Pavel Durov, CEO of Telegram, has emerged from his silence almost two weeks post his apprehension in France, asserting that the allegations against him are fundamentally flawed.
“In situations where a nation finds dissatisfaction with an internet service, the conventional recourse is to initiate legal proceedings against the service itself,” Durov articulated in a comprehensive 600-word discourse on his Telegram channel.
“Applying laws from an era preceding the advent of smartphones to indict a CEO for transgressions perpetrated by third parties on the platform he oversees is a fundamentally erroneous strategy.”
Durov faced accusations late last month for facilitating various illicit activities on Telegram, encompassing drug trafficking and financial laundering, subsequent to an investigation into an unnamed individual’s dissemination of material related to child sexual exploitation.
He further underscored the challenges of reconciling privacy with security, revealing that Telegram is prepared to withdraw from markets incompatible with its core mission to “safeguard our users within authoritarian regimes.”
Durov attributed the issue to “growing pains that inadvertently facilitated the misuse of our platform by criminals.” The widely-used messaging service has recently surpassed 950 million active users each month.
“This is why I have committed myself to significantly enhance our systems in this respect,” he declared. “We have already embarked on this improvement process internally and will soon provide updates on our advancements.”
The company has recently revised its FAQ to enable users to report illegal content in private and group chats by flagging it for scrutiny through a newly introduced “Report” button, marking a significant policy change and a feature that was previously inaccessible.
Durov’s commentary, however, does not address the absence of default end-to-end encryption (E2EE) protections, which users must manually activate for one-on-one conversations.
“It is also a ‘cloud messenger,’ implying that all messages are stored on Telegram’s servers rather than the user’s device,” Moxie Marlinspike, the creator of the E2EE messaging app Signal, noted.
“With a single inquiry, the Russian Telegram team can access every message the French president has ever sent or received, every message those recipients have sent or received, and every subsequent message in the chain.”
Matthew Green, a security analyst and associate professor of computer science at Johns Hopkins University, further criticized the platform for making the process of enabling E2EE laborious, requiring at least four clicks on Telegram’s iOS app.
“This feature is explicitly disabled for the majority of conversations, and is only available for one-on-one interactions, never for group chats involving more than two participants,” Green commented.
“As an odd quirk, activating end-to-end encryption on Telegram is peculiarly challenging for non-expert users. Secret Chats function only if your interlocutor happens to be online at the time of activation.”