Many people who focus on information security, including myself, have long considered Telegram suspicious and untrustworthy. Now, based on findings published by the investigative journalism outlet IStories (original in Russian; English version by OCCRP available here), and my own analysis of packet captures from Telegram for Android and of Telegram’s protocol described below, I consider Telegram to be a indistinguishable from a surveillance honeypot.
Telegram generates a long-term identifier, calledauth_key_id, on every client device. This identifier does not change depending on where the client is connecting from. Telegram’s current protocol, MTProto 2, requires this long-term identifier to be prepended in cleartext, or at best trivially obfuscated, to at least some encrypted messages sent through the network. When perfect forward secrecy is in use, temporaryauth_key_ids are generated every 24 hours or so, and used instead the long-term one – but still prepended in cleartext to encrypted messages. This enables anyone who has sufficient network visibility and a bit of dedication to identify traffic originating from a given user device.
It is a surprising and unnecessary protocol design choice, present neither in Signal nor WhatsApp.
IStories found evidence that all network communication to and from Telegram’s infrastructure go through a company linked to the Russian FSB. This would provide the kind of network visibility that combined withauth_key_idwould allow it to identify traffic coming from specific users, globally.
In other words, what for years seemed like a protocol design oddity is now looking more like a deliberate decision to facilitate global surveillance of all Telegram users by the Russian state, while obscuring Telegram’s infrastructure provider’s role and providing some measure of plausible deniability for Telegram itself.
The two decisions Telegram made (choice of infrastructure provider who happens to cooperate with the Russian FSB, and attaching a cleartext device identifier to encrypted messages) taken together reinforce surveillance capability of the FSB considerably more strongly than either of these decisions would have on its own.
It doesn’t matter if these decisions were made on purpose or accidentally. Telegram is indistinguishable from a honeypot.
3 Likes