The Truth About Telegram: E2EE and Arrest

Pavel Durov

Recently, Telegram founder and CEO - Pavel Durov - was arrested by French authority in relation to a cybercrime investigation the moment he visited the country at a private airport. According to several reports by news outlets, the arrest was due to the fact that Telegram is too secure and private for governments to monitor, and because there are claims of illegal activities happening on the platform.

Pavel Durov is a Russian-born tech entrepreneur who founded the popular messaging app Telegram in 14 August 2013. He initially gained prominence as the creator of VK, the Facebook version and largest social media site in Russia, but was forced to leave the country after refusing to censor a political page linked to Alexei Navalny.

Following his departure from Russia, Durov launched Telegram, which is known for its strong privacy and security features and has amassed over a billion users. Durov's got a dual citizenship in both France and UAE. Pavel Durov's French citizenship appears to have backfired, as he was arrested in France upon landing his private jet. Reports suggest he could face up to 20 years in prison for charges including money laundering, fraud, and terrorism.

The Pavel Durov's Arrest in France

Pavel Durov's arrest in France has drawn significant attention due to allegations that Telegram, the messaging app he founded, failed to go against criminal activities on its app, including the spread of child sexual abuse material.

The investigation involves serious crimes such as illicit transactions, fraud, and child sexual abuse, with French authorities, led by OFMIN (a child protection agency), accusing Telegram of refusing to cooperate with law enforcement. 

This situation is unusual because it is rare for providers of web services to be held personally liable for their users' actions. Telegram has responded by denying any wrongdoing, arguing that it's unreasonable to hold the platform or its owner accountable for how users misuse the service.

The app has faced additional scrutiny for its cryptocurrency features and the recent removal of the need for a valid phone number to create an account, raising concerns about safety and legality. Durov, however, claims that his arrest is a result of law enforcement agencies wanting access to Telegram's network through a backdoor. The case is ongoing, and more developments are expected.

The E2EE: Is Telegram Secure and Private?

As believed by the French authorities and many organizations around the world, Telegram is uncensored and anything illegal can go into it large groups and channels. Uncensored refers to content that has not been altered, restricted, or removed by any authority, such as a government, organization, or media outlet.

This means the content is presented in its original form, without any modifications that might be made to remove sensitive, offensive, or controversial material. Uncensored content can include explicit language, graphic images, or any information that might otherwise be edited or suppressed in censored versions.

However, the allegations of uncensored filed against Telegram is half true. Because, Telegram is still managing to meetup with Apple App Store and Google Play Store guidelines, which require it to censor and block various content to stay listed. Despite the fact that users can bypass the app stores installation methods by downloading Telegram directly from its official website - telegram.org/app - the messaging app is still meeting the App Store and Play Store guidelines.

Meanwhile, speaking about Telegram's E2EE or End-To-End, the app is not fully end-to-end encrypted, which allows many authorities to detect that there are some illegal activities going on the social media messaging app. Here's how Telegram's E2EE works and what you should know:

Telegram End2End Encrypted Protocol
Telegram's End2End Encrypted Protocol

Telegram’s end-to-end encryption, known as Secret Chats, is designed for secure one-on-one communication. Unlike regular cloud chats, Secret Chats use a different encryption scheme where messages are encrypted with a key known only to the participants.

This ensures that no third party, not even Telegram, can access the contents of these chats. The encryption process is built on the MTProto 2.0 protocol, which is an upgraded version of the original protocol and includes several enhancements, such as stronger padding and improved message key computation.

The key generation process in Secret Chats relies on the Diffie-Hellman protocol, which allows two users to generate a shared secret key over an insecure channel. When one user initiates a Secret Chat, they send a request that includes parameters for generating this key. Both users then perform computations to generate the shared key, which is used to encrypt and decrypt messages. This shared key is unique to each chat session and is never stored on Telegram’s servers, further enhancing security.

To maintain the security of past communications, Telegram employs Perfect Forward Secrecy (PFS). PFS ensures that even if a key is compromised in the future, it cannot be used to decrypt past messages. In Secret Chats, keys are re-generated after every 100 messages or every week, whichever comes first. This frequent re-keying process means that old keys are securely discarded, making it impossible to reconstruct them, even if the new keys are obtained.

When a message is sent in a Secret Chat, it undergoes several layers of encryption before being transmitted. The message is first serialized and padded to ensure a consistent length, then encrypted using the shared key with AES-256 encryption.

The encrypted data is sent to Telegram’s servers, which then deliver it to the recipient. Upon receipt, the recipient’s client decrypts the message using the same shared key. This process ensures that the message remains secure and unreadable to anyone other than the intended recipient.

Telegram’s resilience lies in its globally distributed servers, making it difficult for authorities to completely shut down the platform. The servers are spread across various countries, creating significant challenges for law enforcement agencies that must navigate international borders and legal systems to access data. This decentralized structure ensures that even if one server is taken down, the app continues to function as intended.

In response to this, some countries, particularly in the EU, have considered banning end-to-end encryption (E2EE) entirely. For example, Spain has contemplated making E2EE illegal, which has sparked outrage among free speech advocates. While these proposals have not yet been enacted, the debate highlights the tension between privacy and security in the digital age.

Moreover, the arrest of Telegram's CEO, who is a staunch advocate for free speech, could be seen as an attempt to pressure the platform into cooperating with law enforcement. Faced with the possibility of a lengthy prison sentence, the CEO might be forced to choose between upholding his principles and complying with government demands.