Signal use spikes as Ukraine worries about Russians spying on them via Telegram

Signal use spikes as Ukraine worries about Russians spying on them via Telegram

Russian messaging app Telegram can allegedly be targeted and its database accessed, Signal’s founder Moxie Marlinspike has warned.

(Photo: Reuters) (Photo: Reuters)

One of the first things that happen, from a technology standpoint, during any crisis and conflict situation, is that social media and messaging apps become crucial areas of concern, susceptible to hacking and manipulation to spread panic and misinformation. As Russia keeps attacking Ukraine, messaging apps Telegram and Signal are fighting it out over security and warnings.

Both Telegram and Signal have been considered to be better alternatives to the Meta-owned messaging platform WhatsApp, particularly where security and privacy are concerned. However, in the current situation, Ukrainians are being warned to not use Telegram to prevent Russians from spying on them.

One of the strongest proponents of this warning is the founder of Signal, Moxie Marlinspike. Marlinspike took to Twitter to warn Ukrainian users about Telegram amidst the rising usage of the app over this period of attacks and conflict. Various Ukrainian government officials, agencies (including military and security departments), etc., have been reportedly using Telegram and social media channels to spread the word about what is going on-ground and alert people about cyberattacks. Requests have been made across platforms for Ukrainian hackers to rise and defend the nation and to hack the Russians right back.

Marlinspike said that the ads that promoted Telegram as a “secure” messaging app are all false as all communications and contacts are stored in a database that can be “easily targeted by Russia”. The Signal founder warned that Moscow could target Telegram employees based in Russia to access the database. “If Russia doesn’t want to bother with hacking, they can leverage family safety for access,” Marlinspike said.

While there is no knowing for certain that this is a possibility, a look back at Telegram’s formative history adds some credibility to Marlinkspike’s concerns. Telegram was launched in 2013 by Russian brothers Nikolai and Pavel Durov. The brothers are also the founders of Russian social network VK which they left in 2014 “after claiming it had been taken over by Putin’s allies”.

While Telegram is registered as an American LLC, it has not disclosed “where it rents offices or which legal entities it uses to rent it, citing the need to ‘shelter the team from unnecessary influence’ and protect users from government data requests”. Reports state that Telegram does have employees in Saint Petersburg, so if one thinks about it, it is not impossible for Moscow to get to them.

But not everyone is willing to buy into Marlinspike’s warnings. Elon Musk replied to Marlinspike’s tweet asking - “Are you sure Signal is secure?”.

Marlinspike responded to this with - “Signal is designed very differently. All communication is e2ee (end-to-end encrypted), so there is no cloud [database] with everyone’s entire plaintext (message) history in it. Groups are encrypted by default, so the only (people) who know group details are the people in them. Same (with) contacts, calls, social graph, etc.”

“This kind of FUD [fear, uncertainty and doubt] is not surprising, coming from a minor competitor (and typical for this one). That said, we can confirm that we have neither developers nor servers in Russia and we don’t see any of the mentioned risks,” a Telegram spokesperson told Forbes speaking up against Marlinspike’s allegations.

Now, while Telegram does have a “secret messages” feature, it needs to be turned on manually. Also, the platform is not end-to-end encrypted by default as Signal and WhatsApp are. As an encryption expert from the University of Surrey, Alan Woodward,  told Forbes, he "would not trust Telegram”.

Woodward said that one of the things that are not visible about Telegram is the amount of metadata it generates. This metadata reportedly includes logs of who talks to whom, for how long, and other “ancillary data that can easily track and identify users”. The encryption expert added that while WhatsApp does some of this too, Signal does not and that is why he “prefers” the latter.

Telegram has disputed Woodward’s claim about the fact that its encryption has not been “held up to public scrutiny” since it is homegrown. “Telegram's encryption protocol is fully documented and can be used with the open-source app code to prove both the implementation and integrity of Telegram's encryption. In addition to contests that drew the attention of security researchers, Telegram has an open bug bounty program with rewards ranging from $500 to $100,000 for those who report potential flaws,” a Telegram spokesperson said and added that  “no viable way of breaking the encryption currently used by Telegram has ever been found”.

Despite Telegram’s hard defence play, the use of Signal has reportedly spiked in Ukraine over the last few days. According to data shared by Cloudflare CEO Matthew Prince, while Telegram continues to be used in Ukraine, many users appear to be moving to Signal.

Pavel Durov also announced recently that some of Telegram’s channels “were increasingly becoming a source of unverified information and that he did not want the app to be used as a tool that may deepen conflicts”. The Durov brothers added that they might consider partly or fully restrict some of these problematic channels if “the situation in Ukraine escalates”.

Also Read: Apple joins Google, other tech firms to back Ukraine in its war with Russia

Also Read: Ukraine invasion: Apple, H&M, other companies that have shunned Russia market