Why Telegram isn’t as secure as you think

Telegram is marketed as a secure messaging app and used by Hong Kong protesters, but experts say it has flaws

Reading Time:3 minutes

Why Telegram isn’t as secure as you think

Published: 8:47pm, 13 Jun 2019Updated: 9:06am, 20 Sep 2019

This article originally appeared on ABACUS

When thousands of protesters took to the streets in Hong Kong Wednesday to protest a controversial extradition law, many turned to Telegram to get organized. Pitched as a secure communication tool, Telegram has been used by both activists and terrorists to avoid government scrutiny. But just how secure is it really?

Hang on a second, what exactly is Telegram?

Telegram is a free messaging app. Just like other similar services, you can send texts, videos and other files.

The platform was founded in 2013 by Pavel Durov, a Russian entrepreneur currently in exile after a spat with the administration of President Vladimir Putin. The company is registered both in the US and the UK, and it runs mostly on funds from Durov himself.

Telegram boasted 200 million monthly active users in March 2018, roughly 13% of WhatsApp’s user base at the time. In March this year, Telegram reported a sudden surge of 3 million new users within 24 hours when Facebook Messenger, Instagram and WhatsApp all suffered temporary outages.

Why is Telegram in the spotlight in Hong Kong?

The messaging app has become one of Hong Kong’s most downloaded apps this week, according to App Annie, as massive protests erupted in the city.

Demonstrators occupied a key road near the government headquarters on Wednesday, calling for the city’s leader to shelve a bill that would enable Beijing to extradite fugitives to mainland China. Authorities say the law is designed to plug loopholes, but critics fear it would be used to target political dissidents.

Protesters used Telegram to share news and exchange logistic details. Some of these groups or channels have tens of thousands of members and subscribers. On the same day, though, Telegram reported that it suffered a distributed denial of service (DDoS) attack, as its servers became overloaded with an extraordinarily large number of requests.

Telegram’s Durov said the IP addresses executing the attacks came “mostly from China.”