A Russian court has banned the popular messaging app Telegram, after claiming that it is widely used by terrorists. The move follows demands from the Federal Security Service (FSB) that Telegram hand over its encryption keys to the secretive KGB successor.
Telegram’s founder and CEO, Pavel Durov, is a Russian exile who fled the country in 2014 after his social networking company, VKontakte (VK), publicly refused to hand over the data of Ukrainian protesters to Russia's security agencies, and refused to block opposition activist Alexei Navalny's page on VK.
Perhaps unsurprisingly, Durov response to the FSB’s demands was defiant:
"At Telegram, we have the luxury of not caring about revenue streams or ad sales. Privacy is not for sale, and human rights should not be compromised out of fear or greed."
What is Telegram?
Telegram is a messenger app used by some 200 million people worldwide, with 9.5 million users in Russia. Much of its popularity rests on the popular perception that it is highly secure and private, a perception that is itself based on Telegram’s notoriety as a tool widely used by ISIL.
As I discuss below, this reputation for privacy and security is largely undeserved. Telegram is not held in high esteem by cryptographers and privacy experts.
On Friday 19 April a Moscow court authorized Roskomnadzor, the Russian communications and technology watchdog, to block access to the Telegram network. Telegram’s lawyers did not attend the 18- minute hearing in protest.
The ruling follows the collapse of a lawsuit last month by Telegram against the FSB demands for its encryption keys. Telegram repeatedly insisted that it is unable to comply with this demand as no such keys exist. It claims that new keys are negotiated for each user for each session and that no master key exists which it could hand over even if it wanted to.
Telegram is Not That Secure!
In this, Telegram is not being entirely honest. Unique new keys are, indeed, created when using Telegram’s Secret Chat option. This uses end-to-end (e2e) encryption to allow for private and secure conversations.
It means that all messages are encrypted on the sender’s device when he/she enables Secret Chat. The messages can only be decrypted and read on the intended recipient’s device.
Unfortunately, Secret Chat is not enabled by default. This means that most regular conversations can, in fact, be accessed by Telegram using mater encryption keys!
Telegram’s use of its own non-standard MTProto encryption protocol has also been strongly criticized by cryptography researcher, and its use of closed source binary blobs in its otherwise open source code has drawn criticism.
Or to put it another way, if privacy and security are your main reasons for using Telegram then ditch it and use Signal instead!
Overcoming the Ban
Durov has stated that Telegram uses "built-in systems” that will help overcome the ban. By this, he almost certainly means it uses the Amazon Web Services (AWS) and Google Compute Engine (GCE) cloud networks.
But he also said that using a VPN is the only way to guarantee full access to Telegram. And it seems that Russians are taking him at his word. Since the ban, traffic to our 5 Best Russian VPNs page has spiked by almost 800%!
Why Using a VPN Overcomes the Ban
A VPN allows you to overcome the ban because it hides the fact that you are connecting to the Telegram network from your internet and/or mobile provider (and therefore the Roskomnadzor).
They cannot see your data because it is security encrypted by the VPN, and cannot see that you are connecting to the Telegram network because all connections are routed through a VPN server which hides what you get up to on the internet.
Indeed, that Russia can do little to prevent Telegram users using VPNs to access the service has been tacitly acknowledged by deputy communications minister, Alexei Volin:
“Many Telegram users have already adopted different messengers, and those who want to stay with this product know a lot of ways to get round the ban and continue using the services they are used to.”
For more information on how a VPN works please and can evade Russia’s Telegram ban, please check out VPNs for Beginners – What You Need to Know.
Even the Kremlin is using VPNs to Beats its Own Telegram Ban!
In what can only be described as a Kafkaesque turn of events, it seems the Kremlin itself is using VPNs to access Telegram! This is because the Russian government relies on Telegram to communicate with the press and to arrange meetings with President Putin’s spokesman. Which all makes the ban rather awkward for it!
According to Reuters, it asked a person in the Russian government “who asked not to be identified due to the sensitivity of the issue” about how it would operate without access to Telegram. The reply was a screenshot of his mobile phone with a VPN app open.
Russia’s Telegram ban is important because it shows a growing desire by the Russian government to police the internet and spy or censor what people get up to online. In the short term, however, it is little more than a gesture, as simply using a VPN allows Russians to continue to access Telegram unhindered.