They don't have encrypted backups like Signal and WhatsApp.
The real reason why Telegram doesn't enable end-to-end encryption is pretty clear: they don't have the features to provide a good end-to-end encryption experience: They don't support end-to-end encrypted group chats. Telegram does not provide proper separation of data-at-rest versus data-in-motion), this seems to be the "I don't need encryption because I have nothing to hide" argument, but perpetrated by what's allegedly supposed to be a secure messenger. Putting aside the fact that if Telegram's cryptography were properly implemented, an outside observer shouldn't be able to tell whether or not end-to-end encryption is being used or not (i.e. We are convinced that the separation of conversations into Cloud and Secret chats represents the most secure solution currently possible for a massively popular messaging application." "This allows Telegram to be widely adopted in broad circles, not just by activists and dissidents, so that the simple fact of using Telegram does not mark users as targets for heightened surveillance in certain countries.
Worse, even after this was pointed out to them and people started writing papers about potential attacks, they have stood by their shaky design, refusing to update it or even admit mistakes were made in the initial design.īut even worse than that, end-to-end encryption is off-by-default, and users must opt into it. Had they even used HMAC they'd be in much better shape. This is something of a crypto 101 mistake. Logic, though, is probably no match for conspiracy theories. Security professionals know that's not how we should think about security (never trust people!), because Durov is leaving a lot out: there aren't safe jurisdictions, servers get hacked, and centralized databases will get compromised. That's not good, unless you've been trained to think that "privacy" is just about choosing the company, government, or legal jurisdiction that gets total access to your data.
Telegram stores the messages you send/receive unencrypted on their servers. They want people to think like that because they've built businesses that require it. The way Pavel Durov and others like him present "trust" is (ironically) shady corporate structures, shell companies, or use of the word "Switzerland." Most companies in that business do the same, because it's easier than building something that doesn't require trust in people. Pavel Durov wants everyone to think security is about trust in people.