Telegram, but this blog post was written to assuage concerns of Radiation Oncology community. I have been personally enriched with the interaction of peers and colleagues across the globe that helps me to share files/ multimedia content and speak to them, if necessary.
If you plan to join an exciting platform, I’d suggest that you explore the privacy settings first- without your permission, it would be impossible to add you in groups or call you or even see your online status.
I plan to make a screencast to assist other users and drive through the key features in a later post. Welcome aboard!