In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].

WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].

Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.

But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].

Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.

Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.

[1] – Why WhatsApp will never be secure

[2] – WhatsApp users urged to update app immediately over spying fears

[3] – WhatsApp Android and iOS users are now at risk from malicious video files

[4] – Everything you need to know about PRISM

[5] – NSA taps data from 9 major Net firms

[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'

[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone

[8] – WhatsApp is storing unencrypted backup data on Google Drive

[9] – WhatsApp hack led to targeting of 100 journalists and dissidents

[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources

[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US

[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.

Telegram keeps growing at a rate of ~50% annually in DAU. This extraordinary growth, unfortunately, still comes with certain growing pains.

Yesterday from 1PM to 2PM GMT about 15% of users who were online at that time experienced connection issues on Telegram. This disruption mainly affected users from Germany, Iraq, Uzbekistan, Russia, Ukraine, Kazakhstan and Belarus.

We apologize for each of the messages we failed to deliver during that hour. We are striving to make our platform as reliable as possible. We are proud that, even despite some attempts to disrupt its availability (like the DDoS from China in June), every year Telegram becomes less prone to such issues.

For the past several years, we’ve been fighting the spread of terrorist content on Telegram. We’ve been doing it in a way that is consistent with our values and Privacy Policy. While some pundits quite irresponsibly suggested that absolute privacy and counter-terrorism efforts are mutually exclusive, the success of our regular anti-terror actions prove that this is not the case.

Yesterday Europol recognized our continuous efforts in their statement:

“Telegram is no place for violence, criminal activity and abusers. The company has put forth considerable effort to root out the abusers of the platform by both bolstering its technical capacity in countering malicious content and establishing close partnerships with international organisations such as Europol. 

Thanks to this collaboration, the already-existing content referral tools available to Telegram’s users have been strengthened and expanded. Now, any user is able to refer and classify the content they find inappropriate and violent via the referral feature in public groups and channels. In addition, new technical developments, such as the advanced automated content detection system, continue to strengthen Telegram’s effort in obliterating extremism on the platform even further.”

This follows another Europol report dedicated to the Referral Action Day, in which several tech companies including Telegram took part:

“Whilst Google and Instagram deployed resilience mechanisms across their services, Telegram was the online service provider receiving most of the referral requests during this Action Day. As a result, a significant portion of key actors within the IS network on Telegram was pushed away from the platform. 
 
In the past year and a half, Telegram has also put forth considerable effort to root out the abusers of the platform by both bolstering its technical capacity in countering malicious content and by establishing a close partnership with Europol.”

As I have made clear before, ISIS and their likes will have hard time on Telegram if they continue to spread their message of violence and hatred. After the ISIS attacks in Europe we have zero tolerance for their propaganda on our platform. At the same time, we’ll continue to defend our users' absolute right to privacy like no other service, proving that you don’t have to sacrifice privacy for security. You can – and should – enjoy both.

Recent events showed once again that all WhatsApp users are at risk. My thoughts – https://telegra.ph/Why-Using-WhatsApp-Is-Dangerous-01-30-4

This month we have verified and promoted 17 official news sources, representing Ministries of Health in 17 countries (the constantly growing list is available in @corona). We did this as part of our anti-covid19 initiative announced in early April. While Telegram is not exactly famous for cooperating with government officials, we decided to make one exception globally to help spread information about the virus.

The current pandemic is a threat to our entire species. When it ends, the world will not return to normal. We may witness a civilizational shift that will ripple through generations. It is up to all of us to ensure that the new world about to be born is a better place than the one we're leaving behind.

This is a chance for people to use their time in isolation to create a better version of themselves – and a chance for technology to prove its worth for humanity. I believe we at Telegram should do all we can not only to help contain the pandemic and combat the spread of unverified information – but also to find new ways of moving forwards.

For this reason, in addition to providing informational support, we’ll try to contribute to tackling the problem of education under lockdown. We also have several other anti-covid19 projects in the works at Telegram.

I will announce more details in the next few days on the Telegram Blog.

Stay tuned. And stay safe.

Today is a sad day for us here at Telegram. We are announcing the discontinuation of our blockchain project. Below is a summary of what it was and why we had to abandon it.

https://telegra.ph/What-Was-TON-And-Why-It-Is-Over-05-12