Du Rove's Channel
2.19M subscribers
32 photos
4 videos
101 links
Thoughts from the CEO / Founder / Product Manager of Telegram.
Download Telegram
🥳
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].

WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].

Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.

But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].

Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.

Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.

[1] – Why WhatsApp will never be secure

[2] – WhatsApp users urged to update app immediately over spying fears

[3] – WhatsApp Android and iOS users are now at risk from malicious video files

[4] – Everything you need to know about PRISM

[5] – NSA taps data from 9 major Net firms

[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'

[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone

[8] – WhatsApp is storing unencrypted backup data on Google Drive

[9] – WhatsApp hack led to targeting of 100 journalists and dissidents

[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources

[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US

[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
Telegram keeps growing at a rate of ~50% annually in DAU. This extraordinary growth, unfortunately, still comes with certain growing pains.

Yesterday from 1PM to 2PM GMT about 15% of users who were online at that time experienced connection issues on Telegram. This disruption mainly affected users from Germany, Iraq, Uzbekistan, Russia, Ukraine, Kazakhstan and Belarus.

We apologize for each of the messages we failed to deliver during that hour. We are striving to make our platform as reliable as possible. We are proud that, even despite some attempts to disrupt its availability (like the DDoS from China in June), every year Telegram becomes less prone to such issues.
For the past several years, we’ve been fighting the spread of terrorist content on Telegram. We’ve been doing it in a way that is consistent with our values and Privacy Policy. While some pundits quite irresponsibly suggested that absolute privacy and counter-terrorism efforts are mutually exclusive, the success of our regular anti-terror actions prove that this is not the case.

Yesterday Europol recognized our continuous efforts in their statement:

“Telegram is no place for violence, criminal activity and abusers. The company has put forth considerable effort to root out the abusers of the platform by both bolstering its technical capacity in countering malicious content and establishing close partnerships with international organisations such as Europol. 

Thanks to this collaboration, the already-existing content referral tools available to Telegram’s users have been strengthened and expanded. Now, any user is able to refer and classify the content they find inappropriate and violent via the referral feature in public groups and channels. In addition, new technical developments, such as the advanced automated content detection system, continue to strengthen Telegram’s effort in obliterating extremism on the platform even further.”

This follows another Europol report dedicated to the Referral Action Day, in which several tech companies including Telegram took part:

“Whilst Google and Instagram deployed resilience mechanisms across their services, Telegram was the online service provider receiving most of the referral requests during this Action Day. As a result, a significant portion of key actors within the IS network on Telegram was pushed away from the platform. 

In the past year and a half, Telegram has also put forth considerable effort to root out the abusers of the platform by both bolstering its technical capacity in countering malicious content and by establishing a close partnership with Europol.”

As I have made clear before, ISIS and their likes will have a hard time on Telegram if they continue to spread their message of violence and hatred. After the ISIS attacks in Europe we have zero tolerance for their propaganda on our platform. At the same time, we’ll continue to defend our users' absolute right to privacy like no other service, proving that you don’t have to sacrifice privacy for security. You can – and should – enjoy both.
This month we have verified and promoted 17 official news sources, representing Ministries of Health in 17 countries (the constantly growing list is available in @corona). We did this as part of our anti-covid19 initiative announced in early April. While Telegram is not exactly famous for cooperating with government officials, we decided to make one exception globally to help spread information about the virus.

The current pandemic is a threat to our entire species. When it ends, the world will not return to normal. We may witness a civilizational shift that will ripple through generations. It is up to all of us to ensure that the new world about to be born is a better place than the one we're leaving behind.

This is a chance for people to use their time in isolation to create a better version of themselves – and a chance for technology to prove its worth for humanity. I believe we at Telegram should do all we can not only to help contain the pandemic and combat the spread of unverified information – but also to find new ways of moving forward.

For this reason, in addition to providing informational support, we’ll try to contribute to tackling the problem of education under lockdown. We also have several other anti-covid19 projects in the works at Telegram.

I will announce more details in the next few days on the Telegram Blog.

Stay tuned. And stay safe.
In April 2018, Russia’s telecom regulator Roskomnadzor blocked Telegram on the country’s territory. We knew it was coming, so by the time the block went live, we had already upgraded the Telegram apps with support for rotating proxy servers, ways to hide traffic and other anti-censorship tools. We were joined by thousands of Russian engineers that set up their own proxies for Telegram users, forming a decentralised movement called Digital Resistance.

The first week of the ban was challenging, and many of our users in Russia had connection issues. In an attempt to prevent users from accessing Telegram, Roskomnadzor blacklisted millions of IP addresses. However, thanks to Digital Resistance, after May 2018 Telegram became largely accessible in Russia.

As a result, Telegram’s user base in Russia hasn’t decreased – in fact, it has doubled since 2018. In May 2020, out of 400 million monthly active users of Telegram, at least 30 million were from Russia. It means that our growth in Russia has been in line with our growth in other countries. To put it simply, the ban didn’t work.

Last week, Roskomnadzor, which has a new director as of two months ago, decided to reflect reality by announcing that Telegram is no longer blocked in Russia. In their announcement, they referenced my June 4 message where I explained why the ban didn't make much sense.

This change should be welcomed – and I hope it will last. If it doesn’t, however, we hope few users will notice any difference.

Over the course of the last two years, we had to regularly upgrade our “unblocking” technology to stay ahead of the censors. I am proud of what we achieved – it is unique among social media apps.

We don’t want this technology to get rusty and obsolete. That is why we have decided to direct our anti-censorship resources into other places where Telegram is still banned by governments – places like Iran and China. We ask the admins of the former proxy servers for Russian users to focus their efforts on these countries. They should also stand ready for new challenges: as the political situation in the world becomes more unpredictable, more governments may try to block privacy-focused apps like Telegram.

The Digital Resistance movement doesn’t end with last week’s ceasefire in Russia. It is just getting started – and going global.
An update regarding the US court proceedings involving Telegram, which I described in May. Fortunately, it is over, as we reached a settlement with the US regulator. Here’s Telegram’s official statement in relation to today’s news:

Regrettably, we were unable to launch the TON platform by our deadline date due to the preliminary injunction ordered by the Court, and thus had to return the remaining funds to purchasers under our contractual agreements. Since we saw limited value in pursuing the court case further, we welcomed the opportunity to resolve it without admitting or denying our liability.

Today’s proposed settlement reconfirms our commitment to repay the remaining funds to purchasers under the Purchase Agreements. We’ve already repaid more than 1.2bn to the purchasers either directly or in the form of loans.

We look forward to continuing to pursue our other projects and avenues for innovation, and we hope the regulatory environment for blockchain technology in the US becomes more favorable for others in the future.


✊
Telegram is among the top 10 most downloaded and most used apps in the world.

Thank you for loving us and for telling your friends about Telegram.

With every new Telegram user, the power flows back from the corporations to the people.
I hope you all liked the latest Telegram update – our 8th major update this year. This new version of Telegram could have become available to you several days earlier. But it didn’t, because of Apple’s desire to control every mobile app in the world. Few iPhone users realise how the policies of Apple make their lives worse. That’s why I decided to write the post below.
7 Reasons Every iPhone User Should Be Worried About the App Store’s 30% Tax

In the last few months, many prominent app developers voiced their disapproval of the App Store policies Apple imposes on all apps. Why should that concern you if you own an iPhone? Here are 7 reasons.

HIGHER PRICES. Apple’s 30% commission makes all apps and digital goods more expensive for you. It goes on top of the price you pay to developers for any services and games you buy on your phone. You pay more for every app, even though Apple already charged you a few hundred dollars more for your iPhone than it cost to make. In short, you keep paying even after you have paid.

CENSORSHIP. Some content in apps like Telegram is unavailable to you because Apple censors what is allowed on the App Store, which it fully controls to enforce the 30% tax. Apple even restricts us – app developers – from telling our users that certain content was hidden for iPhone users specifically at their request. Apple should realize how ridiculous their attempt to globally censor content looks: imagine a web browser deciding which websites you are allowed to view.

LACK OF PRIVACY. In order to install an app from the App Store, you must first create an Apple account and log in using it. After that, every single app you download and every push notification you receive is tied to your account, making you an easier target to track. Since the main reason you have to use an Apple account to download an iPhone app is Apple’s desire to enforce their 30% commission, the cost of their greed also includes your private data.

DELAYS IN APP UPDATES. You get new versions of your apps several days or weeks after they are actually ready, because Apple’s review team is notoriously inefficient and often delays approval for no apparent reason. You would think Apple could use the billions of dollars it receives from third-party apps to hire additional moderators. Somehow they are unable to do even that, and us – big apps like Telegram – typically have to wait several days to publish updates.

FEWER APPS. Apple’s 30% commission on apps goes on top of all the other expenses developers must pay for: government taxes such as VAT (~20%), wages, research, servers, marketing. Many apps would have been net profitable in a world without Apple’s 30% commission, but being forced to surrender 30% of their revenue to Apple makes them unsustainable. As a result, many of them go bankrupt and lots of great apps you could have enjoyed just don’t exist.

MORE ADS IN APPS. Because Apple makes selling premium services and accepting donations one-third less meaningful for developers, many of them have to show ads in their apps in order for their companies to survive. Apple’s policies skew the entire industry towards selling user data instead of letting them adopt more privacy-friendly business models like selling additional services to their users.

WORSE APPS. Billions of dollars are taken from developers who could have otherwise spent those funds on improving the quality of the apps you use every day. Instead, this money rests idly in Apple’s offshore bank accounts and does nothing for the world, while app developers struggle to find resources for the research and development the world needs.

The situation is so bad that one would expect Apple’s 30% cut to be unsustainable. Yet it’s been around for more than 10 years and is still there. In my Telegraph post below, I'm explaining how Apple has been able to trick consumers and regulators into inaction for so long.
I can understand why Donald Trump threatens to ban TikTok unless its US assets are sold to US investors. After all, China bans pretty much every non-Chinese social media app on its territory. Why should the rest of the world, including the US, let a Chinese app have a free ride in their markets? If you want to access the markets of other countries, you should also open your market to them – that would be fair.

However, the US move against TikTok is setting a dangerous precedent that may eventually kill the internet as a truly global network (or what is left of it). Before the US-TikTok saga, only autocratic countries like Iran, China or Russia were known for bullying tech companies into selling parts of their businesses to investors with close ties to their governments. It’s not surprising, for example, that Uber had to sell both their Russian and Chinese branches to local players.

I am proud that, unlike Uber, we at Telegram have always declined offers to sell our operations in specific countries. A few years ago we received letters from two funds with ties to countries that later attempted to block Telegram. Both letters expressed the same idea: “Telegram is going to get blocked in our country soon, so your only option is to sell us the local part of your business”. My response to those offers has been along the lines of my 2011 middle finger photo: we are not in the business of betraying our users. We are not selling Telegram – neither in part, nor in full. This will always be our position.

The problem with the US-TikTok case is that it legitimises an extortion tactic previously employed only by authoritarian regimes. For decades, the US has been perceived as the defender of free trade and free speech. But now that China has started to replace them as the main beneficiary of global trade, the US (or at least the Trump administration) seem to have become less enthusiastic about those values. This is regrettable, because billions of people on this planet still like the idea of an open and interconnected world.

Last week, Turkey introduced a bunch of laws limiting social media companies. A few years ago, the US would have had the moral right to criticise such efforts, citing freedom of speech and free trade as ideological foundations for their concerns. Today it’s less clear whether the US still has that right. Authoritarian leaders all over the world are already using the TikTok case as justification in their attempts to carve out a piece of the global internet for themselves. Soon, every big country is likely to use “national security” as a pretext to fracture international tech companies. And ironically, it’s the US companies like Facebook or Google that are likely to lose the most from the fallout.
Today we are adding native support for comments in channels. So once you update Telegram, you’ll be able to leave comments in some channels, including this one.

Throughout the next 10 days I’ll be posting stuff here to try this feature out.

What I like about our implementation of comments is that they are indistinguishable from a group chat. In fact, all comments in a channel are hosted in a group attached to that channel.

This allows for many possibilities both for commenters (e.g. adding voice messages, stickers, GIFs etc. to comments) and for admins (e.g. limiting voice messages, stickers, GIFs etc. in comments).
Another new feature in today’s update is search filters. You can see the search tabs when tapping on the search icon/field from the main screen of Telegram.

The obvious purpose of these tabs is to make finding messages easier. But you can also use them to view all media from all your chats and channels in one chronological feed. It gives you a quick overview of all your audiovisual content.

What I like about these search tabs is that they look and act exactly as shared media tabs you already know (and love).

However, we don’t want new users to get confused by a level of complexity they don’t need, so you have to have at least 10 chats in your inbox to see the tabs.
Lastly, we have introduced Anonymous Admins for groups today. This is a handy feature for celebrities and generally for anyone who wants to run a large group chat without publicizing their personal account.

The creator of the group can make any group admin (including ±self) anonymous. After this, the admin will disappear from the group member list and will post messages on the group’s behalf.

If you add different “titles” for various anonymous admins in the group chat, the members of the group will be able to tell which admin posted each message. I am personally happy we added this feature, because for the first time in many years I was able to start a public group chat (@durovschat) without having my inbox flooded.
YouTube 10 min email