The notable customers page of startups is often riddled with celebrity names, big brands, or other cultural thought leaders. Every once in awhile, however, having great technology attracts some rather despicable attention, which is what happened to Telegram, a free Android, iOS, Mac/Windows, and Web app whose “Secret Chat” function was apparently utilized by terrorists associated with extremist group ISIS, using it to not only communicate but to also distribute documents like ISIS’ magazine, Dabiq. The function in question gives users the opportunity to send end-to-end encrypted messages, which theoretically means that only the senders and the receivers can read them. But as it turns out, when the whole world is against you, even supposedly secure, end-to-end encryption won’t protect you.
As Motherboard originally reported, a Wednesday blog post from operational security expert “the Grugq” noted a number of issues with Telegram that may have rendered it relatively insecure when used by terrorists. “Telegram is error-prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger,” he commented. And of course, it doesn’t help that Telegram is now on ISIS’ case as well.
Upon learning that their service was being used for more insidious purposes, the messaging app blocked 78 ISIS-related channels that operated in 12 languages, and added that the company was “disturbed to learn that Telegram’s public channels were being used by ISIS to spread their propaganda.” The company also has plans to implement tools that make it “easier … for our users to report objectionable public content in the upcoming update of Telegram this week.”
This week we blocked 78 ISIS-related channels across 12 languages. More info on our official channel: https://t.co/69Yhn2MCrK
— Telegram Messenger (@telegram) November 18, 2015
But even without these (still much needed) updates, the Grugq points out that ISIS has overestimated their own technical prowess — “Users will make security mistakes and register with their personal mobile numbers,” said the expert, and as a recent tweeted of an ISIS forum thread reveals, members had indeed signed up for the service with their far more traceable, far less secure, individual cell numbers.
While Telegram initially defended its accessibility to groups like ISIS, with Russian founder Pavel Durov saying in September, “I don’t think we should feel guilty about this. I still think we’re doing the right thing — protecting our users privacy,” the company is certainly facing increased pressure to crack down on terrorism in light of recent attacks.
The app currently reports some 12 billion messages sent every day by their 60 million users, some of whom are allegedly members of terrorist groups.