Why Isn’t Telegram End-to-End Encrypted by Default?
Pavel DurovI've been getting this question more often this year. It's based on the wrong assumption that some other popular messaging apps such as WhatsApp are "end-to-end encrypted by default", while Telegram is not. This post is intended to disprove this myth that has been so carefully crafted by Facebook/WhatsApp marketing efforts. Let’s start from the basics.
How Popular Messaging Apps Handle Backups
Every popular messaging app offers its users some way to back up their messages to prevent data loss. Messaging apps that ignore backups (such as Wickr/Signal/Confide) never reach mass audience and remain niche. I’ll describe their approach in detail later in this post.
As for popular apps such as WhatsApp, Viber and Line, they rely on Apple iCloud and Google Drive to store their users' message history and prevent data loss in case their users lose their smartphones. These backups are not e2e-encrypted and get decrypted whenever the user buys a new phone and restores their WhatsApp/Viber/Line message history. While it may seem that you, as a user, have the freedom to opt out of these backups, in reality there’s little room for choice: even if you opt out (which is unusual and sometimes tricky), people you chat with most likely won’t.
This creates a situation when messages you send and receive end up not e2e-encrypted in the cloud without you even realizing it. You have zero transparency on what is really e2e-encrypted and what is backed up. You rely on e2e encryption and trust the “no third party can access my messages” mantra, but your private data is in fact vulnerable to hackers and governments that can get access to it via the cloud storage. If you think this is a minor threat, think again: according to stats WhatsApp shared during Google IO last year, most of the “e2e-encrypted” chats on WhatsApp eventually get backed up and stored in the cloud, not e2e-encrypted.
WhatsApp's approach has other architectural drawbacks that invalidate end-to-end encryption for 99% of private conversations, but in this post I’ll focus mainly on backups for simplicity.
How Niche Messaging Apps Handle Backups
The Signal/Wickr/Confide approach is more secure as chats never get backed up. This looks neat, but two problems arise when you restrict your users this way:
1) Users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular. Obviously, there are also other reasons at play why niche apps remain niche, but an average user is unlikely to download a separate app if the same functionality already exists in a mainstream app she's using (such as Secret Chats in Telegram or their copycat versions in Viber or Facebook Messenger, which also provide e2ee and don’t get backed up).
2) Consequence of (1) – people using these apps can be targeted by governments as those who have something to hide. Due to the limited distribution of such apps, the government can identify and track individuals whose phones connect to the corresponding IP addresses. This is something that is already happening in case of tools like Tor, and, to a lesser extent, of some messaging apps. Yasha Levine is publishing a brilliant investigation about it.
The Telegram Way
Back in 2013, when we were launching Telegram, we carefully considered both approaches. We knew we didn’t want to violate our users’ privacy by shifting the responsibility for their data to third-party backups like WhatsApp or Viber do. Neither did we want to deprive our users of functionality that they enjoyed in other apps and doom Telegram to join the ranks of niche apps.
So after some research we decided to introduce 2 kinds of chats – Secret chats and Cloud chats.
Secret chats are e2e-encrypted chats that never under any circumstances get backed up. Cloud chats are encrypted in the same way, but also have a built-in cloud backup. Cloud chats are designed for the majority of users – the majority that in another app like WhatsApp would rely on less secure third-party backup storage. Unlike what you have in niche apps, the traffic between cloud chat users and secret chat users on Telegram is mixed (the encryption is the same in both cases, but in cloud chats our servers do have access to the encryption key), so individuals can not be singled out and targeted based on the fact that they use secret chats and thus have something to hide.
4 Reasons Why The Telegram Way Makes More Sense
There are four main reasons why we decided to use two types of chats as opposed to having one type of chats like older apps such as WhatsApp:
1) Unlike WhatsApp, we don’t give out our users’ data to third parties via backups. Instead, we rely on our own distributed cross-jurisdictional encrypted cloud storage which we believe is much more protected than what megacorporations like Google and Apple can offer. To give you an idea about this difference: while Telegram has disclosed no private data to third-parties from its cloud so far, this year alone Apple satisfied 80% of data requests from the Chinese (!) government (and is even building a data-center for private iCloud data in China).
2) Unlike WhatsApp, we can allow our users to access their Telegram message history from several devices at once thanks to our built-in instant cloud sync. Thus we can provide easy and consistent UX on macs, PCs, iPads and even linux servers.
3) Unlike on WhatsApp, on Telegram you don’t have to store your entire message history on your phone all the time – you can always download older messages and media on demand when you need them. This saves a lot of disk space and memory, which is particularly important for our users in the developing markets. On Telegram, shortage of local storage never leads to data loss.
4) Unlike WhatsApp, Telegram is able to provide its users with advanced functionality, such as persistent group chats with up to 10,000 members or channels with no limit on max size. These technologies can not be implemented within the “e2ee+third-party backups” paradigm. Our roadmap is filled with features that are impossible to build on a obsolete architecture like WhatsApp's that has to rely on third-party backups instead of relying on its own built-in cloud accessible in real-time.
These are the reasons why we, ultimately, decided to go with the “two kinds of chats” approach, which is more secure (Telegram cloud is better protected than Apple/Google storage), more transparent (you can actually see which of your e2e-encrypted messages go to the cloud and which don’t) and more feature-rich (we can implement features that I mentioned above and many more in the future). We believe our “two kinds of chats” approach makes more sense in the long run, which is why it has since been copied by Kakao (2014), Line (2015), and last year by Google Allo and Facebook Messenger. These companies did their own research that proved that the Telegram way is more scalable, secure and transparent.
So Why Do People Ask This Question?
I think the myth about Telegram being less secure than WhatsApp originated in a misleading 2016 article by Gizmodo (“Why you should never use Telegram”) which claimed a lot of things that are not true. A member of our team wrote an extensive review of that article exposing some of the misconceptions that I’ve also described in this post.
Every year Facebook – the company that owns WhatsApp – spends millions of dollars on marketing, influencing journalists and bloggers. By contrast, Telegram has spent zero dollars on marketing since we started in 2013. Nevertheless, every day at least half a million new users sign up for Telegram, and Telegram's organic annual growth rate exceeds 50%. We owe this growth only to you – our users and the Telegram community.
I hope this post gives an idea about how Telegram works and why we believe our architecture makes more sense than that of the older apps.