The mobile messaging app Telegram is popular in Iran, where citizens who have limited access to uncensored news and mainstream social media sites, such as Facebook and Twitter, use it to share and access information. But the app's estimated 20 million users in Iran, including those who use Telegram to report and communicate with sources, could be putting themselves at severe risk of data compromise, security experts warn.
Created in 2013 by two Russian brothers, Telegram describes itself as a secure and private alternative to apps such as WhatsApp. But whereas WhatsApp applies end-to-end encryption to all traffic by default using the highly secure Signal encryption protocol, Telegram does neither. Security experts have expressed skepticism about the esoteric encryption Telegram uses, saying it is poorly designed and implemented.
In Iran--which ranks seventh on CPJ's 10 Most Censored Countries list--authorities have blocked millions of news websites and social networking sites, and use arbitrary detentions as a way to silence dissent. Iran is also the third worst jailer of journalists worldwide, according to CPJ's last prison census. In at least two cases on the census, journalists were arrested over social media posts.
"If social media sites were not filtered in Iran, instant messaging applications would have been used at the same rate as other countries. Iranian users would have probably preferred to use Twitter or Facebook," an Iranian blogger known as Vahid Online told CPJ. The blogger, who is based in the U.S. and has more than 44,000 followers on Telegram, uses the app to post summaries of news items and the most notable reactions to them. Many of the reactions are tweets, Facebook posts or blog posts that would otherwise be blocked for Iranians.
Vahid Online said that Telegram's Channel function, a one-way communication method that allows users to share content with large audiences, has been instrumental in attracting Iranian users. "There is a big population in Iranian cities and towns that have never had access to computers and don't even have email accounts, but they have now connected to the online community through Telegram," he said. "Many of the YouTube videos that for years were blocked for Iranians have been shared on Telegram and many Iranians are able to see them for the first time." An example of this greater access was illustrated during Iran's parliamentary election in February. In the run up to the vote, former president Mohammad Khatami posted a video on YouTube encouraging people to vote for all the candidates that had been published on the reformist's list. Khatami is banned from media in Iran and YouTube is blocked. However, the video was widely shared on Telegram.
Official news outlets and journalists are also using Telegram to reach their audience. An informal CPJ review of Telegram accounts found that posts from journalists affiliated with official news agencies was consistent with their state-sanctioned reporting and that most posts were used as a way to get information out quickly. The discrepancy in how the app is used to share and report news was illustrated on May 3, when pictures showing the release of cartoonist Atena Farghadani, who had been jailed since January last year, were widely published by bloggers and citizen journalists on Telegram channels but ignored on Telegram by state media and more traditional channels.
Although Telegram has helped open up an important space for conversation in Iran, numerous technology security experts have warned that the app's security flaws make it unsafe. Nima Fatemi, an independent security researcher based in the U.S., said, "Normal chats, which is the default option, are not end-to-end encrypted, meaning Telegram and anyone they share your data with, can read, store, analyze, manipulate or censor users' conversations."
Telegram's head of support, Markus Ra, told CPJ that claims the app's encryption is not robust enough are not true. He said that the Secret Chat option uses end-to-end encryption and that Telegram does not have access to the plain text for Secret Chat message. Ra said, "Thanks to our apps being open-source, this can be easily confirmed by any interested party." Ra said that technically, Cloud Chats could be deciphered by the server, but added, "We have disclosed exactly zero bytes of user data to third parties since our launch day in August 2013."
Of course, willingly disclosing user data is not the same thing as leaving it vulnerable to hacking and surveillance. For example, in late April, two Russian activists' Telegram accounts were accessed by third parties, The Moscow Times reported. The activists have blamed MTS, one of Russia's largest mobile operators, which initially acknowledged the men's phone settings had been tampered with by its "security department" but then denied any deliberate interference, the newspaper said.
"If any of [Telegram's] servers get compromised, all of the users' data is up in the air," said Fatemi. "We know from the Snowden revelation and all massive hacks that no single computer can be protected from hackers. Especially if it's a juicy target with millions of people's conversations stored on it."
In his message to CPJ, Ra linked to the Electronic Frontier Foundation's Secure Messaging Scorecard published in 2014, as an illustration of how the app's open source code resulted in a positive audit. Telegram "Secret Chats" earned a perfect rating in the first version of the scorecard. Electronic Frontier Foundation warned on its website however, that the scorecard is "out of date, and is preserved here for purely historical reasons."
"We are in the process of redoing the scorecard, so the version that Telegram cites is not current and was never intended as an endorsement," Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, told CPJ. "Version 1.0 of the scorecard does not reflect EFF's current thinking on encryption, nor does EFF encourage anyone to use it for practical advice."
Cardozo pointed out "critical flaws" with Telegram, including its lack of end-to-end encryption and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green, an assistant professor of computer science at the Johns Hopkins Information Security Institute and a leading expert on applied cryptography.
Seemingly arcane details such as an app's encryption protocol and implementation can directly impact the lives of the journalists who use those apps. CPJ recommends that journalists should use WhatsApp or Signal as a more secure way to communicate, a recommendation echoed by Cardozo. Both apps use the Signal encryption protocol, which is based on open, well-tested cryptographic algorithms. The Signal protocol, which CPJ staff use for our most sensitive work, has been reviewed and endorsed by leading security experts.
EDITOR'S NOTE: This blog has been updated to reflect that Matthew Green is an assistant professor of computer science at the Johns Hopkins Information Security Institute.