Pavel Durov, the founder of the chat app Telegram, was arrested in late August in France on charges that the company hasn’t done enough to prevent malicious and illegal activity on the app.

One might be tempted to think that Telegram’s high level of data protection would prevent it from effectively addressing malicious activity on the platform: If Telegram can’t read their users’ messages, they can’t spot lawbreakers. Founded in 2013, Telegram has positioned itself as a privacy-focused, secure messaging platform that prioritizes user freedom and data protection. Durov has emphasized his strong commitment to privacy and free speech. In a tweet about the arrest, Durov wrote “Our experience is shaped by our mission to protect our users in authoritarian regimes.”

However, a closer look at the platform’s technology shows that privacy on Telegram is, at best, fragile.
First, while the Telegram’s client-side code was made open source, the server-side code was never opened to the public. This violates a widely embraced idea in cryptography known as Kerckhoffs’s principle, which states that everything in a cryptosystem should be public knowledge, except for the secret keys themselves.

Because the server code is closed source, there is no guarantee that Telegram does not just retain information forever.

While client code, which runs on users’ devices, is responsible for implementing private chats through end-to-end encryption, the server code, which runs on Telegram’s proprietary data centers, could do a lot of things that privacy-focused software is not supposed to do—for example, it can collect metadata, which includes statistics on user activities and geolocations, monitor and even eavesdrop on non-encrypted conversations, and report the information to third parties such as intelligence services or commercial corporations that could misuse it. Because the server code is closed source, there is no guarantee that Telegram does not just retain this information forever. If Telegram does, they could report that information when officially requested by someone, or even worse, provide an opportunity for hackers to leak it, even after you think you’ve deleted it.

Second, even Telegram’s approach to encryption on the client side is not optimal for privacy-focused software: Telegram’s communication is not encrypted end-to-end by default.

Most online communication these days is encrypted, which means that the text you send from your browser to some website is not going through the Internet as clear text, as cryptographers call it, but encrypted—typically by the encryption standard called Transport Layer Security (TLS). While there are benefits to TLS—it encrypts network messages to prevent listeners to the Internet traffic from eavesdropping on the data being transmitted—there is also a downside. The data is encrypted only when it is transmitted over Internet routers, but it is decrypted by intermediate servers—for example, by the Telegram servers. This means that Telegram can read and retain all your conversations.

Telegram inexplicably claims to be “way more secure” than WhatsApp, without offering any proof or reasonable justification.

Unlike TLS, end-to-end encryption ensures that the data is encrypted and decrypted using unique encryption keys that are known only to the sender and the recipient. For example, your chat message is encrypted inside your device, a mobile phone or laptop, and sent in its encrypted form through all the servers, including Telegram’s servers, and decrypted only at the other end—inside the recipient’s device.
End-to-end encryption by default would guarantee that Telegram cannot read your messages under any circumstances. In the case of end-to-end encryption, even the fact that the server source code remains proprietary should not affect the security of the encryption because the servers don’t know the encryption keys.

Yet because Telegram’s end-to-end encryption is not enabled by default, many users may overlook this fact, leaving their communications vulnerable to interception or eavesdropping by Telegram personnel, intelligence services, or hackers. In contrast, another popular messaging service, WhatsApp, not only has end-to-end encryption enabled by default but also extends it to group chats—something Telegram lacks entirely. Despite this crucial difference, Telegram inexplicably claims to be “way more secure” than WhatsApp, without offering any proof or reasonable justification.

It is also important to note that even end-to-end encryption does not prevent Telegram from collecting metadata, meaning that even though the text of your messages cannot be read, one can still see when you sent the message and who the recipient is.

Since the server code is not open source, we don’t know how Telegram manages metadata. Even with end-to-end encryption protecting the content of messages, metadata such as the time, geolocation, and identities of users can still be collected and analyzed, revealing patterns and relationships. This means that metadata can compromise privacy by exposing who is communicating, when, and where—even if the messages themselves remain encrypted and unreadable to outsiders.

Third, for both end-to-end encrypted and standard chats, Telegram uses a proprietary protocol, called MTProto. Because MTProto is proprietary, the full implementation is not publicly available for scrutiny. Proprietary protocols may contain undisclosed vulnerabilities. MTProto has not undergone comprehensive independent security audits comparable to those performed on open-source protocols like the Signal Protocol (which WhatsApp also uses). So, even for so-called secret chats, there is no guarantee that the implementation is secure.
These technical shortcomings have real-life consequences.

Freedom of speech and privacy are fundamental human rights, but we should be careful about how we use the tools that promise to preserve them.

Telegram was blocked in Russia in April 2018 after the company refused to comply with a court order to provide Russian authorities with access to encryption keys, which would have allowed them to decrypt user messages. Despite the ban, Telegram remained accessible to many users in Russia through the use of VPNs and other circumvention tools. In June 2020, Russian authorities suddenly lifted the ban on Telegram. Russia stated that the decision was made in light of Telegram’s willingness to assist in the fight against terrorism by blocking certain channels associated with terrorist activities, although Telegram continued to maintain its stance on user privacy.

But in 2023, Russian opposition activists reported that their messages, although sent through secret chats, had been monitored and read by special forces, which led to their arrests. Telegram suggested that Russian authorities could have gotten access to the chats through a phone-hacking tool like Cellebrite, but the holes in Telegram’s security make it impossible to know for sure.

The struggle between privacy and governmental control is ongoing, and the balance between safeguarding human rights and national security remains a contentious issue. Freedom of speech and privacy are fundamental human rights, but we should be careful about how we use the tools that promise to preserve them. Signal and WhatsApp, unlike Telegram, both have end-to-end encryption enabled by default. In addition, Signal open-sources both the client- and server-side code. This allows security researchers to review the code and confirm that the software is secure and does not conduct surveillance on its users. A full open-source approach would also ensure that private chats are designed in such a way that they cannot be compromised.

Telegram does not offer significantly better privacy or security than average communication services, like Facebook Messenger. When it comes to the niche of truly privacy-centric products—where Telegram is trying hard to position itself—it’s doubtful that Telegram can compete with Signal or even WhatsApp. While even those two aren’t perfect in terms of privacy, they both have a leg up on that self-professed privacy stronghold Telegram. 

This article was inspired by my recent experience at the Black Hat and Defcon cybersecurity conferences. Quantum computing and post-quantum cryptography emerged as major topics, more prominently than ever before. One can say that this is because of the anticipated release of the NIST standard for post-quantum cryptographic algorithms which officially happened immediately after the conferences concluded. However, this release might be just the tip of the iceberg, with significant developments likely hidden from public view. Now, let’s start from the beginning and define what quantum computing is and why we should pay attention to it when it comes to a conversation about payments. 

Unlike traditional computers, which use bits with value 0 or 1 as their elementary building blocks, quantum computing uses so-called qubits, which in addition to regular zeros and ones can enter a special state called superposition. There are special algorithms that use superposition to dramatically speed up calculations which can take forever for regular computers, even supercomputers. One such algorithm, Shor’s, claims the ability to crack public key encryption by solving the problems of factoring large integers and discrete logarithms, which are foundational to Rivest Shamir Adleman (RSA) and Elliptic Curve Cryptography (ECC). I say “claims” because Shor’s algorithm has been theoretically proven and experimentally demonstrated on small quantum systems, but it has not yet been fully realized on large-scale quantum hardware capable of challenging current classical cryptographic systems.

Unfortunately for mathematicians, and fortunately for all of us, quantum computers are not powerful enough yet to execute Shor’s on a full scale sufficient to crack real RSA or ECC keys. But the threat is that such a development could happen at any moment. Remember what happened just less than two years ago with the first release of ChatGPT by OpenAI? Everyone was talking about AI, but no one was expecting a real-life application that can do much more than just chatting. That moment was rather a revolution than evolution. Why should we assume that the same cannot happen with quantum computing?

There is one important difference however between quantum and AI. Companies such as OpenAI are motivated to do a fast release of their work to the public as this means more investment and revenue for them. Quantum computers, however, are not as directly tied to public engagement. National governments and their intelligence services may be even more interested in developing quantum computers than private corporations, and if they do such development and get good results, they will not necessarily publicize their achievements. Instead, they might try to exploit first and crack public communications, cryptocurrencies, and other technologies.

How Is This Applied to Digital Payments?

The first concern is cryptocurrencies, which rely entirely on public key encryption algorithms for security. If Elliptic Curves were cracked today, this would be an immediate crash of Bitcoin, Ethereum, Monero, and hundreds other crypto. All three aforementioned crypto networks, and their numerous forks and mimickers, are based on different flavors of the same ECC. The moment Shor’s algorithm is successfully executed on real keys, the value of most cryptocurrencies could plummet to zero. But if the crackers decide to not make the discovery available to the public, they might first benefit from the ability to crack particular crypto wallets with large amounts. 

But what about traditional payment technologies, like plastic cards, which still account for the majority of processed payments? The plastic payment card industry relatively recently made a full transition to EMV, also known as chip and pin, standard, which means that every payment card has a chip that is supposed to protect cardholder information and transactional data. Guess what is used to protect that data - correct, public key encryption. In EMV, public key encryption algorithms such as RSA and ECC are employed to secure the data exchange between the card and the payment terminal. This ensures that even if the data were intercepted, it would be virtually impossible to decipher without the corresponding private key. One might assume that old magnetic stripe payment cards, with unencrypted data, are safe from cryptographic attacks. While magnetic stripe cards lack encryption, many legacy payment applications and online payment systems still rely on Transport Layer Security (TLS) to secure communications. These applications would be inherently vulnerable to quantum attacks.

However, there is some good news too. Many modern payment systems use a technology called point-to-point encryption (P2PE), when the sensitive cardholder data is encrypted within the card reader device and decrypted only at the payment processor (bank). The most prevalent encryption scheme in P2PE is called DUKPT (Derived Unique Key Per Transaction) which uses symmetric ciphers such as AES (Advanced Encryption Standard). Symmetric algorithms are much more resilient to quantum attacks compared to public key encryption. There is an algorithm called Glover’s that speeds up the brute-forcing of AES ciphers and reduces its security by two times. So, if AES uses a key with 256-bit length, its actual security will be reduced to 128-bit, which is still considered fairly secure today.

​In conclusion, the advent of quantum computing poses a looming threat to the security foundations of both modern and traditional payment systems. While we may not yet be at the precipice of a cryptographic apocalypse, the potential for a sudden quantum leap in computational power demands immediate attention and preparation. Cryptocurrencies, as well as the broader financial industry, must begin transitioning to quantum-resistant algorithms to ensure the continued security and trust of digital and traditional payment systems alike. The time to act is now, before the quantum future becomes our quantum present.