Skip to main content

Secure messengers in war time

· 2 min read

Personal safety and information security go hand-in-hand in modern warfare. Telegram is marketed as secure, but the lack of end-to-end encryption by default means that the conversation history, social graph, and geolocation of Ukrainians fighting for their lives could leak to the Russian regime.

The Russian incursion into the Ukraine will bring severe and nationwide disruptions to power, water supply, and internet access. Survival and physical safety is of course the main priority, but there's a parallel cyber war happening. In the last few days misinformation about Ukraine's resolve to defend Kyiv started spreading, as well as illegitimate appeals to help the Ukrainian people with (irreversible by design) cryptocurrency transfers to scammers.

Meanwhile, Telegram is the most popular messenger in Ukraine, but it’s not secure by default. Its operational centre is in the UAE, a nation that abstained in the UN to veto this war and whose Minister of Foreign Affairs stressed the “strength” of ties to Russia. Under normal circumstances one should assume that Russia and the UAE exchange intelligence. In war times, it's a certainty.

Are you connecting the dots yet?

All contacts, groups, files, and messages going through Telegram are available to anyone with access to Telegram's servers. It's all in there because there's no end-to-end encryption by default.

Using insecure messengers is like inviting foreign governments, hackers, and company employees to every single chat with your friends. If you didn't mind this before because you "had nothing to hide", I'm afraid circumstances have changed.

If you're not using an encrypted messenger already consider using Signal. If you're in a country that blocks it you're welcome to use my Signal proxy to circumvent state-sponsored deep packet inspection firewalls.