Translated by

Telegram Messenger

Product
Developers: Telegram Messenger LLP
Date of the premiere of the system: 2014/07/21
Last Release Date: September, 2019
Branches: Internet services
Technology: IP telephony,  Office applications

Content

Telegram is the Russian free cross-platform messenger for smartphones and desktop computers. Software allows to exchange text messages and media files of different formats.

Audience

For the beginning of 2019 most of users of Telegram live in Iran, Malaysia and Uzbekistan.

Percentage of the total number of users for the beginning of 2019.
Percentage of the total number of users for the beginning of 2019.

Data encryption

Main article: Enciphering in Telegram

The only difference of the messenger from other analogs is the aspiration to resist to the Russian security services due to failure to provide encryption keys for access to correspondence of users.

2019

Edward Snowden does not recommend to officials to use WhatsApp and Telegram

On September 16, 2019 Edward Snowden warned the high-ranking officials against use of WhatsApp and Telegram. According to the former employee of the National Security Agency (NSA), these messengers are unsafe. Read more here.

Roskomnadzor distributed to operators the equipment for blocking of Telegram

In the middle of September, 2019 it became known that Roskomnadzor distributed to telecommunication operators the equipment for blocking of Telegram and other Internet resources banned in the Russian Federation. About it the Reuters agency was told two sources in a telecom.

According to one of them, will pass test in Tyumen on real users. According to the results of tests which will last until the end of September, 2019, it is going to understand how devices what failures are, etc. work.

The system of \"deep\" blocking Telegram will be tested on residents of Tyumen
The system of "deep" blocking Telegram will be tested on residents of Tyumen

The new equipment for blocking was made by "РДП.ру". 15% of this company belong to Rostelecom. In March, 2019 it was reported that the solution "РДП.ру" on blocking of the prohibited resources was recognized the most effective during laboratory experiment.

Representatives of telecom operators refused comments. Roskomnadzor did not respond to the request of the agency. In "РДП.ру" said that do not know where passes test.

Earlier in 2019 the head of Roskomnadzor Alexander Zharov in  an interview of RIA Novosti reported that Roskomnadzor works on  new instruments of complete blocking Telegram. He noted that he will be able to set the price and characteristics of the equipment in October.

By September of the 2019th the messenger is still available to users in spite of the fact that Roskomnadzor blocks Telegram  by a court decision because of failure of the messenger to transfer  encryption keys in FSB.

On November 1, 2019 will become effective the law on  "ensuring safe and  steady functioning" of the Internet  in the territory of Russia. The law obliges operators to install on  the networks technical means which will limit access to    the resources prohibited in the territory of the Russian Federation.  Their  number includes filtering system of traffic of DPI (Deep Packet Inspection). Probably will pass test of the equipment for blocking of resources in Tyumen within this law.[1]

Function of complete concealment of the phone number

On September 5, 2019 in Telegram there was an opportunity to hide the phone number. For gaining access to this function it is necessary to update the application to the latest version and to select from privacy settings who can see the phone number: anyone, only contacts or anybody.

Earlier when choosing an option "not show anybody my number", phone of the user remained is available to those who saved it in the contacts, regardless of privacy settings. Now it is possible to hide phone numbers completely.

In Telegram it is possible to hide the phone number now
In Telegram it is possible to hide the phone number now

The messenger released update against the background of concern of protesters in Hong Kong. Protesters who use group chats, consider that the authorities could use the general base of phones, add number to the list and find them in protest chats. And this defect was eliminated by developers of service. Though it was necessary to make it for a long time, the ex-director of the special directions of the Telegram messenger Anton Rosenberg considers.

«
Groups in Telegram are even more often used for communication of users who are exposed to oppression. We consider that all people have the right to express the opinion and to communicate in a private order, says Telegram.
»

Besides, the postponed sending messages was added to the updated application, it is more than animated emoji and also an opportunity to create own subjects of a design and to share them. Now it is possible to add up to 200 thousand participants to the public Telegram groups.[2]

Earlier it was announced development of Telegram of new privacy settings with the purpose to protect protesters in Hong Kong. So updating of the messenger will allow to prevent the authorities to define participants of group chats of the application. The founder of Telegram Pavel Durov also accused the Chinese authorities of DDoS attacks on the messenger during protests in Hong Kong.

Telegram issues to security officers of participants of meetings and protests

The Telegram messenger can issue to the third parties phone numbers of users without them on that consent. The gap in a security system of popular service was detected in the summer of 2019 by software developers from Hong Kong[3].

According to specialists, the hole detected by them can be used by the authorities and intelligence agencies for collecting of phone numbers of those who participate in meetings and actions a protest. The ZDNet resource writes that personal data of those who participate in protests in Hong Kong can be in this way calculated and coordinate the actions via Telegram.

How it works

Malefactors can circumvent privacy settings in the messenger in which it is possible to hide visibility of the phone number. It works even if to hide the phone number from all, including the contact list. To find out whether this or that person in protest groups and chats in Telegram consists, it is enough to third parties to add only to the address directory thousands of numbers then to be connected to necessary groups and to synchronize the contacts with the client of Telegram. After synchronization the messedzher will show at once which of owners of the added numbers consists in "unpopular" groups.

Possible de-anonymization of users of Telegram is of great importance for Hong Kong now. Through the whole country since the beginning of June, 2019 numerous protest actions against the bill of consideration of requests for extradition of suspects of the criminal offenses from the territory of Hong Kong given by the authorities of Macau, Taiwan and China take place. The document was taken cognizance, as induced residents of Hong Kong to express the discontent. Protesters organized a procession, constructed barricades and blocked off the traffic on large highways and roads. In the first day of a protest the bill was opposed by more than 240 thousand people that became the largest demonstration in Hong Kong for the last 20 years.

Built in circumventors of blocking of new type Telegram

In the Telegram messenger the possibility of masking of traffic under the HTTPS protocol appeared. Information on it appeared on the GitHub resource. For masking under HTTPS developers added a prefix of a secret of "ee" to the code of the client. Besides, in addition to encoding technique base16 an opportunity to cipher a secret in the proxy server address using base64[4] it was implemented[5].

In the protocol between the client Telegram and the proxy server added an additional layer of encapsulation over the TCP protocol. Thanks to it data are wrapped in the record TLS. Data transmission happens in HTTPS over this cryptographic protocol. Also emulation of TLS handshake at the beginning of work was added. Telegram already started proxy servers on Python and Erlang where masking is implemented.

In the beta of Telegram for iOS geochats appeared

On June 19, 2019 it became known that in the beta-version of Telegram for iOS geochats appeared. In them the people who are next to each other and integrated by common interests will be able to correspond.

Telegram geochats for iOS

Any user can create a geochat, it is necessary to specify its subject and radius of a geolocation — from 100 meters to 6 kilometers. History of a chat is available to all users, even the messages created before the specific user joined a conversation. The number of participants of a geochat is not limited.

Any user can find a specific geochat if it is near the place to which that is tied. In such chats there were "chekina" — tags which will demonstrate that the user appeared in the place tied to a geochat[6].

Durov suspects China of participation in failures in work of Telegram

On June 13, 2019 it became known that the founder of the Telegram messenger Pavel Durov suspects possible connection of China with failures in work of service. About it he noted on the Twitter. According to him, this country can be involved in carrying out the DDoS attacks on Telegram which became the reason of its time nonserviceability in June, 2019.

«
"All DDoS attacks of so serious scales (power of the attacks from 200 to 400 Gbps) which we recorded indicate participation of the state and coincide with protests in Hong Kong (their coordination is conducted in Telegram)",

'Pavel Durov, the founder of the Telegram messenger noted'
»

Earlier on official Twitter of service the message about possible interruptions in work in connection with the large hacker attack appeared. Representatives of Telegram assured that data of all users are in security.

Problems in work of Telegram began on June 11, 2019 and mentioned the whole world. According to the Downdetector resource, the instability in work of the messenger was observed in the USA, South America, a number of the countries of Europe, in the Middle East and also partially in the Pacific Rim. Most of users (95%) could not be connected to service, and sending messages did not work for 4%.

The card of failures Telegram on June 11, 2019 according to Downdetector

As of June 13, 2019 failures in Telegram are still observed in South America, certain American states and also in Kiev, St. Petersburg and Moscow. In global scales service managed to recover work.

Pavel Durov connected DDoS attack on the messenger with the protests which began in Hong Kong on June 9, 2019. Citizens of the country took to the streets, expressing a protest against the bill of consideration of requests for extradition of suspects of the criminal offenses from the territory of Hong Kong given by the authorities of Macau, Taiwan and China.

Pavel Durov suggested about communication of the attack on Telegram and protests in Hong Kong
Pavel Durov suggested about communication of the attack on Telegram and protests in Hong Kong

The document was taken cognizance, as induced residents of Hong Kong to express the discontent. Protesters organized a procession, constructed barricades and blocked off the traffic on large highways and roads.

By estimation of police, in the first day of a protest the bill was opposed by more than 240 thousand people. It became the largest demonstration in Hong Kong for the last 20 years. The protest action bore fruit: On June 12, 2019 it became known of transfer of consideration of the bill for an indefinite term.[7]

Others correspondence in Telegram can be purchased at the SIM card price

The female resident of Belarus detected in the Telegram messenger the dangerous vulnerability allowing to get access to all correspondence of the user without request of intelligence agencies and transfer of encryption keys. The revealed scheme works regardless of the country, and to fall a victim[8].

The defect of a security system of Telegram allows to purchase all history of correspondence of the user in a literal case at the SIM card price. According to the Onliner portal, the female resident of Belarus whose Telegram account was initially tied to the Belarusian phone number, moved to other country and purchased the new SIM card. The Telegram application was reinstalled, and the owner of an account re-registered it on new number. After obtaining all test messages in its smartphone there was a correspondence of the person absolutely unfamiliar to it, and her name and the photo in a profile were replaced with others.

How it is possible?

Gaining access to correspondence of other user became possible thanks to the fact that the phone number purchased by the Belarusian belonged earlier to this person who registered on it own Telegram account in due time and used service. Afterwards the telecom operator probably returned number to sale on an absence reason of activity of the previous owner (such practice exists also in Russia).

The incident can mean that any of users of Telegram which is positioned as one of the most protected messengers cannot be sure that its correspondence will not get into strange hands up to the end.

2018

In the list of the 20 most protected messengers according to Artezio

Artezio analysis department (enters into LANIT group) published on November 26, 2018 the list of 20 messengers capable to provide the high level of privacy. The rating was according to the results of complex testing of programs, at the same time the quality of data encryption and reliability of information security tools were key criteria when forming final expert evaluation, representatives of Artezio reported TAdviser. Telegram was at the third place of the list. Read more here.

De-anonymization of users of Telegram

On October 1, 2018 it became known that in the mobile client of the Telegram messenger serious vulnerability which under certain conditions can issue the IP addresses of users is revealed.

As researchers set, by default Telegram directs voice calls through P2P-connections. At the same time the IP address can be displaid in the console. However, not all versions of Telegram support the console, for example, it is not visible under Windows, but is quite available under Linux.

Leakage of the IP address of the user of Telegram of the version for PC based on Ubuntu Linux

Experts found out that if to redirect calls via servers of Telegram, the IP address will not be visible. But it will demand manual change of settings: Settings-> PrivateandSecurity-> VoiceCalls-> Peer-To-Peerна of Never or Nobody value, and at the same time will decrease quality of sounding a little.

Besides, it will be possible to disconnect calls through P2P easily in iOS and Android, and, for example, on the desktop version of Telegram under Windows it is impossible.

The expert in security known under the nickname Dhiraj, already earned from Telegram developers a reward in the amount of 2 thousand euros for detection of this problem.

Vulnerability received CVE-2018-17780 index. It is at the moment corrected in versions of Telegram for Desktop 1.3.17 beta and 1.4.0; now there was an opportunity to disconnect P2P-calls.

Telegram developers initially claimed that the problem with P2P-communications is neutralized by that circumstance that the option My Contacts limiting a possibility of viewing the IP address of the user with the list of its contacts is by default exposed.

However later it became clear that API Telegram contained an error which leads to the fact that within several hours after the next login P2P-connections remained open for all. According to the company, for October 1, 2018 this problem is corrected.[9]

Roskomnadzor is ready to unblock Telegram with the consent of FSB

Representatives of Roskomnadzor announced August at the end readiness to unblock Telegram if the Federal Security Service recognizes the changes made to privacy policy execution of requirements of the legislation of the Russian Federation. The TASS news agency reported about it.

"According to the decision of Tagansky district court of Moscow of April 13, 2018, access restriction in the territory of Russia to Internet resources which functioning is provided to Telegram Messenger Limited Partnership is performed before execution by the specified organizer of dissemination of information on the Internet of an obligation for providing in federal executive authority in the field of security of information necessary for decoding of the accepted, transferred, delivered and (or) processed electronic messages", - explained in the press service of RKN.

Thus the decision on a compliance with regulatory requirements will be made by FSB. In the presence of the positive solution Roskomnadzor is ready to begin an unblocking, noted in department.

Telegram promised to issue numbers and the IP addresses of terrorists

As it became known on August 28, 2018, the Telegram company published on the official site the updated privacy policy according to which the administration of the messenger undertakes to issue to law enforcement agencies information on users in the presence of the corresponding request.

As it appears from point 8.3 of the updated policy, Telegram can issue the IP address and the phone number of the person, but only in the presence of the relevant decision of the court proving participation of the user in terrorist activity.

Telegram can secretly read messages of users

Telegram, the popular messenger developed by Pavel Durov, the founder of social network "VKontakte" can monitor correspondence of users of "cloud" chats. Authors of Telegram-канала Mediatube came to such conclusion, having analyzed the mechanism of authorization of users[10].

At installation of the application on the new device, to the user the Sms comes with the five unit code of authorization. Besides, the same code is duplicated in a chat of office notifications. It can be seen on each device of the owner of an account Telegram. This code needs to be entered on the new device to begin to use the application.

Users noticed that if to copy the code of authorization or to enter it manually and to send to any chat, the code will lose the relevance and will not work in attempt to become authorized with its help on the new device. Cancellation of the code of authorization will happen even in case of sending the mixed message – it is possible to add to the code as is wished any signs, and it will not affect capability of Telegram in any way to isolate it from a character sequence. However when sending the code to a confidential chat this procedure of cancellation will not work.

Results of the made experiment can be the proof that correspondence of users is analyzed by a certain algorithm on server side, at least, at authorization implementation. This theory is spoken well by the fact that the code of authorization is not cancelled when sending to a confidential chat as messages in such chats are exposed to end-to-end enciphering, are not stored on the Telegram servers and are available only to the sender and the receiver.

It is possible to call this feature interesting approach to protection of an account against theft of codes of authorization and prevention of unauthorized access to it. Nevertheless, similar approach leaves a field for speculation and suspicions: whether reads Telegram and other messages of users?

RKN asked to change the Telegram code for receiving encryption keys

Prior to blocking of Telegram FSB and Roskomnadzor within a year tried to convince of Russia company management of Telegram to change architecture of the messenger and to provide keys for decoding of correspondence of users. As consider in departments, the company has for this purpose a technical capability. The representative of Roskomnadzor reported about it in June, 2018 during consideration of the complaint of representatives of Telegram to the decision of Tagansky district court on blocking of service in Russia.

«
"FSB and Roskomnadzor within a year made attempts to induce Telegram to change architecture of the messenger. We consider that the structure of any messenger can be changed for reduction according to the Russian law. Therefore we consider that Telegram has technical capability to provide keys for decoding", - the statement of the representative of supervising service gives TASS.
»

8 million IP addresses which were used by Telegram are unblocked

Roskomnadzor unblocked about 8 million IP addresses which enter subnets of Amazon and Online Sas. All of them were used by the Telegram messenger for a bypass of blocking earlier, Interfax writes.

Putin spoke against blocking of Telegram

On annual "Hotline with Vladimir Putin" the President of Russia, answering questions of the audience, commented on the situation which developed as a result of attempts of Roskomnadzor to block the Telegram messenger[11].

«
"I perfectly know about a situation around Telegram. But I on the place worry for safety of people. I worked in intelligence agencies and I know: the easiest to prohibit, more difficultly to find civilized methods of the solution. I will convince colleagues to go on this way" — the president told.
»

The same, according to him, treats a possibility of prohibition in Russia of YouTube and Instagram. Putin reported that Russia is not going to close popular social networks and Internet resources. According to him, law enforcement authorities should look for such methods of fight against terrorism which will not be to the detriment of freedom on the Internet. He intends to induce security officers not to limit this freedom. The president suggests to practice use of different tools, but not their blocking.

Telegram opened source codes of a proxy for a bypass of blocking

The Telegram company placed[12] on the GitHub portal the source code of the proxy server working under the MTProto protocol. The instruction for its setup is published[13] on Docker Hub. The protocol works only in the messenger and is not compatible to other[14].

Creation of own proxy server will require the computer with the set Docker and connection to network of the provider who is not blocking access to Internet resources. Port 443 should be free.

It is noted that one process of the proxy server supports tens of thousands of connections. For the purpose of performance improvement developers set restriction on processing of connections – up to 60 thousand on one core of the processor.

At the moment only users of Android devices can be connected to a MTProto-proxy. New MTProto-proxies do not work at clients of Telegram and Telegram of X on the IOS platform as Apple from the middle of April blocks updatings of the application of Telegram in App Store.

Apple prohibits to update Telegram for iPhone and iPad

The Apple company does not allow the Telegram messenger to update one and a half months its application in AppStore. Creators of the messenger reported about it on the project website in the section "Frequently asked questions" (FAQ)[15].

Answering a question of compliance of Telegram to "The general regulations on data protection" (GDPR) of the European Union, authors of the project reported that "users of Android received updating of GDPR in version 4.8.9, Apple globally blocks updates of Telegram for its IOS-APPLICATION from the middle of April".

Roskomnadzor demanded from Apple to delete Telegram from AppStore

Roskomnadzor sent to the company to Apple the letter with the requirement to stop distribution through App Store of the Telegram messenger and also mailing of its service push-notifications for the Russian users.

«
"In order to avoid possible actions of Roskomnadzor for violation of functioning of the services Apple, Inc stated above. we ask you to inform in the shortest possible time us on the further actions of the Company directed to the solution of these problematic issues", said in the letter (the spelling and a punctuation are saved).
»

The head of department Alexander Zharov added that Roskomnadzor will wait for the answer from Apple "within a month" as it is about "the company with high degree of bureaucracy", Interfax tells.

Roskomnadzor armed against Telegram with new technologies

The head of Roskomnadzor Alexander Zharov promised and to implement new technical solutions for blocking of Telegram in the territory of Russia from now on. As Zharov told journalists of Interfax on the sidelines of PIEF 2018, at the disposal of department there are already certain technical solutions ready to implementation[16].

About what solutions there is a speech, the head of Roskomnadzor did not specify, will not block however a subnet of any companies the regulator any more. Now Roskomnadzor "works pointwise" without harm for "respectable resources".

According to Zharov, a number of the companies already took the corresponding steps with the purpose to deprive of Telegram of an opportunity to bypass blocking. For example, Microsoft does not give to the messenger any more an opportunity to use a configuration file of the Microsoft Download service. Stopped providing Telegram the IP addresses to Google. Besides, concerning Telegram dialog with Amazon continues. Negotiations with the company go not so quickly as it would be desirable, and so far to speak about results early, but "we are people patient", Zharov noted.

Built in tools of a bypass of blocking of new type Telegram

On the page of localization of the Telegram application for Android OS in May, 2018 there were new lines of a text to be translated from English on other official languages of the application which demonstrate that in the nearest future in the popular messenger support of the proxy server (the service in the computer networks acting in a mediator role between the user and some resource in network) of new type under the name MTProto Proxy[17] will be implemented[18].

This solution is developed especially for ensuring functioning of Telegram in the conditions of blocking of the messenger by providers of communication services.

Advantage of a new solution over HTTP-and SOCKS5 proxy which support is implemented in stable releases of the messenger consists in higher performance and security.

Besides, servers on MTProto to providers will be much more difficult to be blocked.

Will lock Telegram in the Iranian state agencies

On April 18, 2018 it was announced Telegram prohibition in the Iranian state bodies after the Supreme leader of the country  ayatollah Ali Khamenei ceased to use this messenger for reasons of national security.

«
According to protection of national interests and for elimination of monopoly of Telegram the ayatollah Khamenei will stop the activity in this network, said in his last message in Telegram.
»

According to the news agency ISNA, the Iranian government employee prohibited to use Telegram. What measures will be taken in respect of violated this requirement, is not specified.

Public institutions of Iran prohibited the Telegram messenger
Public institutions of Iran prohibited the Telegram messenger

Ali Khamenei is an active user of social networks, even despite blocking of Twitter and Facebook in Iran. Its office constantly publishes photos and information from speeches of the leader. Users of Telegram after blocking are offered to read Hameneni's messages in the Soroush and Gap messengers of the Iranian development.

Telegram was already blocked in Iran — at the end of 2017 after a series of antigovernmental demonstrations. However two weeks later service resumed work.

To the middle of April, 2018 about 45 million inhabitants whereas all population of Iran makes 80 million people use the Telegram messenger. Telegram is popular in the countries of the Middle East and the former USSR, the Reuters agency notes.

The Iranian media in  Telegram channels for  several weeks  to the full Khamenei's offices suggested to use Telegram also to the subscribers different options where relevant news messages will be published. The Iranian news agencies and  television, however, still continue to use the Telegram messenger.

In April, 2018 the representative of the Supreme Court of Iran said that Telegram and other foreign messengers will be able to work in the country only if get permissions from the government and will store data of citizens within the country.[19]

Removal from App Store and Google Play

Roskomnadzor sent to shops App Store and Google Play the requirement to delete Telegram, reports on April 17 RBC with reference to representatives of the regulator. Shops should delete the application in "the shortest terms". Earlier Roskomnadzor also demanded to delete Telegram from the largest mirror of the APK Mirror applications. Telegram disappeared from the website apkpure.com where installation files of programs give all the best, and from forum 4pda the branch of discussion of Telegram was gone.

Durov will select "millions from personal funds for preserving of Telegram"

The creator of Telegram Pavel Durov declared determination to select millions of dollars from personal funds for grants for administrators of the proxy/VPN services helping to bypass blocking of the messenger. About it he wrote on the page VKontakte[20].

"Within Digital Resistance – the decentralized movement in protection of digital freedoms and progress – I began to pay bitcoin grants to administrators of proxy and vpn. Within this year I will be glad to offer millions of dollars of personal funds for these purposes" — Durov reported.

During hunting for Telegram of RKN blocked 19 million IP addresses, in tch Google, Amazon, Microsoft

The main article [[Censorship (control) on the Internet. Experience of Russia]

According to the head of Diphost, at the moment in connection with blocking of Telegram about 18 million IP addresses are entered in the register. In particular, under blocking the address pools belonging to cloud services of Amazon, Google, Microsoft, etc. got.

Roskomnadzor blocked subnets of OVH, Hetzner, Online.net, Microsoft and dr:

  • 18.236.0.0/15 - Amazon.com, Inc.
  • 54.64.0.0/13 - Amazon Technologies Inc.
  • 23.251.128.0/19 - Google LLC
  • 174.138.0.0/17 - DigitalOcean, LLC
  • 188.166.0.0/17 - Digital Ocean, Inc.
  • 159.203.0.0/16 - DigitalOcean, LLC
  • 128.199.0.0/16 - DigitalOcean Cloud
  • 159.65.0.0/16 - DigitalOcean, LLC
  • 52.32.0.0/16 - Amazon Technologies Inc.
  • 54.212.0.0/15 - Amazon.com, Inc.
  • 18.218.0.0/16 - Amazon Technologies Inc.
  • 13.230.0.0/15 - Amazon Data Services Japan
  • 35.176.0.0/15 - Amazon Data Services UK
  • 195.154.0.0/17 - Iliad Entreprises Customers
  • 51.136.0.0/15 - Microsoft Limited UK
  • 46.101.128.0/17 - Digital Ocean, Inc.
  • 185.166.212.0/23 - Clouding.io Virtual Machine Hosting
  • 178.63.0.0/16 - Hetzner Online GmbH
  • 51.15.0.0/16 - Online.net Dedicated Servers NL
  • 91.121.0.0/16 - OVH SAS
  • 18.204.0.0/14 - Amazon Technologies Inc.


On April 21-22 Roskomnadzor blocked several IP addresses of Google, follows from the unofficial copy of unloading of the register which Roskomnadzor transfers to telecom operators for blocking of the websites. Access is limited to IP addresses 74.125.131.101 and 64.233.165.106. According to ipinfo.io service, they belong to Google. According to the CEO of Diphost provider Philippa Culina, all about 60 IP addresses of the website google.com are blocked. Failure in work of the Google search engine is observed on April 22 in several cities of Russia as data of the Downdetector service monitoring work of popular Internet resources testify. Problems in work of the searcher began approximately per hour nights across Moscow. The website of the searcher did not open at 69% of users, another 30% reported that they cannot log in the accounts.


By noon on April 17 in unloading of the black list of Roskomnadzor controlling blocking by telecom operators of resources with illegal content, the quantity of the blocked IP addresses exceeded 4,500,000. From them one million is represented by the blocked subnets of the Amazon company (52.58.0.0/15, 18.196.0.0/15, 18.194.0.0/15 and 35.156.0.0/14 were entered in the register in one step, later in the register was are in addition entered subnets 18.184.0.0/15 and 54.160.0.0/12) providing a cloud service of AWS, and more than one and a half million — Google company and Alphabet holding (a subnet 35.192.0.0/12 and 35.184.0.0/13, a bit later - 35.224.0.0/12).

For one day on April 16, 2018 Roskomnadzor blocked in Russia about 0.04% of all IP addresses of space of IPv4 (totally 2 ³ ² the addresses). For the second — as much again.

As a result of these actions less, than for two days since the beginning of blocking Telegram, partial and time unavailability were tested by such large companies as Microsoft (Xbox), including pages with officially extended software of the company (http://software-download.microsoft.com/), Evernote popular and the Viber messenger observing the legislation on transfer of encryption keys, school of English SkyEng, service of a courier delivery Birdie, a payment service of Cloudpayments both numerous proxy and VPN servers and services. Also it was announced failures in work of banks from top-20, private clinics, gateways 3-D Secure.

According to the head of supervisory authority Alexander Zharov 'there is a fight of armor and a shell', resulted in unavailability not only providers of communication and a hosting services, but also legitimate services and products of the numerous companies, both Russian, and foreign.

Qrator Labs notifies on need of condition monitoring of own services and possible hit of the used IP addresses in the blocked subnets — technical solution of this problem, except as changes of the used IP address, does not exist. In a situation of further blocking of subnets of large providers the problem can start 'domino effect' and affect the services which are indirectly connected with the blocked subnets. In case of hit in blocking of subnets of such services as GitHub, GitLab, DigitalOcean and many others will be broken infrastructure of open-source of modules, the applications and expansions used by developers during creation of own systems and applications.

Telegram bypassed blocking in Russia by a new method which cannot be prohibited

Initially Telegram bypassed blocking of Telegram in Russia using the IP addresses of Amazon company, however Roskomnadzor blocked more than half a million from them in advance to prevent work of service for the sake of performance of the Russian legislation. Nevertheless, the administration of the messenger found a way out of current situation. Now to make blocking of the separate addresses IP it is simply useless because service will still continue to work[21].

In the Telegram application for all platforms it is embedded service dense forests of DC_Update which serves for updating of the address of data center, from which communication is performed. In normal time it is used for stability augmentation and acceleration of sending / obtaining messages, however it can be used also for a bypass of blocking that the administration of the messenger decided to make. Earlier nobody ever used such method.

The system of dense forests DC_Update works so that the request comes not from the Telegram server which in Russia is blocked, and with the server of Apple, Google and Microsoft. Every time when dense forests is updated, and it occurs constantly, the application can is reserved to receive the addresses of new servers of the messenger from all. To block this alternate path Roskomnadzor should block tens of millions of IP addresses that will lead to complete isolation of all Russian Internet from world.

Even if suddenly by some miracle Roskomnadzor will be able to learn the addresses IP which Google, Apple and Microsoft using DC_Update address, then it all the same will not begin to block them because all third-party applications, including WhatsApp, Viber and other in that case will correctly cease to work. The web version of a messedzher of Telegram does not use given dense forests because of restrictions therefore it forever and will remain blocked.

The court decided to block immediately Telegram in Russia

Tagansky district court of the city of Moscow decided to limit access to Telegram service in the territory of Russia. It was said by the judge Yulia Smolina, the correspondent of RBC from a meeting tells[22].

The court also satisfied the petition of Roskomnadzor for immediate effect of the decision on blocking of the messenger. Now Roskomnadzor should direct court's decision to telecom operators with indication of about need of taking measures to access restriction to service. Domain names of telegram.org, web.telegram.org, t.me and the IP address of the Telegram servers can be entered in the register of the blocked pages. After that providers will have to limit access to messenger resources within a day from the moment of updating of the register (it is updated daily at 9 a.m. and 9 p.m. Moscow time).

The businessman and the programmer Pavel Durov published for users of "Telegram" the detailed instruction how to continue to stay in touch in the popular application. According to him, the messenger he will use the built-in methods of a bypass of blocking which are not demanding actions from users, however does not guarantee availability of service without use of VPN.

Tagansky Court of Moscow made the decision on blocking of Telegram in the territory of the Russian Federation. What should be meant to users:

  • Telegram will use the built-in methods of a bypass of blocking which do not demand actions from users, however 100% availability of service without VPN is not guaranteed.
  • During the first hours blocking third-party VPN/Proxy-services can be overloaded and will slowly work with high probability.
  • Irrespective of existence of blocking, Telegram will save an opportunity on a centralized basis to send notices to all Russian users, informing on development of the situation.

Important: do not delete and do not reinstall Telegram at emergence of problems with communication. Try to download timely updates of Telegram in AppStore or Google Play.

Anyone can edit others entries in Telegram

The researcher of security famous in the IT blog Habrahabr under the alias w9w told[23] about the vulnerabilities in the Telegram messenger detected by it[24].

During the research conducted by the author it became clear that links of a type t.me, usual for users of Telegram, can conduct on phishing sites, actually not such and private, and articles in Telegraph, the publishing service which is closely integrated with Telegram anyone can edit private chats.

Editing someone else's messages

Vulnerability affects the publishing service Telegraph developed by Pavel Durov and a command of the Telegram messenger in 2016. Having analyzed, the HTTP request sent for the Telegraph servers the author came to a conclusion that for editing any article the malefactor needs to know only its unique identifier which can be found directly in the HTML-code of the page with this article.

As a rule, protection against the similar attacks comes down to reconciliation of a token (an accidental set of bytes) generated by the server with the sent user when following the link or clicking the button. In case of mismatch of server and client tokens, the server refuses to the user accomplishment of the requested transaction. According to the author of a research, in a case with Telegraph this approach, as well as different ways of protection, is not applied.

Private chats it is in danger

It was succeeded detect one of vulnerabilities in the course of testing of the third-party resource interacting with the domain t.me which belongs to Telegram and is used for creation of short public links to accounts of users, channels and groups in the messenger. The website offered paid councils for investments into cryptocurrencies, and Telegram bot acted as one of channels of obtaining similar information. Bot could be connected, having followed the link of a type t.me/Another_bot?start=CODE where CODE is the confidential character sequence connected with the user account on the website. Having decided to check "sensitive" data in URL (the uniform pointer of a resource on the Internet) on the indexation fact search systems, the researcher detected the first of three vulnerabilities in Telegram.

Having created so-called "дорк" (Google Dork Query is the special request to the search system allowing to find the public information hidden from public eyes) the following type: site: t.me inurl: Another_bot? start=, the author of a research detected publicly available personal code of the casual paid subscriber of that resource about cryptocurrencies. From this the conclusion was drawn that on t.me there is no prohibition on indexation of confidential data. The reason of this misunderstanding the author is called lack of the robots.txt file in the root directory of the resource connected with the domain t.me. This file is used by webmasters for a task of parameters of indexing of the website. For example, by means of this file it is possible to prohibit search robots to index certain sections of a web resource, thus having completely excluded their emergence in search issue.

2017

Because of threat of blocking of Telegram became the most fast-growing messenger

From May to December, 2017 the interest of users in the Telegram messenger showed the highest growth in comparison with other similar services, popular in Russia, according to ​SimilarWeb research company, [25] prepared at the request of RBC[26].

If in May Telegram from Google Play (in nine months 2017 Android share in a segment of smartphones in Russia made 88%) was downloaded by 833.2 thousand times, then in November more than 1.682 million installations are recorded already: from May 1 to December 1 growth of number of downloadings was 168%. For this period also the share of active users of the messenger (it is considered as a share of users of the application in day from the total number of all users of the devices working on the Android operating system in Russia) — from 3.17 to 5.51% almost doubled that allowed to overtake on this indicator, for example, Skype (3.9% in November).

For comparison, WhatsApp, the application, most popular in Russia, for communication, in May downloaded 2.7 million times, in November — 3.8 million (the active audience for the same time increased from 29.97 to 33.27%).

The increased popularity of Telegram for the last months in Russia is confirmed also by the ratings of App Annie on downloadings. From October to December, 2017 Telegram was included in top-3 applications for communication both into App Store, and into Google Play, and in June and November kept on the first lines on downloadings among all App Store applications. ​

Payment functionality

Telegram developers started function of online payments Bot Payments in the messenger. Function is intended for creators of bots which will be able to accept payments from the clients from the different countries of the world now.

"If you set Telegram 4.0 or more new version, you can order goods or services through offering them bots. When you click Pay, it will be offered to you to enter data of the bank card, to fill out information on delivery and to confirm payment. And you receive ordered" — developers write. At the same time if the account of the user of Telegramzashchishchen two-stage authorization (confirmation on SMS and password entry).

These cards can be saved for future purchases. Thus, next time the procedure of the order through bots will be simpler. As Telegram is the open platform, developers specified that creators of bots can use necessary API and accept payments without preliminary reconciliation procedure.

The platform for money transfers will allow users to make purchases through bots in the messenger. Bots will have a special button for the order and payment of goods and services.

For payment the client of a bot will need to enter data of the bank card and to confirm payment. The card will be linked at the same time to bots at which the user already shopped.

In the text it is reported that the payment will go directly from the client to the developer of a bot, passing Telegram. The messenger will not charge any fee from transactions. Besides, service will not accept the complaint and the requirement to return money to users as will not store data of bank cards.

The majority of payments will be made through the Stripe payment system which is not developed in Russia yet. However in the description it is emphasized that the platform is open for payment systems and from other countries.

Beta with function of voice calls

On March 13, 2017 the Telegram Messenger company announced release of the beta of the Telegram messenger in which function of voice calls became available. The complete functionality of service is still unavailable and terms of its start are unknown.

With reference to the Telegram News group in social network, mass media reported existence of the mode of enciphering of voice calls in the end-to-end mode and availability only of personal calls. Functions of shutdown of the microphone and inclusion of a public address system are available, an opportunity to apply personal permissions to calls (for example, only to the users specified in contacts)[27].

Function of shutdown of calls "Disconnected Calls" is available. Will be presumably ringing also on the official application of the messenger for desktop OS - Telegram Desktop.

The functionality is finally not approved and some functions can be unavailable. The possibility of calls is called "the main updating of year", but the period of start of the full-function mode is not commented by none of authorities.

Official comments of developers of the Telegram messenger for March 13, 2017 are unknown.

For March 13, 2017 the operating stable release of the messenger for Android 3.17. For iOS - 3.16.1.

2016: As Telegram works: overview of technologies

As a part of global service are used a proprietary server part with the closed code and several clients open source, including under the license GNU GPL.

Application window screenshot on the PC, (2015)
Application window screenshot on the PC, (2015)

Accounts of users become attached to phone numbers. At registration in service and the subsequent authorization of devices, an inspection of the phone number by means of Sms with the code or a telephone call is carried out.

Application window screenshot on the mobile device, (2016)
Application window screenshot on the mobile device, (2016)

For security the message of the messenger the MTProto protocol is created. He assumes use of several protocols of enciphering. At authorization and authentication algorithms RSA-2048, DH-2048 for enciphering are used, at transmission of messages of the protocol in network they are ciphered by AES with a key, to the famous client and the server. Are used also cryptographic a hash algorithms of SHA-1 and MD5.

Protection against interception of the sent messages from server side of Telegram is provided in the mode of "confidential" chats (Secret Chats) (it is available since October 8, 2013). In this mode enciphering at which only the sender and the receiver have the general key (end-to-end enciphering), using algorithm AES-256 in the IGE mode (engl. Infinite Garble Extension) for the sent messages is executed. Messages in confidential chats will not be decoded by the server, and the history of correspondence remains only on two devices, initiators of creation of a chat.

At file sharing it is possible to send files from the device, to look for media content on the Internet if mobile version for iOS or Android is used. The size of the transferred files is limited to 1.5 GB.

The program uses the system of continuation of file transfer in case of communication break.

Through special API third-party developers can create "bots", the special accounts managed by programs. Typical bots answer commands in personal and group chats, can execute search on the Internet, other tasks, are applied in the entertaining purposes or in business.

You watch also (messengers)




The systems of instant messages with users of the website


Local



Notes

  1. Russia will check instruments to block Telegram in Tyumen - sources
  2. Scheduled Messages, Reminders, Custom Cloud Themes and More Privacy
  3. Telegram issues to security officers of participants of meetings and protests
  4. [http://www.cnews.ru/news/top/2019-08-13_telegram_nauchilsya_maskirovat_trafik_pod_populyarnyj In Telegram
  5. built in circumventors of blocking of new type]
  6. In the beta-version of Telegram appeared the geochats tied to the geographic location
  7. Chinese thought up an effective method of fight against Telegram
  8. each user of service Others correspondence in Telegram can be purchased at the SIM card price
  9. It is proved: Telegram was not anonymous
  10. of the Telegram messenger can secretly read messages of users
  11. Putin spoke against blocking of Telegram
  12. TelegramMessenger/MTProxy
  13. by telegrammessenger/proxy
  14. Telegram services opened source codes of a proxy for a bypass of blocking
  15. of Apple prohibits to update Telegram for iPhone and iPad
  16. [1]
  17. [http://www.cnews.ru/news/top/2018-05-16_v_telegram_poyavitsya_podderzhka_proksiserverov In Telegram
  18. built in tools of a bypass of blocking of new type]
  19. Iran bans state bodies from using Telegram app, Khamenei shuts account
  20. Pavel Durov to VK
  21. with Telegram bypassed blocking in Russia by a new method which cannot be prohibited
  22. Court decided to block immediately Telegram in Russia
  23. [http://www.cnews.ru/news/top/2018-03-30_v_telegram_obnaruzhili_kriticheskie_uyazvimosti Others entries in Telegram
  24. anyone can edit]
  25. [https://www.rbc.ru/technology_and_media/19/12/2017/5a37ca449a794754b1c07cd9 Telegram
  26. Because of threat of blocking became the most fast-growing messenger]
  27. "Be going to delete WhatsApp and Viber": in Telegram voice calls appeared