Telegram CEO Pavel Durov recently announced that Telegram would be handing over user data (such as phone numbers and IP adresses) to the authorities. Now it turns out that it has been doing so since 2018.
My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.
Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.
For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.
To reduce confusion, last week, we streamlined and unified our privacy policy across different countries.
Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.
Full text of the post.
📰 My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.
🌐 Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.
⚖️ Whenever we received a properly formed legal request via relevant communication lines, we would verify it and disclose the IP addresses/phone numbers of dangerous criminals. This process had been in place long before last week.
🤖 Our @transparency bot demonstrates exactly that. This bot shows the number of processed requests for user data.
✉️ For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.
📈 In Europe, there was an uptick in the number of valid legal requests we received in Q3. This increase was caused by the fact that more EU authorities started to use the correct communication line for their requests, the one mandated by the EU DSA law. Information about this contact point has been publicly available to anyone who viewed the Telegram website or googled “Telegram EU address for law enforcement” since early 2024.
🤝 To reduce confusion, last week, we streamlined and unified our privacy policy across different countries. But our core principles haven’t changed. We’ve always strived to comply with relevant local laws — as long as they didn’t go against our values of freedom and privacy.
🛡 Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.
Never trust a third party to keep your shit private. Especially if privacy is their main selling point.
Foss code and client side encryption is fine.
If you can read and understand the code, sure. Otherwise you’re still just extending trust to someone perhaps less reputable than even the corporations who are dying to sell you out. For example, the back door some mysterious contributor slipped into xz recently.
My recommendation is to live life as if privacy on the internet did not exist, because it doesn’t.
There is such a thing as credibility. You can extend trust to others that have credibility. For example, security audits from companies that are credible. Or, you use an app because a trustworthy techie friend of yours says they’re safe.
But a prerequisite in all these cases is going to be FOSS code and client side encrypt.
Telegram had credibility. It was being used by journalists to protect sources.
You can extend trust to individuals but do not apply that to companies or organizations if you care at all about what they’re doing with what you give them. Not everyone has some mythical tech privacy wizard on call to give them perfect advice every time they open an account on an app or website.
Even client side encryption is not infallible. The algorithm you use will eventually be crackable and probably sooner than you think. Nothing lasts forever.
The most foolproof way to ensure something remains private is to not put it on the internet at all.
Fortunately we have folks like Freedom of the Press Foundation, who provide trainings to journalists
This doesn’t really compute. Society would collapse if nobody trusted “third parties”, and your second phrase is just hyperbole.
It’s more complex than that. The issue is money, and incentives, and how power is structured. A third party that you are paying or whose income is uncoupled to the profit motive, and preferably one that has both private and institutional stakeholders - well, if we choose not to trust them, then basically we can’t trust anyone for anything. That would be a dark place to be.