Telegram is reportedly complying with the Iranian government. Image remixed by author.
The mobile messaging application Telegram boasts over 12 million downloads on Cafe Bazaar, Iran's version of the Google Play store. The app's growing popularity in Iran faces its first test, as the Iranian Ministry of ICT asserts that Telegram has agreed to restrict some of its features in Iran at the request of the Iranian government. These features were being used by Iranians to share porn and satirical comments about the Iranian government. Some users are concerned that Telegram's willingness to comply with Iranian government requests might mean future complicity with other Iranian government censorship, or even allow government access to Telegram's data on Iranian users.
Why did you restricted us @telegram !!? #telegram #iran #banned #adult #bots pic.twitter.com/ZuTY1ZkiKq
— Emad Ghasemi (@emadgh_06) August 24, 2015
Telegram's user base has experienced astronomic growth in Iran in the past year as users recognize that the platform is more secure than other mobile messengers such as Viber and WeChat, and not blocked from use in Iran like other secure applications such as CryptoCat. Many users have also reported widespread disruptions and connection difficulties with Viber, causing users to switch to Telegram. Others argue that the design and interface of Telegram, alongside its unique features are reasons for its popularity in Iran. Among those features are “bots“, automated accounts created by both Telegram and third-party users that Telegram says will “teach, play, search, broadcast, remind, connect, integrate with other services, or even pass commands to the Internet of Things.”
Recently, social media sources have been claiming that Telegram is restricting access to some bots because of the type content users are sharing. On August 24, users claimed that attempts to access a porn bot returned the response “Sorry, this bot is no longer available in your country due to local restrictions.”
Concerns with Telegram started at the end of July, when users reported disruptions to Telegram's network connections.
Local network providers are limiting Telegram traffic in Iran. We are trying to find out the reasons.
— Telegram Messenger (@telegram) June 29, 2015
In response, Iran's Ministry of ICT denied meddling with the application's traffic. In an interview with Vice, Telegram's founder Pavel Durov explained that the situation was “not 100% clear” and believed the disruptions were not related to censorship, but rather economics. As he told Vice, the issue was due to the fact that Iranian mobile Internet providers had to pay exorbitant amounts of money to buy Telegram's traffic. Collin Anderson later told Vice that Durov's argument fell flat: “Telegram cannot produce nearly as much traffic as applications such as Instagram, which are not restricted.”
The Ministry later explained that assertions that Telegram would be censored were false, but said that the government's concern about immoral communications on the application would be resolved by restricting access to the platform's stickers bots, as the government had found use of rude Persian language jokes. The sticker bot allows users to create their own custom stickers, a feature widely used by Iranians to depict jokes, some the Iranian government has deemed immoral and against the values of the Islamic Republic.
An example of custom Persian language stickers that are used by Telegram's Iranian users. Image from author.
Following the July network disruption of Telegram, Iran's Minister of Information Communications and Technology, Mahmoud Vaezi, reported that Telegram would not be blocked from access inside Iran. The Minister explained that Telegram's management had been in touch with the Ministry to apologize for their sticker features, and to block access to them accordingly. Telegram has not confirmed their compliance with the Iranian government.
پس از این مصاحبه مسئولین تلگرام با همكاران این نهاد تماس گرفته و عذر خواهی و عنوان كردند سیستمی برای همه كاربران دنیا طراحی کردهاند كه كاربر بتواند استیكر بسازد، اما نمیدانستیم برخی كاربران در ایران از این موضوع سو استفاده میکنند بنابراین مسئولان تلگرام عنوان کردهاند این امكان را در ایران مسدود میکنند تا بتوانند در ایران حضور داشته باشند.
After our interview the administrators of Telegram were in touch with us with regard to this issue and apologized and explained the system was created so all users from around the world could use and design the stickers but we did not know that this would be misused by a few users in Iran. So the managers of Telegram stated that they will disable this option inside of Iran so this app can be used inside Iran.
While the blocking of rude stickers and porn bots might seem minor, these events trigger worries for Iranian Internet users regarding Telegram's relationship with the Iranian government. This worry is compounded by the recent announcement of a new social media monitoring program by the Revolutionary Guards known as Spider, which Vaezi has explained will enable the government's “complete surveillance over social media”.
Telegram boasts secure communications, however security experts have questioned the robustness of its cryptography. Matthew Green, a Professor of Cryptography at John Hopkins University told Global Voices in an email the following, while evaluating the privacy of Telegram:
- Is the cryptography really end-to-end? That is, can the Telegram company read your messages, or are they only available to the two endpoints.
- Does the application protect metadata, such as which users are communicating with each other? Even knowing who spoke to whom, and which IP address they came from, can provide a huge amount of information about communications.
- Is the cryptography any good, and is it usable? Even if the application claims to provide end-to-end encryption, it may do so in a manner that can be exploited by a smart attacker. Or the encryption may be fine, but it could be so difficult to use that most users mess it up and inadvertently make themselves vulnerable.
- Where is the infrastructure located? If the application fails to meet conditions (1) and (2), then the operator can potentially mine a lot of information about your communications. Thus, it really matters what legal jurisdiction they fall into and whether that company (and host country) is likely to cooperate with your government.
With regard to Telegram, specifically, I've looked a bit at the crypto and while I think their hearts are in the right place, the system still needs work. In particular, while Telegram provides end-to-end encrypted messaging, this is not the default setting. All messages are always encrypted — but normal messages are encrypted in a manner that the Telegram server can read. Only ‘secret chats’ are actually encrypted so that only the endpoints can read them.
In addition, users have to master a fairly complicated process of comparing ‘key fingerprints’ in order to ensure that they're really talking to the right person. Which means that someone with access to the Telegram server could potentially intercept their connections.
Regarding Green's fourth condition of cooperation with governments, Telegram has agreed to abide by Iran's censorship policies with regard to its porn bots and stickers. Whether or not Telegram would comply with other Iranian surveillance policies is unknown, but is now of concern to some Iranian users.
Read Full Story from Global Voices Advocacy http://advocacy.globalvoicesonline.org/2015/08/28/is-telegrams-compliance-with-iran-compromising-the-digital-security-of-its-users/
This article by Mahsa Alimardani originally appeared on advocacy.globalvoicesonline.org on August 28, 2015 at 09:02PM
While traffic through Telegram bots can be monitored because it is not end-to-end encrypted, blocking is occurring according to the bot's theme, not on the basis of specific content. As such, certain bots are not available inside Iran. This is a decision likely being made between Telegram and Iran, although there is no official statement from either entity regarding the decision process. Reports on social media have been about the blocking of sexually explicit material.