Durov, Telegram and responsibility
The founder and head of the Telegram messenger, multimillionaire Pavel Durov was detained by police immediately after arrival at Le Bourget airport. French law enforcement have long been unhappy with Durov’s refusal to moderate content and to cooperate with authorities in disclosing information about users suspected of distributing drugs, child pornography, fraud and other criminal activity. Moderation is nearly nonexistent on Telegram except the most severe cases like islamist terrorism: usually banning their public channels.
However, Telegram did also cooperate with Putin's Russia authorities in banning Navalny's "smart voting." Durov's own explanation for this was that "it is better to ban Navalny than ban Telegram in Russia." This is clearly a deceit because a few years before that, Russian authorities have demonstrated their inability to block Telegram.
Durov is positioning himself as a hardcore libertarian protecting all kinds of
freedoms, especially the freedom of speech and expression (against evil state).
Many believe it is true, hence the wave of public support: #FreePavel
.
The real picture is, however, quite different. Apart from the very extravagant personality of Pavel Durov (many still remember as he threw rouble banknotes from his St. Petersburg head office balcony for personal amusement), neither the Telegram platform nor the company in fact have anything in common with protecting liberties. Telegram is quite a standard commercial walled garden platform with the main aim to monetize its growing user base. "Privacy" for Telegram is nothing more than a marketing ploy.
Telegram is advertised as "secure" and "private" although it has from the beginning been devised as a centralized platform aimed to get exclusive control over its users' communication. There is no end-to-end encryption by default. The MTProto protocol used by Telegram is a home-made thing, never seriously audited by cryptography experts. The Telegram client is open source (and is even available in blob-free open source version on F-Droid), but the server is not. So nothing is known about what actually happens with the user's communication data and metadata. This is not a minor thing because Telegram keeps all the data on its cloud servers for user's "convenience." This means that all the messages are unencrypted (for Telegram), and potentially accessible to the third parties.
Fun, soon after Durov's detention in Paris, bureaucrats from the administration of the president in Russia, the ministry of defence and large state owned corporations were instructed to delete their Telegram communications. No, this won't help if everything is kept on the cloud servers. It is well known that Telegram has a reputation of "inaccessible to FSB" and therefore widely used by a range of Russian governmental and military users. These people have been reluctant to use the official "safe" and "encrypted" tools that have full FSB certification because they believe (quite reasonably) that these are all wiretapped. Telegram is also the common communication tool for Russian troops attacking Ukraine. Now it is easy to guess how confused and scared they are!
Every user of Telegram is identified with and linked to the mobile number, which is really a mockery of privacy. Participants of Hong Kong protests were able to verify this: the mobile numbers and therefore personal identity of many of them were easily obtained from by the "private" Telegram by the mainland Chinese police. To access the account of most users (two-step auth is not enabled by default, there is no password for most users!) the attacker just needs... access to the SMS, which is a trivial task for the mobile operator and therefore the law enforcement (or in many cases even a hacker using social engineering to reissue the SIM-card). Then the content is not encrypted, except for the "secret chats" that only few actually use.
Some years ago, Russian authorities tried to access Telegram contents of quite a few members of Putin's opposition by secretly coercing the mobile operators to forward authentication codes sent by SMS. Admins of quite a few Russian and Belorussian opposition chats and even regular subscribers were also identified. There exist several OSINT tools that help identify Telegram chatters, some are available for just everyone for a moderate price.
Not only privacy and security, but even data integrity of Telegram is questionable. The company protocols of dealing with the data are questionable. There are rumors that some years ago Durov himself deleted Telegram chats of his personal rivals at will.
Telegram is "free" to users, but running it incurs huge costs. Who pays then? The users actually pay for it with their ever accumulating private data (their privacy), their increasing flock size, traffic and now also paid subscription and the TON cryptocurrency.
Telegram has always been a secretive non-transparent company. There are rumors that its major investors include Emirates' funds with the major beneficiaries from Russia. Even though Durov usually denies any links with Russia, Telegram very likely significantly depends on Russian oligarchs' money. But little is still known about the financial affairs at Telegram. Also little is known about the organizational structure of Telegram. Nonetheless, everything looks like a single person--the CEO Pavel Durov--has the complete control over everything, from technology to HR, finances and relations with investors.
It looks like Durov has created a platform advertised for "freedom" and "privacy," inviting everyone for whatever purposes, even the most evil and criminal ones. But Telegram was deliberately created as a single centralized platform, apparently to benefit from the full control for profit. Full control, however, involves full responsibility, including law enforcement access and moderation.
"Guardians of internet freedoms" say that accusing Durov of complicity in crimes the users do is equal to accusing the manufacturer of a hammer: everyone can use it for nailing as well as for killing, all outside of the maker's control or even knowledge. But this is not true. In the case of Telegram, the instrument is not given to the users. Users do not possess it. They are just allowed to hold it for a while. Durov's situation is equivalent to renting out a hammer for securing profits, without asking if it is actually used for nailing or killing. And even knowing that in many cases it is in fact used for killing, breaking into houses and other criminal purposes. The purpose is profit. Then, those who rent out the hammer are responsible for what their paying users do with it. Any benefits obtained from criminal abuse of the hammer are complicity, even if indirect.
The only way to protect liberties and freedom of speech and expression is through decentralized or federated platforms. Then, the end user is the owner of the decentralized unit and bears full responsibility for his/her own use. Decentralized technology is not only safer and more secure, but also more responsible.