David Balaban's Blog

Telegram Privacy Issues

Telegram Privacy Issues

David Balaban's photo
David Balaban
·

5 min read

I decided to write this article after reading numerous reviews and remarks about Pavel Durov's Telegram, which has become, de facto, an instrument for coordinating the protest movement in a number of countries. I think it is not suitable for this purpose since it has obvious privacy problems.

I must point out that I am a computer security expert. The purpose of this article is, first of all, to provide a ground and a reason for an open discussion.

I propose to start the discussion with the fact that when registering a new user in Telegram, you must provide your cell phone number. Actually, this is where we can finish it. In terms of privacy, this is the worst possible solution.

Want to know why?

Alas, in most countries of the world, you need to present your ID card or passport to purchase a SIM card. Even in those countries where the anonymous purchase of a SIM card is possible, its use is associated with the risk of deanonymization - cellular companies collect and store connection statistics. Such things as the IMEI of the phone or geolocation data will be recorded and stored for many years.

Even the use of a disposable phone cannot save since most people keep their main phone nearby and it is turned on. Naturally, you can come up with a bypass scheme – but I think, only people who are paranoid about their own privacy can take serious precaution measures, including, of course, crooks and terrorists.

Does Pavel Durov understand the dangers of collecting such information? Without any doubt, he does. History teaches us that any data can be obtained officially through court orders; it can be stolen, bribery and blackmail of employees do also exist.

Privacy can be breached due to loopholes in the messenger client, as it happened in Hong Kong when the authorities loaded a huge number of numbers into the application to identify users of the protest groups. To protect against this, an update of the Telegram messenger was developed. Now, members of large groups can change settings and hide their phone numbers.

But it was too late for the protesters in Hong Kong - the data had leaked. And this is a matter of life and death - such crimes are punishable by imprisonment for a term of three years and up to life-long imprisonment. Could Pavel Durov protect users? Yes, he could. Without much difficulty - no one will steal data that is not there. To stop posing a threat to users from countries with totalitarian regimes, Pavel just needs to stop collecting user data.

If Pavel refuses to link the account to the SIM card, a significant part of the security and privacy problems will disappear. So, why is Telegram not implementing such a solution?

It is believed that this is a business model reasonably used by Pavel Durov. There is a well-known saying: “If you get something for free, then you are the product.” Pavel needs your data - since the goal of his activity is to make a profit. And he can get it by selling user data in an impersonal (hopefully) form and (or) show users personalized ads.

There is nothing wrong with users sacrificing some of their privacy in exchange for a convenient free service, naturally, when users are warned about this and understand the associated risks. And users should be given the opportunity to refuse data transactions - register and use the service anonymously.

Anonymity does not contradict Pavel's commercial interests. Without receiving money from the sale of data, Pavel can receive it directly from users through various models of anonymous sales, for example, through Google Play Gift Cards. A gift card can be purchased for cash, that can be activated and used to purchase various digital content in the Google Play Market.

So why hasn't this been implemented? I think that under the influence of the special services, recently, a widespread restriction of personal freedoms is growing all over the world. In this situation, user tracking is a prerequisite for entering the market. Programs that provide communication services without user identification cannot survive.

The foregoing applies only to large software products. Small ones, using the trick of the "Elusive Joe," are still not covered. So, I would recommend the protesters to coordinate their activities with any of the unpopular messengers, like Signal, or by encrypted email. This decision, however, also has negative sides - the effectiveness of the protest on a mass scale.

About the Author: David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net blog that presents news and his opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.