Du Rove's Channel
13.6M subscribers
76 photos
14 videos
136 links
Thoughts from the CEO of Telegram
Download Telegram
Happy Equinox / Nowruz (which this year are just 1 day apart)!

This is one of the days of the year that I think are worth celebrating. Among other things, it has an objective astronomical value – days are now officially longer than nights. On such occasions, I make wishes.

One of the wishes I’m making today is that the quality of the media increases. Unfortunately, almost every time I read an article about technology or messaging, some part of it turns out to be inaccurate or plainly false. For example, last week many news outlets came out with articles saying that WhatsApp and Telegram had a major security flaw. In fact, it was only WhatsApp that had a serious problem, while Telegram had a minor issue that was nowhere near.

Even after we made an official statement (http://telegra.ph/Checkpoint-Confusion-NEWS) very few media corrected their catchy (but false) headlines. This is just one of many instances that witnessed the degradation of the media this year. Every day they sacrifice truth in order to sell more ads.

Let us hope the situation changes, but let us also try to make reporters accountable every time they act unprofessionally and neglect fact checking.
Happy April Fools' Day! 🤡 Check out the trending stickers tab, featuring Mr. Trump, Marilyn Monroe and (more importantly) Lazy Panda 🐼
As you may have heard, we have recently launched encrypted voice calls for Telegram. They are super-easy to use and improve themselves over time using machine learning.

Personally, I rarely make voice calls. When I lived in Russia, I developed the habit of NEVER speaking over the phone, as every conversation was being recorded by corrupt law enforcement agencies. This habit stayed with me even after I left Russia a few years ago. I don't expect agencies in other countries to have more respect for privacy than their Russian counterparts. In my opinion, they're the same everywhere, some are just better at marketing.

My phone habits may change now that I use secure calls via Telegram to communicate with my team and family members. Unfortunately, not everyone in the world will be able to enjoy the same.

In countries like Saudi Arabia, Telegram traffic is throttled in order to discourage usage. In others, like China and Oman, it's blocked completely. In Iran, where Telegram has some 40 million active users, Telegram voice calls have been completely blocked by the country's internet providers and mobile operators following an order from the judiciary (more about this here – http://telegra.ph/Telegram-Calls-in-Iran-NEWS).

Telegram has historically had problems with regulators in some parts of the world because, unlike other services, we consistently defended our users' privacy and have never made any deals with governments. In three and a half years of existence to date, Telegram disclosed exactly zero bytes of users' data to any third-party.

Services like WhatsApp, on the other hand, are not blocked in China, Saudi Arabia, Iran, or other countries with a history of censorship. This is the case because WhatsApp (and its parent company Facebook) are eager to trade user trust for an increased market share. The claim that “WhatsApp and third parties can’t read or listen to your WhatsApp messages and calls” – is completely false. WhatsApp actually can read and listen in to your calls and messages, as they are able to invisibly change the encryption keys for 99.99% of their users (more about this backdoor-disguised-as-a-feature here – http://telegra.ph/whatsapp-backdoor-01-16). So much for "End-to-End Encryption".

Moreover, third parties like Google or Apple have direct access to most of WhatsApp's users' chat history. This is because WhatsApp tricked the majority of users into allowing third party backups. And the sharing doesn't stop with just these third parties. Apple and Google in turn have to deal with data requests from all the countries they have business in, and so the data flows.

By claiming that they are secure, our competitors may be involved in the single largest case of consumer fraud in human history.

By comparison, Telegram relies on end-to-end encryption assisted by a built-in encrypted and distributed cloud for messages and media. The relevant decryption keys are split into parts and are spread across different jurisdictions. This structure makes your cloud data a hundred times more protected and secure than when it is stored by Google, Facebook, or Apple.

No wonder governments and regulators are unhappy with Telegram. Well, let them block us as much as they want. We won't change our principles or betray our users. I know it’s not great to have Telegram (or parts of it) restricted in your country. But sometimes it’s better to stop using a communication service entirely than to keep using it with misplaced trust in its security.

It's why I avoided voice calls for years, in Russia and beyond. It's also why I'm coming back to them now, on Telegram.
Some thoughts on Indonesia

A lot of Telegram's early adopters come from Indonesia, and now we have several million users in that beautiful country. I am personally a big fan of Indonesia – I’ve been there a few times and have many friends there.

So it made me upset to hear that the Indonesian Ministry of Communication and IT suggested they would have to block Telegram in Indonesia. It turns out that the officials of the Ministry recently emailed us a list of public channels with terrorism-related content on Telegram, and our team was unable to quickly process them.

Unfortunately, I was unaware of these requests, which caused this miscommunication with the Ministry. To fix the current situation, we're implementing the following 3-step solution:

1) We have blocked all the terrorist-related public channels that have been previously reported to us by the Ministry of Communication and IT of Indonesia.
2) I emailed back to the Ministry to establish a direct channel of communication, which should allow us to work more efficiently on identifying and blocking terrorist propaganda in the future.
3) We are forming a dedicated team of moderators with knowledge of Indonesian language and culture to be able to process reports of terrorist-related content more quickly and accurately.

Telegram is heavily encrypted and privacy-oriented, but we’re no friends of terrorists – in fact, every month we block thousands of ISIS-related public channels and publish the result of this work in @isiswatch. We’re constantly striving to be more efficient at preventing terrorist propaganda, and are always open to ideas on how to get better at this.

I emailed the Ministry my suggestions above to hear their feedback. I am confident we can efficiently eradicate terrorist propaganda without disrupting the legitimate use of Telegram by millions of Indonesians. I will keep you updated in this channel on how Telegram will develop in Indonesia – and globally.
There’s a weird rumor being spread in Iran about Telegram moving servers there. The idea of a privacy-oriented messaging app like Telegram moving its servers to a country with a history of Internet censorship is absurd and is hardly worth commenting on. However, it’s interesting to try to understand why such rumors appear in the first place. I can think of two reasons for that.

1. First, countries such as Iran or Russia usually try to pass laws ordering Internet companies to store private data on their territory. Sometimes officials in those countries make loud claims that turn out to be false (“Apple agreed to host private data of their users in our country”). It’s pretty obvious that Telegram can’t comply with any such demands due to our strict Privacy Policy. We won’t be able to put the privacy of our users at risk, even if rejecting such demands means getting blocked in some countries. We’d rather lose a big market (like we did in China) than compromise a single byte of private data of our users.

2. Second, some politicians and journalists discussing “servers” of a company in a country are confused about the terms and what they actually mean by “servers”. Along with a company’s servers that store private data in safe places, there also are internet providers that deliver its encrypted traffic to users, and third party caching nodes (CDNs) that make sure popular public content doesn’t go twice around the globe every time to reach its users. If Telegram servers store data, these third parties merely provide connectivity between Telegram servers and its users.

It seems that politicians / journalists sometimes refer to an internet traffic provider or a CDN provider that delivers or caches encrypted data of Telegram as “Telegram” or “Telegram servers“, thus misleading the public. There’s a world of difference between them: Telegram servers store private data and will never “travel” to countries with internet censorship, while internet providers and CDNs operate all over the world and have no access to private data of Telegram (and other secure apps).

All popular apps have to work with ISPs and CDNs in order to make sure users can get their traffic in a fast and reliable way, but unlike some of them, we at Telegram are always 100% transparent about how we encrypt and store data. That's why I will soon share more details about how exactly Telegram plans to work with third parties such as CDN providers to guarantee speed and security for our users all around the globe.

However, while we keep researching ways to improve connectivity and speed for our users globally, there’s one thing we will never do: we will never change the location of our servers or change our Privacy Policy due to restricting laws or threats from local officials. The only party Telegram can be held responsible to is our users, and only our users can dictate us their wishes and demands.
As I promised above, I’m posting more details about how relying on third party CDN caching nodes can securely increase download speed of viral public content in places where Telegram wouldn’t want to place its own servers.

Overview: https://telegram.org/blog/encrypted-cdns
Technical info for client devs: https://core.telegram.org/cdn
CDN FAQ: https://core.telegram.org/techfaq#encrypted-cdns
CDN FAQ in Persian: https://core.telegram.org/cdn/faq_ir

As you can see, CDN caching nodes have nothing to do with relocating Telegram servers or complying with unreasonable local laws. CDNs are merely tools to upgrade connectivity for millions of users in a secure way. We treat these CDN nodes just like we treat the nodes of your internet provider – they only ever get encrypted junk they can't decipher.

What is best about Telegram is that you don’t have to take my word when in comes to security – everyone is welcome to verify the implementation of CDN nodes in the updated Telegram clients for iOS and Android https://telegram.org/apps#source-code. In addition, you might want to have a look at our docs above to check that all is safe.

We rely on an international CDN provider which helps us with caching nodes all over the world. Telegram has nothing to lose if a local government decides to disrupt a caching node on their territory, since the CDN is not our property, and no private data can even in theory be affected. Thus we don’t get into dependance from local governments and laws, have no legal or financial risks, but significantly improve speed of downloads for public content.

If, despite of all of the above, some media come out with clickbait titles like “Telegram moved their servers to North Korea”, please help us by spreading the word about the real situation described in the links in this message. Thanks for reading this, and – as always – I'll keep you updated on everything that goes on around Telegram globally here in my channel.
Since some journalists don’t read my Telegram channel (a shame!), I made a Telegraph story about rumors on Telegram moving servers to weird places. It repeats some of the stuff from the last two posts from here, but could be useful as a summary of all our CDN-related posts. Spread the word!

http://telegra.ph/On-Rumors-About-Telegram-Servers-in-Weird-Places-07-30
I haven’t realized how many dedicated users we had in Indonesia until yesterday. I’m still excited by the warm reception in Jakarta. The amount of support and love I got during my yesterday’s visit there is incredible.

In addition to meeting local coders and early adopters of Telegram, I had a lunch with Mr. Rudiantara, the Minister of Communication of Indonesia. Our previous attempts to connect with Mr. Rudi failed because of unreceived e-mails (e-mail is unreliable – let us all switch to Telegram!), but in the end it was all for the best since we managed to establish a great personal connection.

There can’t be any secrets between Telegram and its users, since it’s you guys who made Telegram popular, not governments or shareholders or advertisers (it’s sad other IT companies sometimes forget that). So we organized a quick 15-minute press conference to inform the public about the contents of our meeting with Mr. Rudi.

As a result of this meeting, we've opened a direct channel of communication on Telegram between our teams to quickly eradicate public content that contains terrorist propaganda. We also added Indonesian speakers to our team, and all of this means that we'll be able to process reports about terrorist propaganda within a few hours instead of 1-2 days.

The Minister assured me that he shares our respect for privacy, and the right for privacy is guaranteed by the Constitution of Indonesia. I was happy to hear that, because - unfortunately - governments of some other big countries in Asia don’t always get it (yes, China, I am looking at you now).

We at Telegram are proud that we haven’t disclosed a single byte of private data to any third party since we started – and we are going to keep it that way, with no exceptions anywhere.

I also shared some Telegram growth stats at the quick press event yesterday:

- Every day, 600,000 new users sign up for Telegram globally.
- Every day, 20,000 new users sign up for Telegram from Indonesia.

Thanks for the support, Indonesia and the World!
What is Instant View and Why It's Important

A few years ago, Telegram was one of the first messaging apps to generate previews for links shared in messages. Since then, some of our competitors started to do the same, but we at Telegram like to raise the bar when it comes to messaging. Our ambition now is not only to show you a small snippet previewing the link you were sent, but to give you a quick and easy way to view the contents of the link without having to load the page in your browser.

We call this technology instant View. Instant View is a way to read articles without leaving Telegram, just like you can read this post from the Telegram blog https://telegram.org/blog/first-IV-contest (don’t click on the link, tap Instant View below this message on iOS/Android). Instant View is also the most private and secure means of viewing web stories, because your IP address, cookies and metadata are not logged this way.

The big news this week is that Instant View now supports links from 2,277 websites. From now on, not just Telegram or Medium blog posts, but links to stories of pretty much every mainstream media have an Instant View. This is the result of an epic crowdsourcing effort of 558 coders, who have submitted 37,507 sets of rules to generate instant views. Since May, our platform allowed alternative sets of rules to compete, so that the most accurate ones would ultimately win and bring $100 each to their authors.

As a result, we distributed $251,664 as prizes among 206 winners. This might seem like a lot of money, but no one has ever done anything like that before – the winners virtually helped us parse a big chunk of the internet into a predictable format. The scope of this project is unprecedented, and I’m certain we’re a few years ahead of the competition here (to be fair – Facebook has a similar tech called Instant Articles, but it supports only a handful of web-sites, because, unlike Instant Views, it requires significant effort from publishers to set it up).

On some Instant Views you will see a ‘Join’ button that allows you to subscribe to the channel of the media that published the story. This means their news site added a code on its page that refers to its Telegram channel (like <meta name="telegram:channel" content=“@nameofthechannel”>). This will allow publishers to establish direct connection with their readers on Telegram, eventually monetizing this link sharing activity on our platform.

Of course, there’s still a lot left to do. If Instant View is gradually replacing your web-browser for links, its UI should have features that will allow you to bookmark a page to return to it later (bookmarks, tabs, history). And while 2,277 is already a huge and unprecedented number (the full list of supported domains is here https://instantview.telegram.org/contest), eventually we’d like to support many more websites. The end goal is to make almost all the stories that you share on Telegram instantly viewable.
We launched Telegram for iOS exactly 4 years ago, on the 14th of August, 2013. It’s been an amazing 4 years, mostly because of your continuous support and feedback.

Telegram is growing like a rocket: 50+% annual growth rate in MAU/DAU, over half a million daily signups. And while you can do a lot with Telegram already, there are many more features and ideas that we are yet to implement. It might sound like a cliche, but this is just the beginning.

I know you love Telegram for its superior technology and constant innovation. But I believe the real value of Telegram lies in you – the dedicated Telegram community that shares our passion for freedom and privacy (don’t worry though, the tech superiority part is not going anywhere 😉).
Speaking of Telegram's superior technology, a user recently asked me why Telegram “isn’t end-to-end encrypted by default” while some other popular apps are. The question is based on a popular myth, so I wrote a lengthy post about Telegram architecture to disprove it: http://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14

In short: when it comes to popular / usable messaging apps, Telegram is the most secure way of communication – was, is, and will be.
New Rules for Alternative Telegram Clients

Among many other things, Telegram is unique in that independent developers can create their own Telegram clients. The source code of all our apps is open, and we provide a 100% open and free API on the server side for anyone to build upon.

This level of openness and transparency is unprecedented for mass market messaging apps, and we are proud to provide it. Thanks to this, hundreds of third-party client apps were created for Telegram, and some of them have now reached tens of millions of downloads.

As the Telegram ecosystem grows, however, a need for consistency and predictability arises. This is particularly important when the privacy of users is concerned. For example, self-destructing media should always get self-destructed in all apps in the ecosystem. Providing a way to keep self-destructing media on the receiving end may be tempting, but this would break the trust and violate the privacy of the users that share them.

This is why earlier this week we updated the Terms of Service of the Telegram API. Not much has changed: our API is as free and open, as always. However, we’ve added some new guidelines to the ToS, which are aimed at better protecting the privacy and security of the users, preserving expected behavior across the ecosystem, and also at increasing the transparency of how third-party forks work.

If you are a user or a developer of an alternative Telegram client, please have a look at the updated Terms of Service here – https://core.telegram.org/api/terms. We hope that these new guidelines will allow third party developers to make their apps more useful and secure than ever.
If you haven’t read it yet, here’s the full story about the US agencies’ attempts to infiltrate Telegram last year: https://thebaffler.com/salvos/the-crypto-keepers-levine

It tells how the FBI tried to influence me and bribe our engineer in May 2016 to make Telegram less secure. Luckily, since neither of us are US citizens, we could afford to refuse their offers and I was able to tell the public about these attempts. If we were American citizens, the FBI would have likely tried to silence us using a legal procedure called a "gag order" – when the US authorities can not only demand that you do something (like plant a backdoor into your app), but also prohibit you from telling the public about it (otherwise you can end up in jail).

That whole story made me ask myself this question: if our team experienced such pressure during just one week’s trip to America, what kind of pressure are US-based tech companies facing every day? How can a privacy oriented company permanently operate from America? We can hope that the open US legal system would defend them, but due to the secrecy of these “gag orders” we would never even know if things went wrong. And unfortunately, Edward Snowden’s revelations confirm some of the worst fears.

The article also provides facts that confirm something that I always feared could be true – that some of the famous and most vocal US-based influencers within the cryptography world are sponsored by the US government to push the agenda of its agencies. Some past cases are widely known (like NSA infiltrating RSA), but it looks like the level of collaboration between US agencies and these influential “privacy advocates” is much deeper.

All of this makes protecting privacy really hard, particularly considering the fact that Google and Apple – the two companies which we are dependent on for mobile operating systems – are based in the US. I don't see any easy recipe or solution to fix this. I wish one day huge companies like Apple and Google can become independent of any government that can distort the mission of their founders (maybe start their own countries?).

Until then, I’ll continue doing my part building Telegram and protecting our users, even if that will require speaking out under gag orders. I know this can probably get me into trouble some day, as it did in the past when I was living in Russia. But this is the only way I can imagine myself going forward, so I don't have and won’t have any regrets. It’s all worth it because of you guys – the millions of users who entrusted their private data to Telegram.
On the September 13th Connection Issues

Yesterday Telegram experienced something extraordinary. At 17:45 UTC there was an immense spike in user activity on Telegram that exceeded our peak load by 5 times.

Telegram is different from most other internet services in that we use a distributed server infrastructure, so peak loads cannot make the whole of Telegram go down. However, if one of the Telegram clusters is severely affected, a part of our users can experience difficulties sending and receiving messages.

This is exactly what happened yesterday. Due to the spike, one of the Telegram server clusters went down in part and approximately 15% of the users who were online at the time experienced connection issues from 17:45 to 18:10. The issues were partially fixed at 18:10, but about 11% of online users could still face slow or no performance until 19:00 when the problem was permanently fixed.

The regions that were most affected are Germany, Iraq and the CIS – most notably, Uzbekistan, Russia, Ukraine, Kazakhstan and Belarus. We briefly commented on the situation via Twitter, but I’d like to tell more extensively about it here.

1. First of all, we are extremely sorry for the inconvenience this has caused. The cluster that went down hasn’t had any issues for a few years now, so I can imagine the shock of the users affected by yesterday’s downtime. We understand that you use Telegram constantly for work and leisure, and that we must be online 100% of the time. We take yesterday’s issues very seriously.

2. Secondly, to make sure this doesn’t happen again, we identified the cause of the problem and have eliminated the bottlenecks in our infrastructure that caused the downtime. We think that x5 peak load spikes won’t be a problem any longer. We've also set up a plan to be able to cope with x20 load spikes (however unlikely the x20 scenario may seem) before the end of 2017.

While unfortunately no one can completely rule out the chance of another downtime some time in the future (there’s always a slight probability of some unexpected Black Swan event), I can assure you that we at Telegram are working hard at taking this chance to the lowest in the industry.

We strive to be the winner in every aspect including availability. So far the Telegram uptime stats look good compared to other major communication services – also because Telegram can never go down entirely around the world. But we are not satisfied with just that, and our work continues.

Thanks for your attention, and again – apologizes to anyone who was affected.
Why I Can't Visit Iran and Russia

Today, Iran joined the list of countries I can't travel to – Tehran's prosecutor just filed criminal charges against me there. More than 40 million people use Telegram in Iran and we've never blocked a single political channel and gave up exactly zero bytes of data to the government (in Iran and elsewhere).

Russia, where we have about 10 million users, is also rushing to join Iran in filing charges against the Telegram management. They seem to be unhappy because we won't comply with the unconstitutional "Yarovaya laws" and won't give them the encryption keys they wanted. I always publish such demands online, and did the same today with the documents that the FSB has been sending to our London office in the past weeks.

Because of my parents, not being able to visit Russia on occasion is more painful for me than never going to Iran. But Mom and Dad are not too old to travel and the globe is still pretty big.
Disruptions, China and Principles

Our Asian users may have noticed two nasty disruptions in our service in the past week. The Singapore data center we’re using has been causing trouble due to a faulty UPS system. Power losses are something that is never supposed to happen in a data center, so at some point I even thought that this could have been an act of sabotage.

Most likely though, it was “just” a major hardware malfunction. The faulty UPS (Uninterruptible Power Sources) are being replaced by the data center staff as I’m typing this. I hope this will make things right as the absence of power supply is one of the few things we can’t fix by ourselves.

Asia is obviously a huge market for Telegram. However, as you may remember, Telegram has been blocked in China – the continent’s largest market – since 2015, when the Chinese human rights activists started using Telegram to communicate.

We didn’t try to get unblocked there by negotiating with the Chinese authorities. It’s pretty obvious that the Chinese government's desire for total control over its population is incompatible with our values. However, Telegram is still available through VPN services, and recently more Chinese users started to join Telegram after their local app WeChat got compromised –

https://www.bloomberg.com/news/articles/2017-09-15/china-s-wechat-crackdown-drives-bitcoin-devotees-to-telegram

For us this is just another indication that sticking to your principles makes more sense than yielding to pressure. In the long run, compromise based on lies and violations of rights gets you nowhere.
Why Charges Against Us in Iran And Russia Don’t Matter

Some users ask me how the charges in Iran and Russia will affect Telegram and me personally. The simple answer to this is: they won’t.

It’s easy for me not to travel to Iran – while the country has a rich history and sounds like a fun place, I have no connections with it and can live with that travel ban. It’s a bit more noticeable in case of Russia since I am an ethnic Russian (although with a St. Kitts passport), and my parents live there. Not being able to occasionally drop by is not great, but a small price to pay considering the matters at stake.

Luckily, we don’t have any legal presence in any of these countries. The last remaining link between Telegram and Russia was cut in July, when we terminated our contract with “Telegraf” – a Saint-Petersburg-based company to which we outsourced fighting spam coming from (surprise) Russia and Iran.

“Telegraf” used to play a larger role in the early days of Telegram when I was living in Russia, losing its importance after I left in 2014 with our core team.

Following the events this June when the Russian authorities threatened to block Telegram, “Telegraf” lost its outsourcing contract from Telegram Messenger, let go all of its employees and changed its owner. By September when the Russian authorities started sending warnings to our London office, they had nobody to target in their jurisdiction, not even Russian spam moderators.

This story highlights something local regulators often tend to ignore: it’s 2017, and the world is open and connected. If you pass archaic laws that limit freedoms, all you’ll end up doing is killing your own economy. In the last few years, Google, Oracle and Microsoft (Skype) shut down their development offices in Russia, and many smaller companies followed suit.

While the state of affairs in Iran doesn't look much brighter than in Russia, things seem to be going in the right direction there compared with the situation a few years ago. I’m not an expert on Iran, but one thing about the country is clear to me: despite the continuing debate among the Iranian politicians on how to regulate the Internet, Iran is not blocking Telegram, and for the last few years 40 millions Iranians have been able to securely communicate and to get news from independent sources through Telegram channels. Instagram and WhatsApp are also accessible there.

For any European this would sound like the norm, but unfortunately it’s not always like this in the world. The Chinese and the North Koreans, for example, are far less lucky when it comes to such freedoms, and Saudi Arabia had been throttling Telegram’s traffic until recently. The situation in Iran itself used to be very different: almost all major internet services were blocked in the country several years ago (some of them still are).

Don’t get me wrong: there are probably many things that Iran can change for the better (a more IT-friendly prosecutor of Tehran, perhaps?), but overall it seems that the country is moving in the right direction by becoming more open and market-driven.

I hope that one day Iran and Russia get to a point when we (and other IT companies) will be able to set up offices there. Until then, we’ll continue providing secure messaging to users in these markets from places that respect freedom.

We don't care if specific countries press charges against us for defending the privacy of our users. We are always ready to cut all our personal and business links to such places so that they don't have any leverage on us. They can try to block us on their territory, but, as I've shown in my previous post about China, even this won't always help them. Eventually freedom and privacy will prevail, and those who would like to get back to the 1930s will find themselves on the wrong side of history.