Remix.run Logo
amima 5 hours ago

They do not claim that. They do claim that they store specifically encryption keys in several data centers in different jurisdictions. Here is the exact quote: "All data is stored heavily encrypted and the encryption keys in each case are stored in several other data centers in different jurisdictions". So only keys are distributed.

hkpack 5 hours ago | parent [-]

What does heavily encrypted even mean? Fully encrypted? Slightly encrypted? Encrypted enough to call it “heavily encrypted” but not enough to be protected from whoever is interested?

dakolli 4 hours ago | parent | next [-]

telegram is the safest encrypted messaging app. Period, full stop.

maqp 4 hours ago | parent [-]

>telegram is the safest encrypted messaging app. Period, full stop.

Yes, let's see

* Not end-to-end encrypted by default

* No end-to-end encrypted groups

* No end-to-end encryption on any desktop client by the vendor, forcing cross-platform users to drop secret chats. This includes 81% of working age people who sit on their computer during work day, and 100% of college students and IT workers.

* No post-quantum key exchange

* No future secrecy

* No per-message forward secrecy

* Bullshit claims about distributed keys https://security.stackexchange.com/questions/238562/how-does...

* Lacks ALL metadata protection from server like phone number, IP-address and thus geolocation, contact list, group memberships, quantity and schedule of communication, data types. In fact --

* Secret chats leak additional metadata about intent to hide content from TG as the vendor.

Also,

History of poor encryption implementation

* 2013: A cracking contest https://news.ycombinator.com/item?id=6932648

* 2013: Telegram, AKA "Stand back, we have Math PhDs!" http://unhandledexpression.com:8081/crypto/general/security/...

* 2015: IND-CCA issues https://eprint.iacr.org/2015/1177.pdf,

* 2015 64-bit complexity MITM attack https://web.archive.org/web/20160425091011/http://www.alexra...

* 2021 Valsorda "The Most Backdoor-Looking Bug I've Ever Seen" https://words.filippo.io/telegram-ecdh/,

* 2021 https://mtpsym.github.io/ and https://mtpsym.github.io/paper.pdf

Some analysis:

* 2025 Matthew Green analysis https://blog.cryptographyengineering.com/2024/08/25/telegram...

* 2025 "Telegram is indistinguishable from an FSB honeypot" https://rys.io/en/179.html

Also,

They employ volunteering sockpuppets https://tsf.telegram.org/

Durov who supposedly lives in exile has visited Russia over 50 times https://eutoday.net/pavel-durovs-secret-visits-to-russia/

I can't scream "drop & run" loud enough.

dakolli 3 hours ago | parent [-]

Telegram has nothing to do with Russia, other than having a Russian founder, and the Ukrainian military has literally relied upon it in the past, along with many Ukrainian civic services. You people are just racist towards Russians and need help.

Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.

This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.

I love how the author of your honeypot blog post has nothing concrete other than potential attack vectors and is like "Well this is obviously a Russian honeypot" with no evidence what so ever other than a claim that there are plain text device identifiers, which is something the FSB would do. [insert clown emoji]. You can do similar attacks on signal and whatsapp.. Why is it that the Russian one bothers you so much?

maqp 3 hours ago | parent | next [-]

>Ukrainian military has literally relied upon it in the past

Well they realized their mistake and banned Telegram's use on state issued devices in 2024 https://www.bbc.com/news/articles/c78dwepw95do

I'm not going to speak for the author of that article. But I agree with his conclusion. Telegram is indistinguishable from a honeypot.

In the world of infosec, stuff isn't secure until someone proves you wrong (which you reject assuming racism). Stuff is secure when you prove it's secure.

Practically every major secure messaging app vendor has proven they can not be a honeypot, by end-to-end encrypting their communications, offering open source clients with public key fingerprints to verify that end-to-end encryption is working correctly.

Telegram hasn't done that. Telegram's lack of end-to-end encryption, paired with zero effort for metadata protection (not even stuff like sealed sender) shows they don't give a damn about actual security.

But what they do is also what an FSB op would do.

* It would advertise "heavily encrypted" and bash WhatsApp day after day convincing average Janes and Joes about it being really really secure, and confuse readers who take a closer look, with claims of all chats using MTProto but also calling both client-server and end-to-end encryption protocols MTProto.

* It would construct a narrative that the face of the app is a rebel dissident in exile.

* It would be banned temporarily or poorly

* It's role would be obfuscated by releasing an obviously backdoored app like Max, to make Telegram seem safe compared to it. Like Russian intelligence really believed they could use Max to monitor Russian dissidents. FSB isn't dumb. Russian military deception is world famous. https://en.wikipedia.org/wiki/Russian_military_deception

The backdoor sits in the fact nothing is end-to-end encrypted, groups can't be E2EE, but troll army can still defend it, claiming it does have 1:1 E2EE if you want. Yes, it does, if you really want the highest friction UX possible. People try and drop secret chats when they want to be able to alt-tab into the conversation instead of digging into their phones 100 times a day. This backdoor is ingenious because the users can only blame themselves when their 1:1 messages end up to the server.

A good messaging app creator knows this, so they make E2EE default so that users don't encounter such friction. E.g. Signal allows you to have E2EE 1:1 and group chats between all of your devices. That's what proper privacy by design looks like. Would Telegram do that, they would've proven they stand for their users, and I'd actually recommend them.

Data is a toxic asset. Even if Telegram isn't a honeypot, it's a massive data collecting apparatus, that has all that data sit on its servers, from which the hacking team of any major intelligence agency can access it en mass. That's the life of 1B users worldwide. So ultimately, it doesn't even matter if Telegram is a honeypot, it's equally usable to https://en.wikipedia.org/wiki/Fancy_Bear or NSA TAO or whoever.

Also, https://dfrlab.org/2018/02/15/putinatwar-how-russia-weaponiz... shows Russian troll army is using russophobia as a narrative online.

This isn't about hating on Russians. This is about Durov not passing the minimum bar of what modern secure communication is about.

You've so far claimed telegram is the best with nothing to back that claim, ignored every counter argument, attacked argument of someone other than me, and you're now replaying Russian government shill tactics to try to rally people behind you for emotional reasons, when I'm explicitly giving technical critique.

Krasnol 2 hours ago | parent [-]

The ban is just there so every village cop may have something against you if they need it.

Besides that, they know and, as it seems, to be happy about it's wide availability and information.

Having their own app, they obviously also use for their causes, is just a cookie for the patriots.

psychoslave 3 hours ago | parent | prev [-]

>You people are just racist towards Russians and need help.

That doesn’t exclude the statements about Telegram to be correct though. That is, if some hater against whatever group say 1+1=2 or water is wet, what’s the conclusion?

>You can do similar attacks on signal and whatsapp.

Well yes. Don’t trust devices, they are not humans, they don’t qualify. They can at most have some degree of reliance for some purpose. But assuming that all devices out there are powned by some external parties is a rather sound security baseline approach.

>Why is it that the Russian one bothers you so much?

One don’t need to bother more on any specific oligarchy really, they all use their fellow humans like disposable pawns.

tryauuum an hour ago | parent [-]

> You people are just racist towards Russians and need help.

>> That doesn’t exclude the statements about Telegram to be correct though.

just attack the telegram from the technical standpoint, then no complains about "racist towards russians" will be given. Like, mentioning the lack of user-friendly E2EE is great already. Saying things like "Durov who supposedly lives in exile has visited Russia over 50 times" is meh. How can one intepret it in any other way is "Russia is evil and visiting Russia is thus evil"?

and regarding the cracking contests — one of the telegram bugs was actually uncovered this way, see https://habr.com/ru/articles/206900/

dgroshev 26 minutes ago | parent | next [-]

> How can one intepret it in any other way is "Russia is evil and visiting Russia is thus evil"?

Simple: Durov has no problem with constructing a narrative that has little to do with reality.

psychoslave 40 minutes ago | parent | prev [-]

> How can one intepret it in any other way

As noise. The fact it's xenophobic or some other kind of noise is just implementation details at that level.

Perz1val 4 hours ago | parent | prev [-]

Heavily means the key is large so it takes longer to crack, but also longer to encrypt/decrypt, so the service is more costly to run and slower. At least I've seen it used that way

Aachen a few seconds ago | parent | next [-]

It's not slow though so that's clearly not it. It's just a marketing intensifier here

maqp 4 hours ago | parent | prev [-]

There's nothing slow about AES.

In this context "heavily" means "we can't legally claim it's end-to-end encrypted because it's not".

Also it's not even post quantum, so it's not heavy. Telegram's Diffie-Hellman breaks instantly with a quantum computer large enough to run Shor against it.

Also, the keys sit on the servers' RAM, no matter what they lie. There is no global distributed RAM system, especially one that encrypts data in distributed fashion and works at the negligible latencies that Telegram boasts.