| Developers: | Telegram Messenger LLP |
| Date of the premiere of the system: | 2013/08/14 |
| Last Release Date: | 2022/07/31 |
| Branches: | Internet services |
| Technology: | IP Telephony, Office Applications |
Main article: Instant Messenger (IM)
Telegram is a Russian free cross-platform messenger for smartphones and desktop computers. The software allows you to exchange text messages and media files of different formats.
Telegram in Russia
Main article: Telegram in Russia
Audience
2024:70% of the population of Uzbekistan uses Telegram
More than 70% of the population of Uzbekistan uses Telegram. The creator of the messenger Pavel Durov announced this on June 30, 2024.
 | Uzbekistan loves Telegram: over 70% of the country's 37 million people use Telegram, and their entire economy is managed using our platform - every business in the country has a bot or channel in the messenger. We are proud of such high popularity, - wrote Durov. |  |
The founder of Telegram also spoke about his trip to Uzbekistan. He noted that he met many "young and talented people" in this country, and stressed that he was amazed by the modern infrastructure of "rapidly developing Tashkent." Durov published photographs of the landscapes of Uzbekistan, which he managed to admire while traveling around the country. He met with the President of the Central Asian Confederation of MMA Otabek Umarov.
| | It was a great honor for us to receive Paul and his loved ones in the hospitable land of Uzbekistan. It is infinitely pleasant to make sure from personal experience that they are all not only professionals of the highest level, but also wonderful people with a soul open to the world, "Umarov said. | |
It is noted that Telegram is more than just a messenger for Uzbek people. According to Umarov, with the help of this platform, residents of the country not only maintain contact with loved ones, but also follow the news, manage work processes, find the necessary goods and services.
Earlier, Durov said that users in Uzbekistan had the opportunity to publish stories on Telegram for free, without a Premium subscription. In April 2024, it became known that Telegram's share in the structure of mobile traffic had quadrupled in two years and approached 10%. Durov expects that in the future the number of messenger users will exceed 1 billion.[1]
2022: 5-Year Market Share Increase from 5% to 31%
2019: Countries leading the way in messenger use
At the beginning of 2019, most Telegram users live in Iran, Malaysia and Uzbekistan.
2018: Daily and Monthly Audience
2016: App audience - 100 million users
Telegram reached 100 million users per month in February 2016[2].
Data encryption
Main article: Encryption in Telegram
The only difference between the messenger and other analogues is the desire to resist the Russian security services by refusing to provide encryption keys to access user correspondence.
2024
Telegram has updated its privacy policy and will now disclose IP and phones at the request of the authorities
Telegram has updated its privacy policy and will now disclose IP and phones at the request of the authorities. The founder of the service Pavel Durov announced this on September 23, 2024.
According to him, the phone numbers and IP addresses of Telegram users who violate the rules of the platform can be transferred to the relevant authorities "in response to reasonable legal requests."
| | These measures should scare away criminals. Telegram search is designed to find friends and get news, and not to promote illegal goods, "Durov wrote in his Telegram channel. | |
He stated that "searching Telegram is more powerful than other messaging applications," as it allows you to find public channels and bots. This function was abused by sellers of illegal goods. Now, according to the founder of the messenger, the search has become safer, problematic content is no longer available.
On the messenger's website, in the Telegram Privacy Policy section, a new item was added under the number 8.3 "Law enforcement agencies," where it says that "if Telegram receives an official request from the competent judicial authorities, which confirms that you are a suspect in a criminal case of unlawful acts, violating the Telegram user agreement, we will conduct a legal analysis of the request and can provide your IP address and phone number to the relevant authorities. "
| | If any data is provided, we will reflect this in the report, which is updated every three months in the official channel, the rules add. | |
Telegram updated its privacy policy a month after Durov was detained in Paris and charged. Among them - complicity in the activities of an organized group in managing an online platform for illegal transactions, refusal to provide information or documents at the request of authorized authorities, money laundering, etc.[3]
A plan to create tools to combat cryptocurrency fraud
Telegram management is developing functionality that will protect users from cyber fraud, in particular related to the topic of cryptocurrencies. This was announced on July 22, 2024 by the press service of Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications, with reference to the co-founder of the messenger Pavel Durov.
| | Telegram will soon begin displaying the month of registration and the main country of public accounts, he said. With greater transparency and decentralization, Telegram users learn more about the possibilities and dangers of this world. | |
In addition, Telegram has made monetization available to the Russian channel owners. Now they will be able to receive 50% of the income from. advertizing
| | There are, of course, objective reasons for this. In the spring of 2024, the monthly number of messages in Russian in the messenger reached 1.2 billion, the year-on-year growth was almost 70%. In a fairly short time, Telegram became the leader in the volume of published content among social platforms in Russia. Interest in the site from the attackers is quite expected, - said the deputy. | |
| | Due to the fact that most of the active audience of Telegram are young people, the share of fraudulent projects in the field of cryptocurrency is indeed very high. Most often, fraudsters offer users to invest in cryptocurrencies, promising instant high earnings. To do this, separate public channels and bots are created, where fake reviews of allegedly "satisfied customers" are posted, and educational content is also contained, which step by step tells how exactly the user will be able to earn money. Despite the fact that the moderators of the platform quickly mark such projects as fraudulent, attackers simply create new channels and continue to successfully mislead hundreds of people, the deputy said. | |
| | One of the main signs of a fraudulent project is a relatively newly created page. Often, in their scenarios, attackers appeal to the presence of tremendous experience in the field of the same investments. Of course, if the user sees that the channel is only a month old, then this will make him doubt the honesty of the project, the deputy believes. | |
| | The danger of phishing is that it can mimic projects from a variety of fields. It is also extremely important to provide for preventive control tools, since the problem, according to experts, will only worsen in the future, the deputy emphasized. | |
Launch virtual currency to pay for digital products inside the messenger
On June 6, 2024, Telegram announced the launch of an internal virtual currency called "Stars." With its help, you can purchase digital services in the mini-applications of the messenger.
It is noted that every month more than 400 million users interact with bots and mini-applications in Telegram - they purchase goods, play games, gain access to a variety of services, etc. "Stars" will allow you to pay for digital goods and services in the messenger ecosystem. The virtual currency itself can be purchased through the built-in shopping platform at Apple and Google stores or using the PremiumBot bot.
"Stars," according to the creators of Telegram, open developers in the messenger ecosystem and their users "unprecedented access to purchases inside mobile applications from official stores." At the same time, the new currency meets the requirements of Apple and Google for the sale of digital goods.
It is expected that the appearance of "Stars" will allow new types of business to reach more than 900 million potential customers. In the future, it is planned to expand the functionality associated with the use of local currency. For example, users will be able to send gifts to content creators. And developers will be able to display "Stars" collected by bots in Toncoin using the Fragment platform. Apple and Google will charge a 30% commission on the purchase of Stars. However, Telegram intends to subsidize advertising purchased using virtual currency. However, the rules for the sale of physical goods and services have not changed - they can still be purchased using any of the supported payment systems.
| | For many years, with the help of bots and gadgets in Telegram, you can sell physical goods and accept payments from all over the world. We have updated the platform for creating bots - now it also supports payment for digital goods, - say the creators of the messenger.[4] | |
The EU has created a body to oversee the work of Telegram
In early May 2024, it became known about the creation of a body in the European Union to oversee the work of Telegram. The Belgian Institute of Postal Services and Telecommunications (BIPT) will control the activities of the messenger. Read more here.
Telegram developers error for Windows allowed Python programs to be executed
Details of a dangerous vulnerability in the Telegram Windows client, which allowed executing programs on, have become known. Python The vulnerability provided the ability to form a Python extension for Telegram so that when you click on it, a program with the.pyzw extension in runs. operating system Windows However, for such an attack to work, you need the Python interpreter to be installed and correctly configured in Windows itself.
According to information security specialist Hieu Min Ngo, the error that led to the vulnerability is due to the fact that the Telegram developers incorrectly indicated the extension for the Python module in the form of a zip archive -.pywz. The logic of executing files with unknown extensions is simple for Telegram for Windows - they are transferred to the operating system, which itself determines the program for processing the corresponding file. As a result, files with the.pyzw extension instead of executing in the context of Telegram itself as extension modules were sent to the operating system, which launched the Python interpreter on behalf of Telegram.
.png)
The first error warnings were accompanied by a video with the launch of the calculator when you click on an unknown file in the Telegram interface and panic recommendations for disabling the automatic download of media files. These messages were so vague that experts perceived them as fake and discussed the details for a long time. For example, the Telegram Security Team responded to user requests as follows:
{{quote 'Good afternoon. We cannot confirm the existence of this vulnerability. The authors of the find could not provide any information that would allow reproducing such behavior. The video recording referred to in the channels is probably fabricated.
Telegram Team}}
.jpg)
However, in a week, the world information security community figured out the reason for the problems that arose, and Telegram released an update, where the extension of executable zip archives using Python was indicated correctly. Now such programs are executed as components of the extension of Telegram itself with all the necessary control rules, and they are not transferred to the operating system for processing.
RuTerminal Quotation Availability
SoftWell, a developer of banking software for trading, risk control and treasury, continues to develop the functionality of the RuTerminal trading platform. SoftWell announced this on February 6, 2024. All users of the platform have become available to receive current market data through the Telegram application. Read more here.
2023
Integration with RuTerminal platform
Company SoftWell integrated trading platform RuTerminal messenger with Telegram. The company announced this on December 25, 2023. This will allow terminal users to receive notifications about messages and calls from counterparties through the messenger at any time. Such an opportunity will be most convenient for those traders who cannot always be at, but computer do not want to miss important deals. Access to the bot will be provided on request - banks platform users. More. here
Telegram has a tool that changes voices during calls
On December 11, 2023, the developers of the free voice change program Voicemod announced the release of VMgram fashion for the Telegram messenger. An artificial intelligence-based tool allows you to change your voice directly during calls or when recording voice messages. Read more here.
Fake copies of Telegram with a built-in virus hit the official Google and Samsung app stores. They are downloaded by users around the world
On August 30, 2023, Eset, a company specializing in information security issues, announced that fake Telegram and Signal applications with built-in spyware are distributed through the official Google Play and Samsung Galaxy Stores, as well as specialized websites. Dangerous programs were downloaded by thousands of users around the world. Read more here.
Ability to use the TON crypto wallet
All users of the Telegram messenger from November 2023 will be able to use the TON (Telegram Open Network) crypto wallet through the messenger settings. This was announced on September 18, 2023 by the press service of the State Duma deputy RFAnton Nemkin. Read more here.
Iraq blocked Telegram over national security concerns
On August 6, 2023, Iraq's Ministry of Communications blocked Telegram's instant messaging system. This is said to be for "national security reasons" and to preserve the integrity of personal data in the country. Read more here.
2022
Telegram recorded the growth of the market for criminal cyber services
Positive Technologies specialists analyzed publications on cybercriminal topics in Telegram channels and chats. The study showed that most of the messages in the messenger are devoted to compromising user data, including buying and selling them. Experts recorded a record number of messages on hacker topics in the second quarter of 2022. This was announced by Positive Technologies on October 11, 2022. Read more here.
Start selected links
On August 31, 2022, it became known that messenger Telegram it had launched support for links such as username.t.me. This is part of the big changes announced. Pavel Durov
Now each user will be able to use public links like tginfo.t.me (works in the messenger) or cossaru.t.me.
The fundamental difference from links of the form t.me/username is only that the address of the personal profile, group or open channel is located at the beginning of the short link.
Selected links such as cossaru.t.me already work in all browsers.[5]
Beta version of the ability to partially or completely block voice messages in the Android app
The Telegram messenger has the ability to partially or completely block voice messages. So far, the innovation is available only in the beta version of the Telegram application for Android. This became known on July 15, 2022.
The timing of this function in the beta version of the Telegram iOS application has not been set. There is also no data when developers will open access to it to ordinary users.
Telegram has integrated a fairly flexible system for configuring voice message blocking. You can allow all interlocutors or those who are on the contact list to send them. The messenger also allows you to create a personal "black list." For example, if one of the interlocutors turned the entire chat into a collection of voice messages, you can deprive him of such an opportunity in two clicks.
You can also create a "white list." To do this, it is enough to prohibit sending voice messages for all but selected users.
Not all Telegram users will be able to appreciate all the advantages of freedom from voice messages. The right to use this function costs 300 rubles. per month.
In this amount, the Telegram developers estimate the monthly subscription to the premium capabilities of the messenger, although at first they stated that they would never take money from users.
Voice messages themselves appeared in instant messengers relatively recently, much later than audio and video calls. This method of communication is very convenient for the sender, since it eliminates the need to type on a virtual keyboard. This allows you to talk messages, for example, while driving, so as not to be distracted from the road.
The recipient, on the contrary, can experience a lot of inconvenience when interacting with voice messages. Listening to them is not always possible - they can come, for example, during a lecture or at the height of the working day. In addition, not everyone uses headphones, but few people want others to hear the contents of such a message[6].
Launch a paid subscription
On June 19, 2022, the Telegram team announced the launch of a paid subscription - Telegram Premium. With its help, messenger users will be able to support the further development of Telegram and access additional functions. In turn, this will allow developers to add all the resource-intensive functions that users asked for and save free access to the messenger.
As reported, after registering a Telegram Premium subscription, almost all limits in the application are doubled. Subscribers will be able to download files up to 4 GB, download files at maximum speed, send unique stickers and reactions, use additional management tools chats - and will receive many other features.
At the same time , all existing functions remain free for everyone. Moreover, even those who do not have Telegram Premium will be able to get some of the features available to subscription holders. For example, all users can download very large files and view stickers sent by subscribers, as well as join previously added reactions to a message, increasing the counter next to them. Below are details about the added capabilities of Telegram.
Download files up to 4 GB into the application
All users have access to free download of photos, videos and other files up to 2 GB each and unlimited space cloudy storage on Telegram. With the Telegram Premium subscription, the maximum size of the downloaded file will increase to 4 GB - which is 4 hours of video with a resolution of 1080p or 18 days of audio in proper quality. All Telegram users will be able to download larger files, regardless of the availability of a subscription.
Faster download
Subscribers can download photos, videos and documents at maximum speed without restrictions. The download speed of any files now depends only on the Internet connection.
Half as many restrictions
For users with a subscription, almost all limits in the application have been doubled. For June 2022 , up to 1000 channel subscriptions can be issued with Telegram Premium; create up to 20 folders, each of which will fit up to 200 chats; connect the fourth account in the application; pin down up to 10 chats on the main list and keep up to 10 selected stickers.
In the "About yourself" section , you can leave a longer description, as well as use any links. In addition, the subscription allows you to add a longer caption to a photo or video. And when there are 400 selected GIF animations in stock. Finally, Telegram Premium owners can simultaneously use up to 20 short public links like t.me for their groups and channels.
Voice Message Recognition
If the user has no time (or does not want to) listen to a voice message, you can simply click on the decryption button next to him to get a text version. By evaluating the decryption, you can optimize the quality of recognition.
Stickers
Dozens of stickers have become even more spectacular thanks to full-screen animations. By sending such stickers, subscribers can express their emotions in any chat: animation is played for all users. Telegram artists will replenish the collection monthly. It is easy to find exclusive stickers from the user's sets: they are all grouped on the sticker panel separately, under "Recent."
Reactions
Telegram Premium owners have more ways to respond to messages: more than 10 additional emoji are available to them.
More Chat Management
Telegram Premium opens access to updated tools to keep order in the list of chats. Now you can make any folder a default folder - so the application will always open, for example, in the "Work" or "Unread" folder instead of "All chats." To set the default folder, you need to hold down the name of any folder in the chat list > select "Change Order" > and move it to the first place in the list. In addition, by selecting the appropriate setting in the "Privacy" section, subscribers will be able to automatically put chats in the archive and turn off notifications about them - so that even the longest lists of chats always remain in order.
Always active video avatars
Subscribers' video avatars will be played to all users in all sections of the application, including chat lists and chats themselves. Looping animation is a way to demonstrate an image or make a creative statement.
Subscriber icon
A special icon will be displayed next to the name of each subscriber in the chat list, top chat panel and group member list , symbolizing the contribution to Telegram support and membership in the club of privileged users who are the first to access exclusive functions.
Application icons
A set of special icons for the Telegram application has been created on the main screen of the phone. You can choose the one that best reflects preferences or fits the wallpaper color. The set for subscribers includes a star - the Telegram Premium symbol, the night sky and a jet paper plane.
Disabling ads
In some countries, messages may appear in public channels with a large number of subscribers, which advertisers post through the official Telegram platform. These minimalist ads help Telegram cover running costs while maintaining complete user privacy. For Telegram Premium subscription holders, they will be hidden.
The contribution of subscribers helps not only to pay additional costs associated with the provision of Premium functions, but also makes it possible for everyone to use Telegram for free.
Updated capabilities for all users
In the future, other features will be available to Telegram Premium subscription holders. However, the updated features will continue to open up to all users. This update is no exception: users are waiting for applications for joining public groups, an animated screen for downloading files from third-party applications, more informative descriptions of bots and much more.
Applications to join public groups
Public group administrators can now enable application entry mode - and check prospective members before allowing them to send messages to the chat. When the user first enters the group, he will see the "Apply" button. The submitted application will be included in a list that only administrators see.
Administrators can also write to future members in person to talk about the rules of the group, understand whether the group and the user are suitable for each other, or even conduct an exam on knowledge of the rules of cultural communication on the Internet. At the same time, Telegram notifies the user that the group administrator has contacted him.
Public group owners can enable application entry under Group information > Edit > Group type > Who can send messages? > Select Members Only > and include Membership Requests.
Confirmed Chat Account Icon
Public persons and organizations can confirm the authenticity of their group, channel or bot. In this case, a special icon appears next to the name, signaling to users that they are receiving information from a confirmed source. Now the icon is displayed not only in profiles, search results and chat list, but also at the top of the chat. Thanks to this, distinguishing genuine sources of information has become even easier. If the user already has confirmed accounts on at least two social networks, you can send an application for verification of your group, channel or bot.
Changes for bots
Telegram bots are able to conduct quizzes and tests, accept payments - and are even able to replace entire sites. Developers can now post a photo or video in the "What can this bot do?" Section to clearly demonstrate the purpose or capabilities of their bot.
Bots added to the attachment menu used to connect only to personal chats, and can now be modified to work in groups and channels.
The Bot API is a free platform available to everyone.
Updated preview of Android chats
In this update, the developers have added a more convenient preview of chats, like owners of devices on the iOS platform. Now in this mode you can view the entire chat by flipping through messages - without them being marked as read. In addition, buttons have appeared that allow you to disconnect notifications from chat, mark a chat as read, pin or delete it. To preview the chat, just hold down and hold the profile photo in the chat list.
Automatically save to the gallery on Android
The function of automatically saving images and videos to the gallery has appeared again - now with additional settings. You can enable or disable gallery saving separately for personal chats, groups, and channels.
Download from third-party applications on iOS
Telegram allows users to upload large photos, videos and other files up to 2 GB (or 4 GB), including directly from third-party applications.
When sending large files from other applications to Telegram for iOS , an animated download bar now appears.
Animated Avatar Designer in macOS App
Owners of macOS devices can now quickly create video avatars: you just need to choose the appropriate sticker or animated emoji and add a bright background with a gradient. This function is also available for profile video groups and channels, which means that you no longer have to waste time looking for a stock image for a thematic chat.
To design an animated video avatar, go to Settings or the chat page, choose Edit > Profile Photo > Sticker or Emoji.
Fast and stable application
This update generally includes more than 100 fixes and changes for mobile and computer versions of the application. Fixed errors, optimized the work of the messenger, improved some functions. As of June 2022, owners of the latest iPhone and iPad models will be able to use smoother animations (at 120 frames per second). Owners of Android devices will notice how the quality of audio and video has changed in voice and video messages, and will also be able to change the application icon on the home screen of the phone, clear the entire list of recent stickers at once and translate the recordings of other users in the "About" section and chat descriptions.
As the Telegram developers specified, the update is being released at different times for different platforms.
Secret transfer of user data to security officials
Messenger Telegram can secretly transmit to data law enforcement agencies. This became known on June 6, 2022. According to information the publication, the messenger fulfilled several requests for the provision of data sent to it by the Federal Criminal Police Department (Germany Bundeskriminalamt, BKA). All of them concerned suspects in the harsh treatment of children, as well as in. terrorism
According to the source of the publication, Telegram really refuses the overwhelming majority of requests for the transfer of user data by the authorities and government agencies. Still, some are still satisfied. Meanwhile, not a word was said about this on the messenger's website - a note was found in the FAQ section that Telegram did not transfer a single byte of information about users to third parties.
The privacy policy of the messenger also contains a clause on the transfer of data to authorities and government agencies. It says the service will only provide IP addresses and phone numbers of users to authorities if it is presented with evidence that a particular user is accused of terrorism.
Meanwhile, Telegram's privacy policy was updated in August 2018. The messenger also promised to publish statistics of calls to it by law enforcement agencies every six months, but, as the Android Police portal writes, it has not yet fulfilled this promise.
At the time of publication of the material, Telegram representatives did not comment on the Der Spiegel[7] article[8].
Integration with Admin24 - Service Desk
The domestic system for accounting and processing Admin24-Service Desk applications can now be integrated with Telegram. This became known on June 6, 2022. Read more here.
Hong Kong considers blocking Telegram
Hong Kong is considering blocking Telegram. This became known on May 18, 2022.
For the first time, the Commissioner for Privacy of Personal Data is considering the possibility of applying rules to restrict access to the platform due to the allegedly large distribution of doxing in the messenger. Widespread doxxing - or online exposure of sensitive and personal data - has targeted both government officials and citizens.
Experts believe that blocking the messenger and similar decisions by local authorities will lead to complete state control over the Internet, as implemented in China. Hong Kong first began discussing restrictions on access to the global network in 2020, then the district passed a national security law. This event took place against the backdrop of the protests of 2019-2020.
In recent years, Hong Kong authorities have managed to suppress pro-democracy movements, but they have avoided Internet restrictions until recently. It is not known exactly how the administration will block sites and applications, since this will require the authorities to cooperate with local operators. It is likely that officials will completely restrict access to the Internet or force the removal of services from stores. Hong Kong has already taken measures to combat doxing in 2019, when protesters published information about police officers and officials. In September 2021, the administrative district tightened the data privacy law to prevent leaks. This event caused concern for large technology companies[9]
Ability to create your own notifications and next-generation bots
On April 18, 2022, it became known that Telegram developers continue to change the service, making it convenient for users. The next update brought the ability to create your own sound notifications, as well as their flexible configuration, a redesigned menu for automatically deleting messages, tools for creating next-generation bots, etc.
One important addition is the ability to use any audio file as a notification sound. It is enough to select the appropriate audio file or voice message (up to 300 KB and up to 5 seconds) in the chat, add it to the list of notification sounds and assign it as a notification for any chats.
The user can set the sound for both an individual chat and for conversations of the same type (personal, channels, groups). In addition to this, the function of disabling notifications for any period appeared (previously this could be done for 1 hour, 8 hours or 2 days).
Even in Telegram, a redesigned menu for automatically deleting messages has appeared. This feature is available for any chat, so the user can make the conversation more confidential. The update simplifies the activation of this feature and allows you to more flexibly configure the timer for deleting messages.
Telegram already had a function of responding to messages with attaching part of the text of the original message. After the update, this feature works even when forwarding a response to other chats.
Bots in Telegram have existed since 2015 and during this time they managed to evolve significantly. The update will take them to the next level, as developers can now create a variety of JavaScript interfaces. Simply put, Telegram bots will actually become a replacement for websites. In addition, configuring bot administrators for groups and channels has become easier: you can do this without leaving the bot profile.
As is often the case, the Telegram update will bring with it other animated emojis. The iOS app has improved its message translation function, which has received support for additional languages. Telegram for Android has the ability to change the size of the window when using the picture-in-picture function. The animation also changed when changing the phone number in the application.[10]
Start testing webbots
Telegram has begun testing webbots. This became known on March 31, 2022.
Despite the general principle of working with inline bots, they have a number of differences:
- Clicking on the button opens a third-party site inside Telegram.
- The site receives the main colors of the installed theme and can adapt its appearance to the application.
- The web bot can be pinned to the paper clip menu. By clicking on the bot, Telegram transmits to the site information about an open dialogue/chat and the like.
- Avatars are transmitted by direct links to images, which makes them easy to embed into the site.
- The site can transmit data to the bot up to 4096 bytes: inline buttons have such a limit of 64 bytes.
- The web bot can send messages of any type (with any attachment available for inline) on behalf of the user with the postscript "via @ bot."
- Bot developers will have to develop APIs for communicating between the bot and the site on their own[11].
Swiss army bans military from using foreign messengers
The Swiss Armed Forces banned military personnel from using Telegram, WhatsApp and Signal messengers for information security reasons. This became known on January 7, 2022. Read more here.
2021
Signal founder calls Telegram security 'grossly exaggerated'
Durov accused Signal and other messengers of introducing backdoors on the orders of the US government. Read more here.
Announcement of the appearance of advertising messages in the messenger
On October 27, 2021, it became known that the creator of Telegram announced the appearance of official advertising messages. According to Pavel Durov, the messenger will not use personal data of users for advertising.
The first advertisements will be placed in open channels, to which at least 1,000 people are subscribed. According to Pavel Durov, most of Telegram's resources are spent on supporting such channels. Advertising revenue should recoup the costs so that users can continue to use the messenger for free.
According to the owners of Telegram, user privacy will not suffer. Advertisements will be added to the channels of the corresponding topic. At the same time, the messenger will not use personal data for more relevant setting up of impressions. It is planned that one announcement will contain no more than 160 characters. It will not place xrefs or images.
As of October 2021, the messenger is supported by its creator's own funds and investor money.[12]
Coalition for a Safer Web requires the removal of the Telegram messenger from the App Store
The American non-profit organization Coalition for a Safer Web ("Coalition for a Safer Internet") through a court in California demanded that Apple remove the Telegram messenger from the App Store. A similar lawsuit is planned to be filed with Google[13].
Coalition for a Safer Web accuses Telegram of not taking sufficient restrictive measures against users who spread racist content, extremist messages and calls for violence in connection with the riots in the US Congress.
At the same time, Apple is accused of "causing moral harm by negligence." The company is required not only to remove Telegram, but also to compensate for the damage.
Comparison of functionality with other messengers
Discovery of a vulnerability that allows you to determine the location of the user
A vulnerability in Telegram allows you to locate the user. This became known on January 6, 2021.
The Telegram messenger provides users with the "People Nearby" function, thanks to which you can determine the location of a social network client with an accuracy of several tens of meters.
The post about the vulnerability was published on his blog by enthusiast Ahmed Hassan. A few years ago, he already reported a similar drawback to the Line messenger development team. The creators of the messenger paid Hassan a bonus of a thousand dollars and fixed the problem.
Although Telegram shows only the distance to a particular user in the list, you can determine its exact location using triangulation. To do this, you need to change your location twice, marking the distance to the user each time, and then map three circles with a center in their coordinates and a radius equal to the found distance. You will be at the intersection of the circles. At the same time, you can only find those who use the "People nearby" function.
Alternative solutions in other applications for calculating the distance between users provide for adding a random number to the coordinates, which makes it impossible to determine the real geoposition, but in the case of Telegram, the developers decided to neglect this additional security measure[14].
2020
The European Commission has included VKontakte and Telegram in the list of pirated resources
In mid-December 2020 European Commission , she published an updated list of pirated sites - the "Watch List for Counterfeit and Piracy." For the first time messenger Telegram , the social network "" also entered it.Vkontakte
The list is formed on the basis of reports from groups of copyright holders. They reported that Telegram users, including public channels, "exchange illegal content, in particular music, books, news publications, films and television programs." In addition, subscribers share links to other sites that host pirated content, according to the European Commission.
The European Commission believes that Telegram does not respond quickly enough to pirated content, and VKontakte provides users with the ability to access pirated books and films, including through built-in players.
New Telegram channel fraud scheme
On November 25, 2020, Roskachestvo spoke about a new Telegram fraud scheme. It consists in the fact that attackers turn to channel administrators in the messenger under the guise of negotiations on advertising. Then they offer to download an archive file with a "presentation" of the product whose advertising they want to pay for. The archive contains a virus that transfers data and account management to hackers.
Among those who faced attempts by scammers to "hijack" the channel: Baza, "Durov Code," "Dvacha," etc. The Reddit channel suffered from the malicious link, this case helped reveal the "selection" scheme for managing the account.
Also, experts reported fake fraudulent channels that disguise themselves as well-known. In such cases, it is recommended to be careful about the actions required by administrators.
Among the signs of fraudulent channels in Telegram mentioned by Roskachestvo are proposals to follow an external link to a site with a dubious address, options for easy earnings, links to "secret chats," statements about the "move" of the channel and a link to an allegedly new resource.
In addition, attackers can offer to download files from external archives and attached archive files and executable files.
| | They do not need to be downloaded in any way, whatever they are called. Such files may contain malware that will easily penetrate your computer or phone and steal personal information or payment information. For channel administrators, there is an additional risk - through such a phishing message, they can steal the channel, - summarized in Roskachestvo. | |
Ilya Loevsky, deputy head of Roskachestvo, recommends always keeping the antivirus on your phone and computer turned on, as well as "thinking about digital security before clicking on something."[15]
Inclusion of "anti-censorship tools" in Belarus
Telegram founder Pavel Durov announced the launch of "anti-censorship tools" in the messenger in Belarus. This became known on August 11, 2020.
| | We have included our anti-censorship tools in Belarus so that Telegram remains available to most users there. However, communication is still unstable, since sometimes the Internet in the country is completely turned off, "Durov said on Twitter. | |
In his message, Durov cites a tweet according to which Telegram is still working in the country, although WhatsApp, Facebook and Instagram services are no longer available.
Interruptions in work Internet in Belarus have been observed since August 9, 2020, when the country had the main voting day in the presidential elections. Almost in the morning, residents of the country and journalists began to report interruptions in the work of both home and mobile Internet. President of Belarus Alexander Lukashenko said that the problems are related to "disconnections from abroad," and the state operator of the country "reported" Beltelecom on multiple cyber attacks varying degrees of intensity "[[16].
Leaked database with information about several million users
On June 24, 2020, it became known that Internet flowed away base with a information few million messenger Telegram users. The 900 megabyte file contains unique identifiers users and phone numbers. The file contains more than 40 million records.
The press service of the messenger said that such information is collected through the built-in function of importing contacts during registration. According to them, this happens through the import of contacts during user registration. The company assured that most of the merged accounts are no longer relevant. More than 84% of the data was collected until mid-2019. Almost 70% of the accounts in the database are users from Iran, 30% are from Russia.
In the summer of 2019, after reports of a search for Hong Kong user numbers, the setting "Who can add me to contacts by phone number" appeared on Telegram. It, according to the press service, makes it difficult for ordinary users to use the messenger (they become "invisible" even for those who know their number), but allows "dissidents and activists of protest movements to completely hide the connection between their account and phone number[17].
The expert urged to abandon Telegram due to security risks
There are a number of secure messengers (WhatsApp, Viber, Jabber, Wickr or Signal) that allow encrypted messages to be exchanged, and while many of these tools mostly do their job, some raise security concerns, particularly Telegram.
Security expert Neil Krawetz conducted his own research and found out that Telegram does not meet the criteria related to network connection security, storage and encryption of data on the server, as well as local storage and encryption of Not[18][19]
The first problem is that Telegram uses its own protocol for connection (port 443/tcp), and also always connects only to its servers (149.154.160.0/20). Thus, companies that do not allow employees to use personal secure instant messengers during working hours can block access to Telegram servers and use traffic verification tools to calculate the IP address of an employee who violates the company's policy, Kravetz writes.
The second problem is due to the fact that Telegram receives, stores and caches messages in unencrypted form on its servers, as well as gains access to confidential URLs and caches their contents. Although Telegram transmits data to the server in encrypted form, the server decrypts information and processes unencrypted text. According to Kravetz, "this means that someone with a search warrant can get a copy of your data in unencrypted form."
Finally, the third problem concerns local file storage and encryption. As it turned out, if you have access, locally encrypted data stored is enough to simply decrypt using the Telegram-desktop-decrypt or TelegramStorageParser tools. In addition, you can determine exactly when Telegram was used, or how exactly (sending text, images or video).
2019
Illegal access to correspondence content on iOS and Android devices
On November 29, 2019, the company Group-IB reported a number of incidents related to obtaining illegal access to the contents of correspondence in Telegram on devices iOS Android and from customers of different operators. In cellular communications all cases, on devices, the victims were the only authorization factor. SMS The danger is that in this way attackers can gain access to other,,, to messengers social networks e-mail various services or, where mobile applications banking only SMS is used for authorization.
According to the company, at the end of 2019, several Russian entrepreneurs turned to the Group-IB cybercrime investigation department, who faced the problem of unauthorized access of unknown persons to their correspondence in the Telegram messenger. The incidents occurred on iOS and Android devices, regardless of the client of which federal mobile operator the victim was.
The attack began with the fact that the user received a message from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, SMS with an activation code fell on the victim's smartphone - and almost immediately a notification came to the Telegram service channel that the account was logged in from another device.
In all cases that Group-IB is aware of, attackers logged into someone else's account via the mobile Internet (one-time SIM cards were probably used), and the attackers' IP address was in Samara in most cases .
Group-IB specialists emphasize that Telegram has already implemented all the necessary cybersecurity options that will nullify the efforts of the attackers, but not everyone uses them.
| | I recommend that you install an additional authorization factor in Telegram as soon as possible in the form of a password, in addition to mandatory SMS, this is important for everyone. Next, it is necessary to check other applications, as well as services that use SMS messages for authorization as the main or second factor or to restore the password to email, social networks, access to mobile banking applications, to deliver one-time passwords. | |
Group-IB warns that such an attack can be successful only if the "Cloud password" or "Two step verification" option is not activated in the Telegram settings on the smartphone. That is why on iOS and Android devices for Telegram, you need to go to the Telegram settings, select the "Privacy" tab and assign "Cloud password\Two-step verification" or "Two step verification."
Group-IB experts add that it is advisable not to set an email address to recover this password, since, as a rule, password recovery to email also occurs via SMS.
A study by the Group-IB Computer Forensics Laboratory, where the victims' electronic devices were transferred, showed that harmful trojan the equipment was not infected with spyware or banking, the accounts were not hacked, and no substitution SIM cards was made. In all cases, attackers gained access to the victim's messenger using SMS codes received when logging into an account from another device.
This procedure is as follows: when activating the messenger on another device, Telegram sends the code through the service channel to all user devices, and then (upon request) an SMS message goes to the phone. Knowing this, the attackers themselves initiate a request to send an SMS with an activation code by the messenger, intercept this SMS and use the received code for successful authorization in the messenger.
Thus, attackers gain illegal access to all current chats, except for secret ones, as well as to the history of correspondence in these chats, including files and photos that were sent to them. Having discovered this, a legal Telegram user can forcibly terminate the attacker's session. Thanks to the implemented protection mechanism, the reverse cannot occur, the attacker cannot end the older sessions of the real user within 24 hours. Therefore, it is important to detect an extraneous session in time and complete it so as not to lose access to the account. Group-IB specialists sent a notification to the Telegram team about their investigation of the situation.
The study of incidents continues, and as of November 2019, it has not been established exactly which scheme was used to bypass the SMS factor. At different times, the researchers cited examples of SMS interception using attacks on SS7 or Diameter protocols used in mobile networks. Theoretically, such attacks can be carried out with the illegal use of special technical means or insider in mobile operators. In particular, on hacker forums in Darknet, fresh ads with proposals for hacking various instant messengers, including Telegram.
| | Specialists in different countries, including Russia, have repeatedly stated that social networks, mobile banking and instant messengers can be hacked using a vulnerability in the SS7 protocol, but these were isolated cases of targeted attacks or experimental research. In a series of incidents, of which there are more than 10 as of November 2019, it is obvious that the attackers want to put this way of making money on the stream. In order for this not to happen, it is necessary to increase your own level of digital hygiene: at least use two-factor authorization wherever possible, and add a mandatory second factor to SMS, which is functionally laid down in the same Telegram. told Sergey Lupanin, Head of Cybercrime Investigations at Group-IB | |
Vice: Telegram is a safe environment for right-wing extremists
In October 2019, Vice accused Telegram of creating a safe environment for white nationalists. It analyzed over 150 (mainly English-speaking) ultra-right channels and found that about a third of them were created since the beginning of 2019.
In addition, Vice writes, the rhetoric of such telegram channels is beginning to radicalize. For example, many of them began to practice the philosophy that building a new white civilization can only be done by resorting to violence and undermining social stability. In many right-wing radical channels, instructions for the manufacture of homemade bombs, concealment of weapons and preparation for mass shooting began to be actively distributed.
In support of its arguments, Vice cites statistics according to which 50 people died at the hands of white nationalists in the United States in 2018, which is 35% more than a year earlier. At the same time, right-wing radical groups, according to the publication, also arise after high-profile terrorist acts. For example, after the shooting in Christchurch (the terrorist attack that occurred in New Zealand on March 15, 2019, then 51 people died and 49 were injured), 22 new radical telegram channels appeared.
Probably, Telegram attracts nationalists by the fact that with the help of the messenger they can exchange an unlimited number of photo, video and audio materials. And these are the most popular tools of extremist propaganda, clarifies Vice. Other useful features of the messenger, the publication includes the possibility of mutual reposts and the creation of closed chats.
Because of its policies, Telegram becomes the refuge of radicals expelled from other platforms, Vice heats up. As an example, he cites the 8chan forum, which quietly exists on Telegram even though all other Internet companies blocked it after several terrorists fired at once, having previously published their manifestos on this platform.
Pavel Durov did not talk to Vice.
Edward Snowden discourages officials from using WhatsApp and Telegram
On September 16, 2019, Edward Snowden warned senior officials against using WhatsApp and Telegram. According to a former employee of the National Security Agency (NSA), these messengers are unsafe. Read more here.
Full Phone Number Concealment Feature
September 5, 2019 in Telegram there was an opportunity to hide the phone number. To gain access to this function, you need to update the application to the latest version and in the privacy settings choose who can see the phone number: anyone, only contacts or no one.
Earlier, when choosing the option "do not show my number to anyone," the user's phone remained available to those who saved it in their contacts, regardless of the privacy settings. Now you can completely hide your phone numbers.
The messenger issued an update amid concerns from protesters in Hong Kong. Demonstrators who use group chats believe authorities could take advantage of a shared phone base, add numbers to the list and find them in protest chats. And it was this defect that the service developers eliminated. Although this had to be done for a long time, says Anton Rosenberg, ex-director of special directions of the Telegram messenger.
| | Groups in Telegram are increasingly being used to communicate with users who are being oppressed. We believe that all people have the right to express their opinion and communicate privately, the Telegram message says. | |
In addition, delayed sending of messages, more animated emojis, as well as the ability to create and share your own themes were added to the updated application. Up to 200 thousand participants can now be added to public Telegram groups.[20]
Earlier it was reported about the development of Telegram new privacy settings in order to protect protesters in Hong Kong. So updating the messenger will prevent the authorities from identifying participants in group chats of the application. Telegram founder Pavel Durov also accused the Chinese authorities of DDoS attacks on the messenger during protests in Hong Kong.
Telegram gives security officials participants in rallies and protests
The Telegram messenger can issue users' phone numbers to third parties without their consent. A breach in the security system of the popular service was discovered in the summer of 2019 by software developers from Hong Kong[21].
According to experts, the loophole they discovered can be used by the authorities and special services to collect phone numbers of those who participate in rallies and protests. The ZDNet resource writes that the personal data of those who participate in the protests in Hong Kong and coordinate their actions through Telegram can be calculated in this way.
How does it work
Attackers can bypass the privacy settings in the messenger, in which you can hide the visibility of your phone number. It works even if you hide your phone number from everyone, including your contact list. In order to find out whether a person is in protest groups and chats on Telegram, third parties just need to add thousands of numbers to their address book, after which they can connect to the necessary groups and synchronize their contacts with the Telegram client. After synchronization, the messenger will immediately show which of the owners of the added numbers is in "unpopular" groups.
For Hong Kong, the possible de-anonymization of Telegram users is now of great importance. Numerous protests have been taking place across the country since the beginning of June 2019 against a bill to consider extradition requests for criminal suspects from the territory of Hong Kong filed by the authorities of Macau, Taiwan and China. The document was accepted for consideration, which prompted the people of Hong Kong to express their dissatisfaction. Protesters staged a procession, built barricades and blocked traffic on major highways and roads. On the first day of protest against the bill, more than 240 thousand people spoke, which was the largest demonstration in Hong Kong in the last 20 years.
Telegram has built in tools to bypass locks of a new type
The Telegram messenger has the ability to disguise traffic under the HTTPS protocol. Information about this appeared on the GitHub resource. To disguise as HTTPS, the developers added the secret prefix "ee" to the client code. In addition, in addition to the base16 coding method, it was possible to encrypt the secret in the proxy server address using base64[22].
In the protocol between the Telegram client and the proxy server, an additional encapsulation layer was added over the TCP protocol. This turns the data into TLS records. Data transfer to HTTPS takes place on top of this cryptographic protocol. TLS handshake emulation was also added at the beginning of work. Telegram has already launched proxy servers in Python and Erlang, where masking is implemented.
Geochats appeared in the Telegram beta for iOS
On June 19, 2019, it became known that geochats appeared in the beta version of Telegram for iOS. People who are next to each other and united by common interests will be able to correspond in them.
Any user can create a geochat, you need to specify its theme and geolocation radius - from 100 meters to 6 kilometers. Chat history is available to all users, even messages created before a particular user joined the conversation. The number of geochat participants is not limited.
Any user can find a specific geochat if it is not far from the place to which it is tied. In such chats, "checks" appeared - tags that will indicate that the user appeared in a place tied to geochat[23].
Durov suspects China of involvement in Telegram malfunctions
On June 13, 2019, it became known that the founder of the Telegram messenger Pavel Durov suspects a possible connection between China and the malfunctions of the service. He noted this on his Twitter. According to him, this country may be involved in the conduct of DDoS attacks on Telegram, which caused its temporary inoperability in June 2019.
| | "All DDoS attacks of such a serious scale (attack power from 200 to 400 Gbps), which we recorded, indicate state involvement and coincide in time with the protests in Hong Kong (their coordination is carried out in Telegram)," noted Pavel Durov, founder of the Telegram messenger | |
Earlier, a message appeared on the official Twitter of the service about possible interruptions in work due to a major one. hacker attack Telegram representatives assured that data all users are in. safety
Problems in the work of Telegram began on June 11, 2019 and affected the whole world. According to Downdetector, instability in the messenger was observed in the United States, South America, a number of European countries, the Middle East, and also partially in the Asia-Pacific region. Most users (95%) could not connect to the service, and 4% did not work sending messages.
As of June 13, 2019, failures in Telegram are still observed in South America, certain American states, as well as in, and Kiev St. Petersburg. To Moscow Globally, the service managed to restore work.
Pavel Durov linked the DDoS attack on his messenger with the protests that began in Hong Kong on June 9, 2019. Citizens of the country took to the streets to protest a bill to consider extradition requests for criminal suspects from Hong Kong territory filed by authorities in Macau, Taiwan and China.
The document was accepted for consideration, which prompted the people of Hong Kong to express their dissatisfaction. Protesters staged a procession, built barricades and blocked traffic on major highways and roads.
According to preliminary police estimates, on the first day of protest against the bill, more than 240 thousand people spoke. It marked the largest demonstration in Hong Kong in 20 years. The protest action bore fruit: on June 12, 2019, it became known that the consideration of the bill had been postponed indefinitely.[24]
Someone else's correspondence in Telegram can be bought at the price of a SIM card
A resident of Belarus discovered a dangerous vulnerability in the Telegram messenger that allows access to all user correspondence without requesting special services and transferring encryption keys. The identified scheme operates regardless of the country, and every user of the service can become a victim[25].
The defect of the Telegram security system allows you to buy the entire history of the user's correspondence in the literal case at the price of a SIM card. According to the Onliner portal, a resident of Belarus, whose Telegram account was originally tied to a Belarusian phone number, moved to another country and bought a new SIM card. The Telegram application was reinstalled, and the account owner re-registered it to a new number. After receiving all the verification messages, the correspondence of a complete stranger appeared in her smartphone, and her name and photo in the profile were changed to others.
How is this possible?
Gaining access to the correspondence of another user became possible due to the fact that the purchased Belarusian phone number previously belonged to this person, who at one time registered his own Telegram account and used the service. Subsequently, the telecom operator probably returned the number for sale due to the lack of activity of the previous owner (this practice also exists in Russia).
What happened may mean that none of the Telegram users, positioned as one of the most secure messengers, can be completely sure that his correspondence will not fall into the wrong hands.
2018
In the list of 20 most secure instant messengers according to Artezio
The analytical department of Artezio (part of the LANIT group of companies) on November 26, 2018 published a list of 20 messengers capable of providing a high level of privacy. The rating was compiled based on the results of comprehensive testing of programs, while the quality of data encryption and the reliability of information protection tools were the key criteria in the formation of the final expert assessment, representatives of Artezio told TAdviser. Telegram is in third place on the list. Read more here.
De-anonymization of Telegram users
On October 1, 2018, it became known that a serious vulnerability was identified in the mobile client of the Telegram messenger, which, under certain conditions, can issue IP addresses of users.
As the researchers have established, by default Telegram routes voice calls via P2P connections. In this case, the IP address can be displayed in the console. True, not all versions of Telegram support the console, for example, it is not visible under Windows, but it is quite available under Linux.
Experts have found that if you redirect calls through the servers of Telegram itself, the IP address will not be visible. But this will require manually changing the settings: Settings - > PrivateandSecurity - > VoiceCalls - > Peer-To-Peern values Never or Nobody, and at the same time the sound quality will decrease slightly.
In addition, it will be easy to turn off calls via P2P in iOS and Android, and, for example, on the desktop version of Telegram for Windows, this turns out to be impossible.
A security expert known as Dhiraj has already received a reward of 2,000 euros from Telegram developers for discovering this problem.
The vulnerability was received by the CVE-2018-17780 index. At the moment, it has been fixed in versions Telegram for Desktop 1.3.17 beta and 1.4.0; now it is possible to disable P2P calls there.
Telegram developers initially argued that the problem with P2P communications is neutralized by the fact that the My Contacts option is set by default, limiting the ability to view the user's IP address with a list of his contacts.
However, it later turned out that the Telegram API contained an error that leads to the fact that for several hours after the next login, P2P connections remained open to everyone. According to the company, as of October 1, 2018, this problem has been fixed.[26]
Telegram promised to issue numbers and IP addresses of terrorists
As it became known on August 28, 2018, Telegram published an updated privacy policy on its official website, according to which the messenger administration undertakes to issue information about users to law enforcement agencies if requested.
As follows from paragraph 8.3 of the updated policy, Telegram can issue a person's IP address and phone number, but only if there is an appropriate court decision proving the user's involvement in terrorist activities.
Telegram can secretly read user messages
Telegram, a popular messenger developed by Pavel Durov, founder of the Vkontakte social network, can monitor the correspondence of users of cloud chats. This conclusion was reached by the authors of the Telegram channel Mediatube, having analyzed the mechanism for authorizing users[27] messenger[28].
When installing the application on a new device, the user receives an SMS message with a five-digit authorization code. In addition, the same code is duplicated in the service notification chat. It can be seen on each device of the owner of the Telegram account. This code must be entered on a new device to start using the application.
Users noticed that if you copy the authorization code or enter it manually and send it to any chat, the code will lose its relevance and will not work when you try to log in with it on a new device. Cancellation of the authorization code will occur even if a mixed message is sent - any characters can be added to the code, and this will not affect Telegram's ability to isolate it from the character sequence. However, when sending a code to a secret chat, this cancellation procedure will not work.
The results of the experiment may be evidence that user correspondence is analyzed by a certain algorithm on the server side, at least during authorization. This theory is supported by the fact that the authorization code is not canceled when sent to a secret chat, since messages in such chats are subjected to end-to-end encryption, are not stored on Telegram servers and are available only to the sender and recipient.
This feature can be called an interesting approach to protecting your account from theft of authorization codes and preventing unauthorized access to it. Nevertheless, this approach leaves a field for speculation and suspicion: does Telegram read other user messages?
8 million IP addresses used by Telegram have been unlocked. The company spent $75,000 an hour to combat the blocking of the ILV
Roskomnadzor has unblocked about 8 million IP addresses that are part of the Amazon and Online Sas subnets. All of them were previously used by the Telegram messenger to bypass locks, Interfax writes.
Later in 2021, a former representative of Roskomnadzor, Vladimir Ampelonsky, said that Telegram used 8,000 IP addresses before blocking, and within a short time from the moment of blocking, their number increased to 15.5 million IP addresses. According to Ampelonsky, renting one IP address cost about $0.05 per hour, and the company spent $75,000 per hour.
Telegram revealed proxy sources to bypass locks
Telegram has posted[29] on the GitHub portal the source code of a proxy server running over the MTProto protocol. Instructions for setting it have been published[30] on Docker Hub. The protocol works only inside the messenger and is not compatible with other services[31].
To create your own proxy server, you need a computer with Docker installed and a provider connected to the network that does not block access to Internet resources. Port 443 must be free.
It is noted that one proxy server process supports tens of thousands of connections. In order to improve performance, the developers have set a limit on connection processing - up to 60 thousand per processor core.
At the moment, only users of Android devices can connect to the MTProto proxy. The new MTProto proxies do not work on Telegram and Telegram X clients on the iOS platform, since Apple has been blocking Telegram app updates in the App Store since mid-April.
Apple bans Telegram updates for iPhone and iPad
Apple has not allowed the Telegram messenger to update its app in the AppStore for a month and a half. The creators of the messenger reported this on the project website in the "Frequently Asked Questions" (FAQ) section[32].
Answering a question about Telegram's compliance with the "General Data Protection Regulations" (GDPR), European Union the authors of the project reported that "users Android received an update GDPR in version 4.8.9, while Apple has been globally blocking Telegram updates for its iOS application since mid-April."
Telegram has built tools to bypass locks of a new type
On the localization page of the Telegram application for Android OS in May 2018, new lines of text appeared for translation from English to other official application languages, which indicate that proxy server support will be implemented in the popular messenger in the near future (services in computer networks acting as an intermediary between the user and some resource in the network) a new type called MTProto Proxy[33].
This solution was developed specifically to ensure the functioning of Telegram in the context of blocking the messenger by communication service providers.
The advantage of the new solution over the HTTP and SOCKS5 proxies, whose support is implemented in stable versions of the messenger, is higher performance and security.
In addition, servers on MTProto will be much more difficult for providers to block.
Telegram ban in Iranian government agencies
On April 18, 2018, a Telegram ban was announced in Iranian state bodies after the country's supreme leader, Ayatollah Ali Khamenei, stopped using this messenger for national security reasons.
| | In accordance with the protection of national interests and to eliminate the Telegram monopoly, Ayatollah Khamenei will cease his activities in this network, - says his last message in Telegram. | |
Iranian civil servants have been banned from using Telegram, according to news outlet ISNA. What measures will be taken in relation to those who violate this requirement is not specified.
Ali Khamenei is an active social media user, even though Twitter and Facebook have been blocked in Iran. His office constantly publishes photos and information from the speeches of the leader. After blocking, Telegram users are invited to read Khameneni's messages in Iranian-developed Soroush and Gap messengers.
Telegram has already been blocked in Iran - at the end of 2017 after a series of anti-government demonstrations. However, two weeks later, the service resumed operation.
By mid-April 2018, about 45 million residents use the Telegram messenger, while the entire population of Iran is 80 million people. Telegram is popular in the Middle East and the former USSR, the agency notes. Reuters
Iranian media in their Telegram channels a few weeks before the refusal of Khamenei's office to use Telegram also offered their subscribers various options where current news reports will be published. Iranian news outlets and television, however, continue to use the Telegram messenger.
In April 2018, a representative of the Supreme Court of Iran said that Telegram and other foreign messengers will be able to work in the country only if they receive permits from the government and store citizens' data inside the country.[34]
Removing from App Store and Google Play
Roskomnadzor sent a demand to the App Store and Google Play to remove Telegram, RBC reports on April 17, citing representatives of the regulator. Stores must remove the application as soon as possible. Earlier, Roskomnadzor also demanded that Telegram be removed from the largest APK Mirror. Telegram disappeared from the apkpure.com website, where the installation files of the programs are posted, and the Telegram discussion thread disappeared from the 4pda forum.
Durov will allocate "millions of personal funds to save Telegram"
The creator of Telegram Pavel Durov announced his readiness to allocate millions dollars of personal funds for grants for administrators of proxy/services, VPN which help bypass the blocking of the messenger. He wrote about this on his page "" Vkontakte[35]
"As part of the Digital Resistance - a decentralized movement to protect digital freedoms and progress - I began to pay bitcoin grants to proxy and vpn administrators. During this year, I will be glad to donate millions of dollars of personal funds for these purposes, "Durov said.
Anyone can edit other people's entries in Telegram
A security researcher known in the IT blog Habrahabr under the pseudonym w9w spoke about the vulnerabilities he discovered in the Telegram messenger[36].
In the course of the study conducted by the author, it turned out that t.me links familiar to Telegram users can lead to phishing sites, private chats are actually not so private, and anyone can edit articles in the Telegraph, a publishing service closely integrated with Telegram.
Editing other people's messages
The vulnerability affects the Telegraph publishing service, developed by Pavel Durov and the Telegram messenger team in 2016. After analyzing the HTTP request sent to the Telegraph servers, the author came to the conclusion that in order to edit absolutely any article, an attacker only needs to know its unique identifier, which can be found directly in the HTML code of the page with this article.
As a rule, protection against such attacks comes down to checking the token (random set of bytes) generated by the server with the user sent when clicking on a link or clicking a button. If the server and client tokens do not match, the server denies the user the requested operation. According to the author of the study, in the case of the Telegraph, this approach, like other methods of protection, is not used.
Private chats in danger
It was possible to discover one of the vulnerabilities in the process of testing a third-party resource interacting with the t.me domain, which belongs to Telegram and is used to create short public links to user accounts, channels and groups in the messenger. The site offered paid advice on investing in cryptocurrencies, and Telegram-bot acted as one of the channels for obtaining such information. The bot could be connected by clicking on a link like t.me/Another_bot?start=CODE, where CODE is a secret sequence of characters associated with the user's account on the site. Having decided to check the "sensitive" data in the URL (a single resource index on the Internet) for the fact of indexing by search engines, the researcher discovered the first of three vulnerabilities in Telegram.
Having formed the so-called "dork" (Google Dork Query - a special request to the search engine that allows you to find public information hidden from prying eyes) of the following type: site: t.me inurl:Another_bot?start=, the author of the study discovered the publicly available personal code of a random paid subscriber of the very resource about cryptocurrencies. From this, it was concluded that on t.me there is no ban on indexing confidential data. The author's reason for this misunderstanding is the absence of the robots.txt file in the root directory of the resource associated with the t.me domain. This file is used by webmasters to specify site indexing settings. For example, using this file, you can prevent search robots from indexing certain sections of a web resource, thus completely excluding their appearance in search results.
2017
Payment functionality
Telegram developers have launched the online payments function Bot Payments in the messenger. The function is intended for creators of bots who will now be able to accept payments from their customers from around the world.
"If you have Telegram 4.0 or newer installed, you can order goods or services through the bots that offer them. When you click Pay, you will be prompted to enter your credit card information, complete your shipping information, and confirm your payment. And you will receive the ordered, "the developers write. In this case, if the Telegram user account is protected by two-stage authorization (confirmation by SMS and entering a password).
Card details can be saved for future purchases. Thus, the procedure for ordering through bots will be easier next time. Since Telegram is an open platform, the developers clarified that the creators of bots can use the necessary APIs and accept payments without prior approval procedure.
The money transfer platform will allow users to make purchases through bots inside the messenger. Bots will have a special button for ordering and paying for goods and services.
To pay the customer for the bot, you will need to enter your credit card information and confirm the payment. At the same time, the card will be tied to bots from which the user has already made purchases.
The text says that the payment will go directly from the client to the bot developer, bypassing Telegram itself. The messenger will not charge any commission from transactions. In addition, the service will not accept complaints and demands to return money to users, as it will not store bank card data.
Most payments will be made through the Stripe payment system, which is not yet developed in Russia. However, the description emphasizes that the platform is open to payment systems from other countries.
Beta with Voice Calling
On March 13, 2017, Telegram Messenger announced the release of a beta version of the Telegram messenger, in which the voice calling function became available. The full functionality of the service is not yet available and the timing of its launch is unknown.
With reference to the Telegram News group on the social network, the media reported on the presence of an end-to-end encryption mode for voice calls and the availability of only personal calls. The functions of disconnecting the microphone and turning on the speakerphone are available, the ability to apply personal permissions for calls (for example, only to users specified in contacts)[37].
The Disconnected Calls feature is available. Presumably, there will be calls to the official application of the messenger for desktop OS - Telegram Desktop.
The functionality is not finally approved and some functions may not be available. The possibility of calls is called the "main update of the year," but the launch period of the full-featured mode is not commented on by any official.
It is not known about the official comments of the developers of the Telegram messenger on March 13, 2017.
As of March 13, 2017, the current stable version of the messenger for Android 3.17. For iOS - 3.16.1.
2016: How Telegram works: Technology overview
The global service uses a proprietary server part with closed code and several open source clients, including under the GNU GPL.
User accounts are linked to phone numbers. When registering in the service and then authorizing devices, the telephone number is checked by SMS messages with a code or a telephone call.
To ensure security, the messenger message created the MTProto protocol. It involves the use of multiple encryption protocols. Authorization and authentication use RSA-2048 algorithms DH-2048 for encryption, when transmitting protocol messages to the network, they are encrypted by AES with a key known to the client and server. Cryptographic hash algorithms SHA-1 and MD5 are also used.
Protection against interception of forwarded messages from the Telegram server is provided in Secret Chats mode (available from October 8, 2013). In this mode, encryption is performed, in which only the sender and the recipient have a common key (end-to-end encryption), using the AES-256 algorithm in the Infinite Garble Extension (IGE) mode for forwarded messages. Messages in secret chats are not decrypted by the server, and the correspondence history is saved only on two devices, initiators of chat creation.
When exchanging files, you can send files from your device, search for media content on the Internet, if you use the mobile version for iOS or Android. The size of the files transferred is limited to 1.5 GB.
The program uses a system to continue transferring files in the event of a disconnection.
Using a special API, third-party developers can create "bots," special accounts managed by programs. Typical bots respond to commands in personal and group chats, can perform Internet searches, other tasks, are used for entertainment purposes or in business.
Notes
- ↑ Durov: more than 70% of the population of Uzbekistan uses Telegram
- ↑ Telegram gained 100 million users
- ↑ Telegram channel of Pavel Durov
- ↑ Big day today, we’re launching Telegram Stars
- ↑ Dedicated links earned in Telegram
- ↑ Blocking voice messages appeared in Telegram
- ↑ [https://www.cnews.ru/news/top/2022-06-06_pomilovannyj_rossijskimi Telegram
- ↑ may secretly transmit user data to security officials]
- ↑ Hong Kong is considering blocking Telegram.
- ↑ Telegram has improved bots, the ability to create your own notifications and much more
- ↑ Telegram has begun testing web bots - the first information
- ↑ Advertising will appear in Telegram
- ↑ Apple sued by group insisting it curb Telegram after Capitol attack
- ↑ A vulnerability in Telegram allows you to locate the user
- ↑ TELEGRAM FRAUD: HOW TO AVOID?
- ↑ https://www.securitylab.ru/news/510979.php Durov announced the inclusion of" anti-censorship tools "in Belarus in Telegram ]
- ↑ " The network has published a database of millions of Telegram users
- ↑ So Secret Messages
- ↑ The expert called for Telegram to be abandoned due to security risks.
- ↑ Scheduled Messages, Reminders, Custom Cloud Themes and More Privacy
- ↑ Telegram giving security officials participants in rallies and protests
- ↑ Telegram has built in tools to bypass new types of locks
- ↑ Geochats tied to a geographical location appeared in the beta version of Telegram
- ↑ The Chinese have come up with an effective method of combating Telegram
- ↑ Someone else's correspondence in Telegram can be bought at the price of a SIM card
- ↑ Proven: Telegram was not anonymous
- ↑ [http://www.cnews.ru/news/top/2018-07-06_telegram_mozhet_chitat_soobshcheniya_polzovatelej of the Telegram
- ↑ , can secretly read user messages]
- ↑ TelegramMessenger/MTProxy
- ↑ by telegrammessenger/proxy
- ↑ Telegram has revealed the source of the proxy to bypass locks
- ↑ of Apple prohibits updating Telegram for iPhone and iPad
- ↑ Telegram has built tools to bypass locks of a new type
- ↑ Iran bans state bodies from using Telegram app, Khamenei shuts account
- ↑ Pavel Durov VK.
- ↑ Anyone can edit other people's entries in Telegram
- ↑ "Prepare to remove WhatsApp and Viber": voice calls have appeared on Telegram
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |