I remember reading a description of a phenomenon that goes something like this:
One tends to believe that what they read in media is true, until one reads an article on a subject one is well versed in, where the article appears full of glaring and often jaw-droppingly ignorant flaws in reporting.
Yet, we tend to continue reading the same media even after such an event, subconsciously treating the error-filled article as a fluke. Consciously we may be aware that media often make mistakes, but subconsciously we believe that what we read is true.
I’ve been unable to find a name for this and am now convinced I hallucinated it.
The coverage of Pavel Durov’s arrest is one such event for me.
Pavel Durov, founder of the messaging application and social media platform Telegram, was arrested in France on the 24th of August 2024. Whether directly or through allusions, most media reporting follows a similar line: Pavel Durov, founder of the encrypted messenger Telegram, ardent free speech defender and millionaire, was arrested. Why? Because his encrypted messenger was being used by criminals, drug traffickers, pedophiles, and all sorts of unsavory people, and Durov himself refused to bow to government pressure to censor such content. Telegram, being encrypted, is entirely out of the control of major governments, who view it as a threat.
This is the general line followed by media of all sorts: BFMTV reinforces the idea that Telegram is encrypted by using the word “chiffré” in all but two paragraphs.
Smaller free speech publications also publish a similar narrative, but with more of a “Encryption is sticking it to the man” bent.
Reuters, while providing a remarkably clear picture of the event, still calls Telegram an “encrypted application”.
Telegram is Not Encrypted in any Meaningful Sense of the Word
The words “Telegram” and “Encrypted” have become practically synonymous in the minds of many. This is a lie, perpetuated by the both the founder and picked up by media. Telegram is no more encrypted than Facebook, Reuters, this very blog, or in fact most websites created in the past decade, yet media do not feel the need to write “The encrypted application YouTube” or “The encrypted website weather.com” any time they are mentioned.
Practically, this means that, contrary to popular belief, Telegram does in fact have access to nearly all messages sent on the platform. They may as well be in one big text file sitting on Telegram’s servers.
The simplest indication that this is the case is that you can change your password, sign in on a new device, and still have access to all your old messages. The only way this is possible is if Telegram controls the encryption keys to your messages, which necessarily means they can be read by Telegram itself. See Matthew Green’s blog for more.
The one exception to this rule that often gets misconstrued as applying to the entire platform is the special End to End encrypted chats. These have to be manually started from a hidden option, only work when both conversants are online, do not sync across devices, and as a result are hardly used by anyone.
The misreporting of Telegram as an “Encrypted” app distorts the reality of the situation.
What makes Telegram unique is not encryption technology, but policy. Telegram stands alone as one of very few platforms that are entirely unencrypted, yet claim to stand by principles of free speech and minimal intervention by governments. The truth of these claims is almost entirely impossible to verify. The true reasons for Durov’s arrest are equally opaque.
It is precisely because Telegram is UN-encrypted that arresting Durov is a valid way to exert pressure on Telegram in any number of directions. Once a third party has obtained access, be it through threats or negotiation, the wealth of communication flowing through the platform is free to be censored, promoted, downranked, shared, analyzed, and otherwise processed.
Communication that is truly private is not susceptible to the same pressures. Signal founder Moxie Marlinspike, current president of the Signal Foundation Meredith Whittaker, SimpleX founder and programmer Evgeny Poberezkin, and many others working on or with encrypted messaging still walk free. These communication tools, like any other, are certain to be used by some for illegal purposes, yet End to End encrypted messengers are built in such a way that they have no access to messages they carry, and are thus immune to pressure exerted on those building them.
Take for example the results of a subpoena against Signal: the only information Signal can disclose about a user is the date the account was created and the date it last connected to the service.
On such a platform, arresting the CEO would be nonsensical. Meredith Whitacre has no more access to your Signal messages nor ability to censor or promote content than anyone else. To imprison her for running an encrypted application would go against already established free speech protections. Code is speech. Encryption is legal.
However noble and fervent Durov’s free speech convictions may be, his approach seems almost impossibly naive.
He has dismissed claims that true E2E encryption would be beneficial to user privacy, and made nonsensical claims that Signal is less privacy preserving than Telegram. I cannot even begin to guess why he holds these positions, nor how he reconciles them with his professed free speech and libertarian convictions.
Humans are fallible. Do not trust the privacy of your communications to a man who keeps plain text copies of them on his servers and pinkie swears he won’t look at them. Trust encryption, not men.