Telegram is a non-profit cloud-based instant messaging service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS and Linux. Users can send messages and exchange photos, videos, stickers, audio and files of any type.
Telegram was founded by the Russian entrepreneur Pavel Durov. Its client-side code is open-source software but the source code for recent versions is not always immediately published, whereas its server-side code is closed-source and proprietary. The service also provides APIs to independent developers. In February 2016, Telegram stated that it had 100 million monthly active users, sending 15 billion messages per day. According to its CEO, as of April 2017, Telegram has more than 50% annual growth rate.
Telegram's security model has received notable criticism by cryptography experts.[who?] They have argued that it is undermined by its use of a custom-designed encryption protocol that has not been proven reliable and secure, by storing all messages on its servers by default and by not enabling end-to-end encryption for messages by default. Pavel Durov has argued that this is because it helps to avoid third-party unsecure backups, and to allow users to access messages and files from any device. Messages in Telegram are server-client encrypted by default, and the service provides end-to-end encryption for voice calls and optional end-to-end encrypted "secret" chats.
DevelopmentTelegram was launched in 2013 by the brothers Nikolai and Pavel Durov, who had previously founded the Russian social network VK, but had to leave the company after it was taken over by the Mail.ru Group. Nikolai Durov created the MTProto protocol that is the basis for the messenger, while Pavel provided financial support and infrastructure through his Digital Fortress fund.
Telegram is registered as both an English LLP and an American LLC. It does not disclose where it rents offices or which legal entities it uses to rent them, citing the need to "shelter the team from unnecessary influence" and protect users from governmental data requests. Pavel Durov has said that the service was headquartered in Berlin, Germany, in 2015 and early 2015, but moved to different jurisdictions after failing to obtain residence permits for everyone on the team. Durov left Russia and is said to be moving from country to country with a small group of computer programmers. According to press reports, Telegram had employees in St. Petersburg. The Telegram team is currently based in Dubai.
In December 2017 Cointelegraph reported, that Telegram was planning to launch a blockchain platform and native cryptocurrency that in January 2018 TechCrunch confirmed, referring to multiple sources,  To fund the TON launch, Telegram is said to be planning an ICO. The platform is said to be based on an entirely new blockchain and may be called the "Telegram Open Network" (TON), while the TON currency may be called "Gram". Telegram plans to raise $3 billion during ICO.
AccountTelegram accounts are tied to telephone numbers and are verified by SMS or phone call. Users can add multiple devices to their account and receive messages on each one. Connected devices can be removed individually or all at once. The associated number can be changed at any time and when doing so, the user's contacts will receive the new number automatically. In addition, a user can set up an alias that allows them to send and receive messages without exposing their phone number. Telegram accounts can be deleted at any time and they are deleted automatically after six months of inactivity by default, which can optionally be changed to 1 month and 12 months. Users can replace exact "last seen" timestamps with broader messages such as "last seen recently".
The default method of authentication that Telegram uses for logins is SMS-based single-factor authentication. All that is needed in order to log into an account and gain access to that user's cloud-based messages is a one-time passcode that is sent via SMS to the user's phone number. These login SMS messages are known to have been intercepted in Iran, Russia and Germany, possibly in coordination with phone companies. Pavel Durov has said that Telegram users in "troubled countries" should enable two-factor authentication by creating passwords, which Telegram allows, but does not require.
BotsIn June 2015, Telegram launched a platform for third-party developers to create bots. Bots are Telegram accounts operated by programs. They can respond to messages or mentions, can be invited into groups and can be integrated into other programs. Dutch website Tweakers reported that an invited bot can potentially read all group messages when the bot controller changes the access settings silently at a later point in time. Telegram pointed out that it considered implementing a feature that would announce such a status change within the relevant group. Also there are inline bots, which can be used from any chat screen. In order to activate an inline bot, user needs to type in the message field a bot's username and query. The bot then will offer its content. User can choose from that content and send it within a chat.
ChannelsChannels can be created for broadcasting messages to an unlimited number of subscribers. Channels can be publicly available with an alias and a permanent URL so anyone can join. Users who join a channel can see the entire message history. Each message has its own view counter, showing how many users have seen this message. Users can join and leave channels at any time. Furthermore, users can mute a channel, meaning that the user will still receive messages, but won't be notified.
StickersStickers are cloud-based, high-definition images intended to provide more expressive emoji. When typing in an emoji, the user is offered to send the respective sticker instead. Stickers come in collections called "sets", and multiple stickers can be offered for one emoji. Telegram comes with one default sticker set, but users can install additional sticker sets provided by third-party contributors. Sticker sets installed from one client become automatically available to all other clients. Sticker images use WebP file format, which is better optimized to be transmitted over internet.
DraftsDrafts are unfinished messages synced across user devices. One can start typing a message on one device and continue on another. The draft will persist in editing area on any device until it is sent or removed.
Secret chats have to be initiated and accepted by an invitation, upon which the encryption keys for the session are exchanged. Users in a secret chat can verify that no man-in-the-middle attack has occurred by comparing pictures that visualize their public key fingerprints.
According to Telegram, secret chats have supported perfect forward secrecy since December 2014. Encryption keys are periodically changed after a key has been used more than 100 times or has been in use for more than a week. Old encryption keys are destroyed.
Windows and Linux users are still not able to use secret chats using the official Telegram Desktop app while the official macOS-only client supports them.
Secret chats are not available for groups or channels.
Telegram's local message database is not encrypted by default. Some Telegram clients allow users to encrypt the local message database by setting a passphrase.
Voice callsIn the end of March 2017, Telegram introduced its own voice calls. The calls are built upon the end-to-end encryption of Secret Chats. Connection is established as peer-to-peer whenever possible, otherwise the closest server to the client is used. According to Telegram, there is a neural network working to learn various technical parameters about call to provide better quality of the service for future uses. After a brief initial trial in Western Europe, voice calls are now available for use in most countries.
ServersTelegram Messenger LLP has servers in a number of countries throughout the world to improve the response time of their service. Telegram's server-side software is closed-source and proprietary. Pavel Durov has said that it would require a major architectural redesign of the server-side software to connect independent servers to the Telegram cloud.
Client appsTelegram has various client apps. This list includes versions developed on official platforms backed by Telegram Messenger LLP and unofficial clients that are developed by the community. The source code of all official Telegram clients (and some of the unofficial clients) is open source and released under the GNU General Public Licence version 2 or 3.
|Name||Platform(s)||Official||Source code license||Support for secret chats||Notes|
|Telegram||Android 2.3 or later||Yes||GPLv2 or later||Yes||Supports tablets and Android Wear smart watches.|
|Telegram Messenger||iOS 6 or later||Yes||GPLv2 or later||Yes||Launched in August 2013 for iPhone and iPod Touch and relaunched in July 2014 with support for iPad.|
|Telegram X||iOS 8.0 or later, Android ||Yes||Proprietary||Yes||An alternative Telegram client written from scratch, with higher speed, slicker animations, themes and more efficient battery use. iOS version is written with Swift.|
|Telegram Messenger||Windows Phone||Yes||GPLv2 or later||Yes|
|Telegram||Firefox OS||Yes||GPLv3||No||Based on Webogram.|
|Telegram Desktop||Windows NT, macOS, and Linux||Yes||GPLv3 with OpenSSL exception||No||Qt-based desktop client. The Windows NT client is a traditional desktop app published in three flavors: With installer, portable, Windows Store app|
|Telegram||macOS||Yes||GPLv2||Yes||Native macOS client.|
|Telegram||Google Chrome and Chrome OS||Yes||GPLv3||No|
|Cutegram||Windows, macOS, and Linux||No||GPLv3||Yes||Based on Qt.|
|Telegram CLI||Linux, FreeBSD and macOS||No||GPLv2||Yes||Command-line interface for Telegram.|
|MadelineProto||Linux, FreeBSD, Windows and macOS||No||AGPLv3||Yes||Telegram library with support for secret chats and telegram voice calls|
|Telegram[third-party source needed]||Ubuntu Touch||No||GPLv2||Yes||Based on TelegramQML.|
|Sailorgram[third-party source needed]||Sailfish OS||No||GPLv3||Yes||Based on Cutegram.|
|Telegram-Purple||Windows, macOS, and Linux||No||GPLv2||Yes||Plugin for Pidgin, Adium, Finch and other Libpurple-based messengers|
|Unigram||Windows 10, Windows 10 Mobile||No||GPLv3||No||A Universal Windows Platform app published on Microsoft Store|
APIsTelegram has public APIs with which developers can access the same functionality as Telegram's official apps to build their own messaging applications. In February 2015, creators of the unofficial Whatsapp+ client released the Telegram Plus app, later renamed to Plus Messenger, after their original project got a cease-and-desist order from WhatsApp. In September 2015, Samsung released a messaging application based on these APIs.
Telegram also offers an API that allows developers to create bots, which are accounts controlled by programs. In February 2016, Forbes launched an AI-powered news bot that pushes popular stories to subscribers and replies to search queries with relevant articles. TechCrunch launched a similar bot in March 2016.
SecurityCryptography experts have expressed both doubts and criticisms on Telegram's MTProto encryption scheme, saying that deploying home-brewed and unproven cryptography may render the encryption vulnerable to bugs that potentially undermine its security, due to a lack of scrutiny. It has also been suggested that Telegram did not employ developers with sufficient expertise or credibility in this field.
Critics have also disputed claims by Telegram that it is "more secure than mass market messengers like WhatsApp and Line", because WhatsApp applies end-to-end encryption to all of its traffic by default and uses the Signal Protocol, which has been "reviewed and endorsed by leading security experts", while Telegram does neither and insecurely stores all messages, media and contacts in their cloud. Since July 2016, Line has also applied end-to-end encryption to all of its messages by default.
The Electronic Frontier Foundation (EFF) listed Telegram on its "Secure Messaging Scorecard" in February 2015. Telegram's default chat function received a score of 4 out of 7 points on the scorecard. It received points for having communications encrypted in transit, having its code open to independent review, having the security design properly documented, and having completed a recent independent security audit. Telegram's default chat function missed points because the communications were not encrypted with keys the provider didn't have access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen. Telegram's optional secret chat function, which provides end-to-end encryption, received a score of 7 out of 7 points on the scorecard. The EFF said that the results "should not be read as endorsements of individual tools or guarantees of their security", and that they were merely indications that the projects were "on the right track".
In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto does not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. The researchers stressed that the attack was of a theoretical nature and they "did not see any way of turning the attack into a full plaintext-recovery attack". Nevertheless, they said they saw "no reason why [Telegram] should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist". The Telegram team responded that the flaw does not affect message security and that "a future patch would address the concern". Telegram 4.6, released in December 2017, supports MTProto 2.0, which Telegram claims now satisfied the conditions for IND-CCA.
In April 2016, accounts of several Russian opposition members were hijacked by intercepting the SMS messages used for login authorization. In response, Telegram recommended using the optional two-factor authentication feature. In May 2016, the Committee to Protect Journalists and Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, recommended against using Telegram because of "its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green".
In June 2017, Pavel Durov claimed publicly that U.S. intelligence agencies tried to bribe the company's developers to weaken Telegram's encryption or install a backdoor during their visit to the U.S. in 2016.
Cryptography contestsTelegram has organized two cryptography contests to challenge its own security. Third parties were asked to break the service's cryptography and disclose the information contained within a secret chat between two computer-controlled users. A reward of respectively US$200,000 and US$300,000 was offered. Both of these contests expired with no winners. Security researcher Moxie Marlinspike and commenters on Hacker News criticized the first contest for being rigged or framed in Telegram's favor and said that Telegram's statements on the value of these contests as proof of the cryptography's quality are misleading.
In July 2015, it was reported that China blocked access to Telegram Messenger. According to state-owned People's Daily, Chinese human rights lawyers used Telegram to criticize the Chinese Government and the Communist Party of China.
In June 2016, it was found that some ISPs in Bahrain had started to block Telegram. In June 2017 the service faced serious pressure from Russian regulator Roscomnadzor, who tried to force Telegram to register in the official telecommunication services registry, which implies serious liability for a registered party. After week-long negotiations and seeming imminent blockage of the service, the conflict ceased after high officials pulled some strings with the regulator. On 14 July 2017, eleven domain name servers related to Telegram were banned by the Indonesian Communication and Information Ministry with the possibility of closing all Telegram applications in Indonesia if Telegram did not make a standard operating procedure to maintain content that was considered unlawful in the apps. In August 2017, Indonesian Government has opened full access of Telegram, after Telegram has made self censorship about negative contents mainly radicalism and terrorism. Telegram said that about 10 channels/groups have been deleted from Telegram everyday due to are categorized as negative contents.
In October 2017, Telegram was inaccessible to users in Pakistan, and as of 17 November 2017, it has been completely blocked as per instructions from PTA, Pakistan's largest ISP, PTCL mentioned this in a tweet to a user.
On December 30, 2017, during anti-government demonstrations across Iran, Telegram has shut down a channel of the Iranian opposition that published calls to use Molotov cocktails against the police, after receiving a complaint from the Iranian government. Pavel Durov explained that the reason for the blocking was a "no calls to violence" policy and confirmed that criticizing local authorities, challenging the status quo and engaging in political debate were seen as "OK" by the platform, while "promoting violence" was not. The opposition group promised to comply with Telegram rules and created a new channel which amassed 700,000 subscribers in less than 24 hours. On December, 31, the Iranian government announced that Telegram has been "temporarily restricted" in order to "ensure calm and security" after the company said it refused to shut down peaceful protesting channels. On January, 13, the app was unblocked by an order of the president Hassan Rouhani, who said that "more than 100,000 jobs had been lost” in Iran as a result of the ban on Telegram. Channels of the opposition remain operational.
Use by terroristsIn September 2015, in response to a question about the use of Telegram by Islamic State of Iraq and the Levant (ISIS), Pavel Durov stated: "I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism." ISIS has recommended Telegram to its supporters and members and in October 2015 they were able to double the number of followers of their official channel to 9,000. In November 2015, Telegram announced that it had blocked 78 public channels operated by ISIS, which were used for spreading propaganda and mass communication. Telegram stated that it would block public channels and bots that are related to terrorism, but it would not honor "politically-motivated censorship" based on "local restrictions on freedom of speech" and that it allowed "peaceful expression of alternative opinions." Telegram's usage for ISIS's propaganda has reignited the encryption debate and encrypted messaging applications have faced new scrutiny. It has also led to tabloids labeling Telegram as a "jihadi messaging app".
In August 2016, French anti-terrorism investigators asserted that the two ISIS-directed Jihadists who fatally cut the throat of a priest in Saint-Étienne-du-Rouvray in Normandy, France, and videoed the murder, had communicated via Telegram and "used the app to coordinate their plans for the attack". ISIS's media wing subsequently posted a video on Telegram, showing the pair pledging allegiance. A CNN news report stated that Telegram "has become known as a preferred means of communication for the terror group ISIS and was used by the ISIS cell that plotted the Paris terror attacks in November".
In June 2017, the Russian communications regulator, Roscomnadzor, hinted at the possibility of blocking Telegram in Russia due to its usage by terrorists.
In July 2017, Director General of Application and Informatics of the Indonesian Ministry of Communication and Informatics, Semuel Abrijani Pangerapan, said eleven DNS servers of Telegram were blocked (see § Censorship) because there are many canals that contain propaganda of radicalism and terrorism, how to assemble bombs, "disturbing images", and other things that are against the Indonesian law. In August 2017, however, Indonesia lifted the block after countermeasures against negative contents were deployed in association with Telegram LLP.