Every secure messaging app needs a self-destruct button

The growing presence of encrypted communications apps makes a lot of communities safer and stronger. But the possibility of physical device seizure and government coercion is growing as well, which is why every such app should have some kind of self-destruct mode to protect its user and their contacts.

End to end encryption like that you see in Signal and (if you opt into it) WhatsApp is great at preventing governments and other malicious actors from accessing your messages while they are in transit. But as with nearly all cybersecurity matters, physical access to either device or user or both changes things considerably.

For example, take this Hong Kong citizen who was forced to unlock their phone and reveal their followers and other messaging data to police. It’s one thing to do this with a court order to see if, say, a person was secretly cyberstalking someone in violation of a restraining order. It’s quite another to use as a dragnet for political dissidents.

This particular protestor ran a Telegram channel that had a number of followers. But it could just as easily be a Slack room for organizing a protest, or a Facebook group, or anything else. For groups under threat from oppressive government regimes it could be a disaster if the contents or contacts from any of these were revealed to the police.

Just as you should be able to choose exactly what you say to police, you should be able to choose how much your phone can say as well. Secure messaging apps should be the vanguard of this capability.

There are already some dedicated “panic button” type apps, and Apple has thoughtfully developed an “emergency mode” (activated by hitting the power button five times quickly) that locks the phone to biometrics and will wipe it if it is not unlocked within a certain period of time. That’s effective against “Apple pickers” trying to steal a phone or during border or police stops where you don’t want to show ownership by unlocking the phone with your face.

Those are useful and we need more like them — but secure messaging apps are a special case. So what should they do?

The best case scenario, where you have all the time in the world and internet access, isn’t really an important one. You can always delete your account and data voluntarily. What needs work is deleting your account under pressure.

The next best case scenario is that you have perhaps a few seconds or at most a minute to delete or otherwise protect your account. Signal is very good about this: The deletion option is front and center in the options screen, and you don’t have to input any data. WhatsApp and Telegram require you to put in your phone number, which is not ideal — fail to do this correctly and your data is retained.

Signal, left, lets you get on with it. You’ll need to enter your number in WhatsApp (right) and Telegram.

Obviously it’s also important that these apps don’t let users accidentally and irreversibly delete their account. But perhaps there’s a middle road whereby you can temporarily lock it for a preset time period, after which it deletes itself if not unlocked manually. Telegram does have self-destructing accounts, but the shortest time you can delete after is a month.

What really needs improvement is emergency deletion when your phone is no longer in your control. This could be a case of device seizure by police, or perhaps being forced to unlock the phone after you have been arrested. Whatever the case, there need to be options for a user to delete their account outside the ordinary means.

Here are a couple options that could work:

  • Trusted remote deletion: Selected contacts are given the ability via a one-time code or other method to wipe each other’s accounts or chats remotely, no questions asked and no notification created. This would let, for instance, a friend who knows you’ve been arrested remotely remove any sensitive data from your device.
  • Self-destruct timer: Like Telegram’s feature, but better. If you’re going to a protest, or have been “randomly” selected for additional screening or questioning, you can just tell the app to delete itself after a certain duration (as little as a minute perhaps) or at a certain time of the day. Deactivate any time you like, or stall for the five required minutes for it to trigger.
  • Poison PIN: In addition to a normal unlock PIN, users can set a poison PIN that when entered has a variety of user-selectable effects. Delete certain apps, clear contacts, send prewritten messages, unlock or temporarily hard-lock the device, etc.
  • Customizable panic button: Apple’s emergency mode is great, but it would be nice to be able to attach conditions like the poison PIN’s. Sometimes all someone can do is smash that button.

Obviously these open new avenues for calamity and abuse as well, which is why they will need to be explained carefully and perhaps initially hidden in “advanced options” and the like. But overall I think we’ll be safer with them available.

Eventually these roles may be filled by dedicated apps or by the developers of the operating systems on which they run, but it makes sense for the most security-forward app class out there to be the first in the field.

Telegram’s crypto tokens are (kind of) going on sale to the public for the first time

Telegram, the most hyped ICO in the history of ICOs, is finally making its tokens available to retail investors through a limited listing that will precede a full sale later this year — but there are a lot of catches.

The messaging company, which serves as the de facto chat app for the crypto community, raised a record-high $1.7 billion last year through a token sale that was limited to accredited investors. The listing saw unprecedented demand despite a project which, some industry critics argued, recycled old ideas and proposed unmeetable goals.

Now its Gram token will go on sale to regular crypto buyers for the first time next month through a listing on crypto exchange Liquid on July 10. The arrangement is a limited offering before a full public sale in October, but the U.S, China and Japan are among countries where it will not be sold.

It’s notable that Liquid, which recently claimed to have raised funding at a $1 billion valuation, hasn’t struck a deal with Telegram directly. Instead, it has agreed to list an undisclosed number of tokens held by Gram Asia, an organization headquartered in Korea that claims to be the largest holder of Grams in Asia. For now, neither side is saying how many will be on offer and at what price.

Indeed, the press release announcing the deal includes no contribution from Telegram — there is, for example, no quote from its reclusive CEO Pavel Durov — and it sources two media reports to claim that Telegram’s beta program on its testnet is apparently working as planned.

That’s a pretty strange situation, even for the world of crypto, since it is convention for companies to endorse sales and partnerships.

“Unfortunately, that’s Telegram and how they have operated from the beginning,” Liquid CEO Kayamori told TechCrunch in an interview this week.

Despite that ominous radio silence, Kayamori assured us that this token listing is above board and very much part of the plan for TON — the ‘Telegram Open Network’ project that’s being developed by the funds raised through the ICO.

Kayamori said that TON is on track to make a full launch as early as October and that this partial listing from Gram Asia is part of that overall strategy.

Sure, that’s the rhetoric, but it is easy to assume other reasons behind the sale. Such as that Gram Asia is cashing in on anticipation of the full launch or, worse, that the group is dumping its tokens before a product.

Kayamori claimed that isn’t the case.

“A public sale window always planned between the testnet launch and mainnet [full] launch,” he said. “They wanted to work with a regulated exchange to see how it goes before it gets listed [in full] in October.”

“Telegram already has an ecosystem, developers and early token buyers and TON ventures, there are already communities being built up. Based on discussions within these communities, GRAM Asia has put its best step forward to do this public sale,” Kayamori added.

The “regulated” part is important.

One of the reasons Telegram kept quiet during the token sale was to avoid running into legal problems, such as those that fellow chat app Kik is experiencing right now. That caused plenty of issues at the time — with scammers cashing in on demand and token buyers themselves left confused — and the approach means there are many caveats around the sale on Liquid.

Most notably, the Gram tokens will not be tradeable.

Buyers will essentially buy tokens from Gram Asia which, until the tokens are released in October, will be held in USDC — the stable coin backed by Coinbase among others. Only when the distribution process begins will the buyers receive their tokens, but the process itself will be divided into four tranches with one-quarter of the buyer’s tokens distributed every three months.

Kayamori conceded that there may be unofficial over the counter trading, but Liquid “can’t control” that.

Liquid is betting that listing Telegram’s Gram tokens, even in small quantity, will boost its exchange

Then there are aggressive limits on who can buy.

The exchange will require rigorous KYC for prospective buyers, and there is a significant list of countries where Gram tokens will not be sold, and that includes the U.S. and Japan.

The full list is as follows:

Afghanistan, Albania, Bahamas, Belarus, Bosnia & Herzegovina, Botswana, Burundi, Cambodia, Canada, Central African Republic, Cote D’Ivoire, Crimea, Cuba, Democratic People’s Republic of Korea, Democratic Republic of Congo, Eritrea, Ethiopia, Ghana, Guinea, Guinea-Bissau, Iran, Iraq, Japan, Kosovo, Kyrgyzstan, Laos, Lebanon, Liberia, Libya, Macedonia, Malawi, Mali, Moldova, Mozambique, Myanmar (Burma), Pakistan, Serbia, Somalia, South Sudan, Sudan, Syria, Tanzania, Timor-Leste, Trinidad & Tobago, Tunisia, Turkmenistan, Uganda, United States of America (USA), Uzbekistan, Venezuela, Yemen, and Zimbabwe.

Kayamori said he is confident that there will be significant demand despite those restrictions. He explained there is the potential to add more tokens if the allocation — the size of which is not being shared — sells out.

Liquid doesn’t have anything like the volume of top exchanges Binance, OkEx and others that do more than $1 billion in trading daily — Coinmarketcap data ranks it 83rd with over $900 million traded over the last seven days — but it tries to stand out with a focus on regulation. That’s to say that it adheres to regulation in markets like Japan, the bet being that some companies will prefer that approach for their token sales or buying.

That’s worked in terms of this deal with Gram Asia, but it remains to be seen whether it can go from a splashy partnership to one that actually drives significant trading, user engagement and new sign-ups.

For Telegram, the Liquid listing will be an early but limited look at the market’s appetite for its token.

Telegram adds ‘delete everywhere’ nuclear option — killing chat history

Telegram has added a feature that lets a user delete messages in one-to-one and/or group private chats, after the fact, and not only from their own inbox.

The new ‘nuclear option’ delete feature allows a user to selectively delete their own messages and/or messages sent by any/all others in the chat. They don’t even have to have composed the original message or begun the thread to do so. They can just decide it’s time.

Let that sink in.

All it now takes is a few taps to wipe all trace of a historical communication — from both your own inbox and the inbox(es) of whoever else you were chatting with (assuming they’re running the latest version of Telegram’s app).

Just over a year ago Facebook’s founder Mark Zuckerberg was criticized for silently and selectively testing a similar feature by deleting messages he’d sent from his interlocutors’ inboxes — leaving absurdly one-sided conversations. The episode was dubbed yet another Facebook breach of user trust.

Facebook later rolled out a much diluted Unsend feature — giving all users the ability to recall a message they’d sent but only within the first 10 minutes.

Telegram has gone much, much further. This is a perpetual, universal unsend of anything in a private chat.

The “delete any message in both ends in any private chat, anytime” feature has been added in an update to version 5.5 of Telegram — which the messaging app bills as offering “more privacy”, among a slate of other updates including search enhancements and more granular controls.

To delete a message from both ends a user taps on the message, selects ‘delete’ and then they’re offered a choice of ‘delete for [the name of the other person in the chat or for ‘everyone’] or ‘delete for me’. Selecting the former deletes the message everywhere, while the later just removes it from your own inbox.

Explaining the rational for adding such a nuclear option via a post to his public Telegram channel yesterday, founder Pavel Durov argues the feature is necessary because of the risk of old messages being taken out of context — suggesting the problem is getting worse as the volume of private data stored by chat partners continues to grow exponentially.

“Over the last 10-20 years, each of us exchanged millions of messages with thousands of people. Most of those communication logs are stored somewhere in other people’s inboxes, outside of our reach. Relationships start and end, but messaging histories with ex-friends and ex-colleagues remain available forever,” he writes.

“An old message you already forgot about can be taken out of context and used against you decades later. A hasty text you sent to a girlfriends in school can come haunt you in 2030 when you decide to run for mayor.”

Durov goes on to claim that the new wholesale delete gives users “complete control” over messages, regardless of who sent them.

However that’s not really what it does. More accurately it removes control from everyone in any private chat, and opens the door to the most paranoid; lowest common denominator; and/or a sort of general entropy/anarchy — allowing anyone in any private thread to choose to edit or even completely nuke the chat history if they so wish at any moment in time.

The feature could allow for self-servingly and selectively silent and/or malicious edits that are intended to gaslight/screw with others, such as by making them look mad or bad. (A quick screengrab later and a ‘post-truth’ version of a chat thread is ready for sharing elsewhere, where it could be passed off a genuine conversation even though it’s manipulated and therefore fake.)

Or else the motivation for editing chat history could be a genuine concern over privacy, such as to be able to remove sensitive or intimate stuff — say after a relationship breaks down.

Or just for kicks/the lolz between friends.

Either way, whoever deletes first seizes control of the chat history — taking control away from everyone else in the process. RIP consent. This is possible because Telegram’s implementation of the super delete feature covers all messages, not just your own, and literally removes all trace of the deleted comms.

So unlike rival messaging app WhatsApp, which also lets users delete a message for everyone in a chat after the fact of sending it (though in that case the delete everywhere feature is strictly limited to messages a person sent themselves), there is no notification automatically baked into the chat history to record that a message was deleted.

There’s no record, period. The ‘record’ is purged. There’s no sign at all there was ever a message in the first place.

We tested this — and, well, wow.

It’s hard to think of a good reason not to create at very least a record that a message was deleted which would offer a check on misuse.

But Telegram has not offered anything. Anyone can secretly and silently purge the private record.

Again, wow.

There’s also no way for a user to recall a deleted message after deleting it (even the person who hit the delete button). At face value it appears to be gone for good. (A security audit would be required to determine whether a copy lingers anywhere on Telegram’s servers for standard chats; only its ‘secret chats’ feature uses end-to-end encryption which it claims “leave no trace on our servers”.)

In our tests on iOS we also found that no notifications is sent when a message is deleted from a Telegram private chat so other people in an old convo might simply never notice changes have been made, or not until long after. After all human memory is far from perfect and old chat threads are exactly the sort of fast-flowing communication medium where it’s really easy to forget details of what was said.

Durov makes that point himself in defence of enabling the feature, arguing in favor of it so that silly stuff you once said can’t be dredged back up to haunt you.

But it cuts both ways. (The other way being the ability for the sender of an abusive message to delete it and pretend it never existed, for example, or for a flasher to send and subsequently delete dick pics.)

The feature is so powerful there’s clearly massive potential for abuse. Whether that’s by criminals using Telegram to sell drugs or traffic other stuff illegally, and deleting everywhere to cover their tracks by purging all record of their nefarious activity; or by coercive/abusive individuals seeking to screw with a former friend or partner.

The best way to think of Telegram now is that all private communications in the app are essentially ephemeral.

Anyone you’ve ever chatted to could decide to delete everything you said (or they said) and go ahead without your knowledge let alone your consent.

The lack of any notification that a message has been deleted will certainly open Telegram to accusations it’s being irresponsible by offering such a nuclear delete option with zero guard rails. (And, indeed, there’s no shortage of angry comments on its tweet announcing the feature.)

Though the company is no stranger to controversy and has structured its business intentionally to minimize the risk of it being subject to any kind of regulatory and/or state control, with servers spread opaquely all over the world, and a nomadic development operation which sees its coders regularly switch the country they’re working out of for months at a time.

Durov himself acknowledges there is a risk of misuse of the total delete feature in his channel post, where he writes: “We know some people may get concerned about the potential misuse of this feature or about the permanence of their chat histories. We thought carefully through those issues, but we think the benefit of having control over your own digital footprint should be paramount.”

Again, though, that’s a one-sided interpretation of what’s actually being enabled here. Because the feature inherently removes control from anyone it’s applied to. So it only offers ‘control’ to the person who first thinks to exercise it. Which is in itself a form of massive power asymmetry.

For historical chats the person who deletes first might be someone with something bad to hide. Or it might be the most paranoid person with the best threat awareness and personal privacy hygiene.

But suggesting the feature universally hands control to everyone simply isn’t true.

It’s an argument in line with a libertarian way of thinking that lauds the individual as having agency — and therefore seeks to empower the person who exercises it. (And Durov is a long time advocate for libertarianism so the design choice meshes with his personal philosophy.)

On a practical level, the presence of such a nuclear delete on Telegram’s platform arguably means the only sensible option for all users that don’t want to abandon the platform is to proactive delete all private chats on a regular and rolling basis — to minimize the risk of potential future misuse and/or manipulation of their chat history. (Albeit, what doing that will do to your friendships is a whole other question.)

Users may also wish to backup their own chats because they can no longer rely on Telegram to do that for them.

While, at the other end of the spectrum — for those really wanting to be really sure they totally nuke all message trace — there are a couple of practical pitfalls that could throw a spanner in the works.  

In our tests we found Telegram’s implementation did not delete push notifications. So with recently sent and deleted messages it was still possible to view the content of a deleted message via a persisting push notification even after the message itself had been deleted within the app.

Though of course, for historical chats — which is where this feature is being aimed; aka rewriting chat history — there’s not likely to be any push notifications still floating around months or even years later to cause a headache.

The other major issue is the feature is unlikely to function properly on earlier versions of Telegram. So if you go ahead and ‘delete everywhere’ there’s no way back to try and delete a message again if it was not successfully purged everywhere because someone in the chat was still running an older version of Telegram.

Plus of course if anyone has screengrabbed your chats already there’s nothing you can do about that.

In terms of wider impact, the nuclear delete might also have the effect of encouraging more screengrabbing (or other backups) — as users hedge against future message manipulation and/or purging. Or to make sure they have a record of abuse.

Which would just create more copies of your private messages in places you can’t at all control and where they could potentially leak if the person creating the backups doesn’t secure them properly so the whole thing risks being counterproductive to privacy and security, really.

Durov claims he’s comfortable with the contents of his own Telegram inbox, writing on his channel that “there’s not much I would want to delete for both sides” — while simultaneously claiming that “for the first time in 23 years of private messaging, I feel truly free and in control”.

The truth is the sensation of control he’s feeling is fleeting and relative.

In another test we performed we were able to delete private messages from Durov’s own inbox, including missives we’d sent to him in a private chat and one he’d sent us. (At least, in so far as we could tell — not having access to Telegram servers to confirm. But the delete option was certainly offered and content (both ours and his) disappeared from our end after we hit the relevant purge button.)

Only Durov could confirm for sure that the messages have gone from his end too. And most probably he’d have trouble doing so as it would require incredible memory for minor detail.

But the point is if the deletion functioned as Telegram claims it does, purging equally at both ends, then Durov was not in control at all because we reached right into his inbox and selectively rubbed some stuff out. He got no say at all.

That’s a funny kind of agency and a funny kind of control.

One thing certainly remains in Telegram users’ control: The ability to choose your friends — and choose who you talk to privately.

Turns out you need to exercise that power very wisely.

Otherwise, well, other encrypted messaging apps are available.

Telegram adds ‘delete everywhere’ nuclear option — killing chat history

Telegram has added a feature that lets a user delete messages in one-to-one and/or group private chats, after the fact, and not only from their own inbox.

The new ‘nuclear option’ delete feature allows a user to selectively delete their own messages and/or messages sent by any/all others in the chat. They don’t even have to have composed the original message or begun the thread to do so. They can just decide it’s time.

Let that sink in.

All it now takes is a few taps to wipe all trace of a historical communication — from both your own inbox and the inbox(es) of whoever else you were chatting with (assuming they’re running the latest version of Telegram’s app).

Just over a year ago Facebook’s founder Mark Zuckerberg was criticized for silently and selectively testing a similar feature by deleting messages he’d sent from his interlocutors’ inboxes — leaving absurdly one-sided conversations. The episode was dubbed yet another Facebook breach of user trust.

Facebook later rolled out a much diluted Unsend feature — giving all users the ability to recall a message they’d sent but only within the first 10 minutes.

Telegram has gone much, much further. This is a perpetual, universal unsend of anything in a private chat.

The “delete any message in both ends in any private chat, anytime” feature has been added in an update to version 5.5 of Telegram — which the messaging app bills as offering “more privacy”, among a slate of other updates including search enhancements and more granular controls.

To delete a message from both ends a user taps on the message, selects ‘delete’ and then they’re offered a choice of ‘delete for [the name of the other person in the chat or for ‘everyone’] or ‘delete for me’. Selecting the former deletes the message everywhere, while the later just removes it from your own inbox.

Explaining the rational for adding such a nuclear option via a post to his public Telegram channel yesterday, founder Pavel Durov argues the feature is necessary because of the risk of old messages being taken out of context — suggesting the problem is getting worse as the volume of private data stored by chat partners continues to grow exponentially.

“Over the last 10-20 years, each of us exchanged millions of messages with thousands of people. Most of those communication logs are stored somewhere in other people’s inboxes, outside of our reach. Relationships start and end, but messaging histories with ex-friends and ex-colleagues remain available forever,” he writes.

“An old message you already forgot about can be taken out of context and used against you decades later. A hasty text you sent to a girlfriends in school can come haunt you in 2030 when you decide to run for mayor.”

Durov goes on to claim that the new wholesale delete gives users “complete control” over messages, regardless of who sent them.

However that’s not really what it does. More accurately it removes control from everyone in any private chat, and opens the door to the most paranoid; lowest common denominator; and/or a sort of general entropy/anarchy — allowing anyone in any private thread to choose to edit or even completely nuke the chat history if they so wish at any moment in time.

The feature could allow for self-servingly and selectively silent and/or malicious edits that are intended to gaslight/screw with others, such as by making them look mad or bad. (A quick screengrab later and a ‘post-truth’ version of a chat thread is ready for sharing elsewhere, where it could be passed off a genuine conversation even though it’s manipulated and therefore fake.)

Or else the motivation for editing chat history could be a genuine concern over privacy, such as to be able to remove sensitive or intimate stuff — say after a relationship breaks down.

Or just for kicks/the lolz between friends.

Either way, whoever deletes first seizes control of the chat history — taking control away from everyone else in the process. RIP consent. This is possible because Telegram’s implementation of the super delete feature covers all messages, not just your own, and literally removes all trace of the deleted comms.

So unlike rival messaging app WhatsApp, which also lets users delete a message for everyone in a chat after the fact of sending it (though in that case the delete everywhere feature is strictly limited to messages a person sent themselves), there is no notification automatically baked into the chat history to record that a message was deleted.

There’s no record, period. The ‘record’ is purged. There’s no sign at all there was ever a message in the first place.

We tested this — and, well, wow.

It’s hard to think of a good reason not to create at very least a record that a message was deleted which would offer a check on misuse.

But Telegram has not offered anything. Anyone can secretly and silently purge the private record.

Again, wow.

There’s also no way for a user to recall a deleted message after deleting it (even the person who hit the delete button). At face value it appears to be gone for good. (A security audit would be required to determine whether a copy lingers anywhere on Telegram’s servers for standard chats; only its ‘secret chats’ feature uses end-to-end encryption which it claims “leave no trace on our servers”.)

In our tests on iOS we also found that no notifications is sent when a message is deleted from a Telegram private chat so other people in an old convo might simply never notice changes have been made, or not until long after. After all human memory is far from perfect and old chat threads are exactly the sort of fast-flowing communication medium where it’s really easy to forget details of what was said.

Durov makes that point himself in defence of enabling the feature, arguing in favor of it so that silly stuff you once said can’t be dredged back up to haunt you.

But it cuts both ways. (The other way being the ability for the sender of an abusive message to delete it and pretend it never existed, for example, or for a flasher to send and subsequently delete dick pics.)

The feature is so powerful there’s clearly massive potential for abuse. Whether that’s by criminals using Telegram to sell drugs or traffic other stuff illegally, and deleting everywhere to cover their tracks by purging all record of their nefarious activity; or by coercive/abusive individuals seeking to screw with a former friend or partner.

The best way to think of Telegram now is that all private communications in the app are essentially ephemeral.

Anyone you’ve ever chatted to could decide to delete everything you said (or they said) and go ahead without your knowledge let alone your consent.

The lack of any notification that a message has been deleted will certainly open Telegram to accusations it’s being irresponsible by offering such a nuclear delete option with zero guard rails. (And, indeed, there’s no shortage of angry comments on its tweet announcing the feature.)

Though the company is no stranger to controversy and has structured its business intentionally to minimize the risk of it being subject to any kind of regulatory and/or state control, with servers spread opaquely all over the world, and a nomadic development operation which sees its coders regularly switch the country they’re working out of for months at a time.

Durov himself acknowledges there is a risk of misuse of the total delete feature in his channel post, where he writes: “We know some people may get concerned about the potential misuse of this feature or about the permanence of their chat histories. We thought carefully through those issues, but we think the benefit of having control over your own digital footprint should be paramount.”

Again, though, that’s a one-sided interpretation of what’s actually being enabled here. Because the feature inherently removes control from anyone it’s applied to. So it only offers ‘control’ to the person who first thinks to exercise it. Which is in itself a form of massive power asymmetry.

For historical chats the person who deletes first might be someone with something bad to hide. Or it might be the most paranoid person with the best threat awareness and personal privacy hygiene.

But suggesting the feature universally hands control to everyone simply isn’t true.

It’s an argument in line with a libertarian way of thinking that lauds the individual as having agency — and therefore seeks to empower the person who exercises it. (And Durov is a long time advocate for libertarianism so the design choice meshes with his personal philosophy.)

On a practical level, the presence of such a nuclear delete on Telegram’s platform arguably means the only sensible option for all users that don’t want to abandon the platform is to proactive delete all private chats on a regular and rolling basis — to minimize the risk of potential future misuse and/or manipulation of their chat history. (Albeit, what doing that will do to your friendships is a whole other question.)

Users may also wish to backup their own chats because they can no longer rely on Telegram to do that for them.

While, at the other end of the spectrum — for those really wanting to be really sure they totally nuke all message trace — there are a couple of practical pitfalls that could throw a spanner in the works.  

In our tests we found Telegram’s implementation did not delete push notifications. So with recently sent and deleted messages it was still possible to view the content of a deleted message via a persisting push notification even after the message itself had been deleted within the app.

Though of course, for historical chats — which is where this feature is being aimed; aka rewriting chat history — there’s not likely to be any push notifications still floating around months or even years later to cause a headache.

The other major issue is the feature is unlikely to function properly on earlier versions of Telegram. So if you go ahead and ‘delete everywhere’ there’s no way back to try and delete a message again if it was not successfully purged everywhere because someone in the chat was still running an older version of Telegram.

Plus of course if anyone has screengrabbed your chats already there’s nothing you can do about that.

In terms of wider impact, the nuclear delete might also have the effect of encouraging more screengrabbing (or other backups) — as users hedge against future message manipulation and/or purging. Or to make sure they have a record of abuse.

Which would just create more copies of your private messages in places you can’t at all control and where they could potentially leak if the person creating the backups doesn’t secure them properly so the whole thing risks being counterproductive to privacy and security, really.

Durov claims he’s comfortable with the contents of his own Telegram inbox, writing on his channel that “there’s not much I would want to delete for both sides” — while simultaneously claiming that “for the first time in 23 years of private messaging, I feel truly free and in control”.

The truth is the sensation of control he’s feeling is fleeting and relative.

In another test we performed we were able to delete private messages from Durov’s own inbox, including missives we’d sent to him in a private chat and one he’d sent us. (At least, in so far as we could tell — not having access to Telegram servers to confirm. But the delete option was certainly offered and content (both ours and his) disappeared from our end after we hit the relevant purge button.)

Only Durov could confirm for sure that the messages have gone from his end too. And most probably he’d have trouble doing so as it would require incredible memory for minor detail.

But the point is if the deletion functioned as Telegram claims it does, purging equally at both ends, then Durov was not in control at all because we reached right into his inbox and selectively rubbed some stuff out. He got no say at all.

That’s a funny kind of agency and a funny kind of control.

One thing certainly remains in Telegram users’ control: The ability to choose your friends — and choose who you talk to privately.

Turns out you need to exercise that power very wisely.

Otherwise, well, other encrypted messaging apps are available.

Daily Crunch: Telegram soars after Facebook outage

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Telegram gets 3M new signups during Facebook apps’ outage

In a message sent to his Telegram channel, founder Pavel Durov wrote, “I see 3 million new users signed up for Telegram within the last 24 hours.” Durov doesn’t offer an explicit explanation for Telegram’s sudden spike in signups, but he does take a thinly veiled swipe at social networking giant Facebook.

It’s probably not a coincidence that Facebook and its related family of apps went down for most of Wednesday.

2. Google removed 2.3B bad ads, banned ads on 1.5M apps + 28M pages, plans new Policy Manager this year

Using both manual reviews and machine learning, Google said that in 2018 it removed 2.3 billion “bad ads” that violated its policies — which at their most general forbid ads that mislead or exploit vulnerable people.

3. Uber reportedly raising $1B in deal that values self-driving car unit at up to $10B

Uber is in negotiations with investors, including the SoftBank Vision Fund, to secure an investment as large as $1 billion for its autonomous vehicles unit. The deal would value the business at between $5 billion and $10 billion, according to a report from The Wall Street Journal.

4. Opportunity’s last Mars panorama is a showstopper

The Opportunity Mars Rover may be officially offline for good, but its legacy of science and imagery is ongoing — and NASA just shared the last (nearly) complete panorama the robot sent back before it was blanketed in dust.

5. AI photo startup Polarr raises an $11.5 million Series A

At the moment, Polarr is probably best known for its photography app for iOS and Android, which utilizes machine learning and AI to improve image editing. The company says it has around four million monthly active users.

6. WeWork Labs is launching a food tech accelerator

WeWork is committing $1 million to back the first batch of companies.

7. Facebook won’t store data in countries with human rights violations — except Singapore

When Mark Zuckerberg said in a lengthy blog post that Facebook would not build data centers in countries with poor human rights, he chose to ignore Singapore — known for a lack of privacy and freedom of expression.

Telegram gets 3M new signups during Facebook apps’ outage

Messaging platform Telegram claims to have had a surge in signups during a period of downtime for Facebook’s rival messaging services.

In a message sent to his Telegram channel, founder Pavel Durov’s just wrote: “I see 3 million new users signed up for Telegram within the last 24 hours.”

It’s probably not a coincidence that Facebook and its related family of apps went down for most of Wednesday, as we reported earlier. At the time of writing Instagram’s service has been officially confirmed restored. Unofficially Facebook also appears to be back online, at least here in Europe.

Durov doesn’t offer an explicit explanation for Telegram’s sudden spike in sign ups, but he does take a thinly veiled swipe at social networking giant Facebook — whose founder recently claimed he now plans to pivot the ad platform to ‘privacy’.

“Good,” adds Durov on his channel, welcoming Telegram’s 3M newbies. “We have true privacy and unlimited space for everyone.”

A contact at Telegram confirmed to TechCrunch that the Facebook apps’ downtime is the likely cause of its latest sign up spike, telling us: “These outages always drive new users.”

Though they also credited growth to “the mainstream overall increasing understanding about Facebook’s abusive attention harvesting practices”.

A year ago Telegram announced passing 200M monthly active users. Though the platform has faced restrictions and/or blocks in some markets (principally Russia and Iran, as well as China) — apparently for refusing government requests for encryption keys and/or user information.

In Durov’s home country of Russia the government is also now moving to tighten Internet restrictions via new legislation — and thousands of people took to the streets in Moscow and other Russian cities this weekend to protest at growing Internet censorship, per Reuters.

Such restrictions could increase demand for Telegram’s encrypted messaging service in the country as the app does appear to still be partially accessible there.

Durov, who famously left Russia in 2014 — stepping away from his home country and an earlier social network he founded (VK.com) because of his stance on free speech — has sought to thwart the Russian government’s Telegram blocks via legal and technical measures.

The Telegram messaging platform has of course also had its own issues with less political downtime too.

In a tweet last fall the company confirmed a server cluster had gone down, potentially affecting users in the Middle East, Africa and Europe. Although in that case the downtime only lasted a few hours.

Decrypted Telegram bot chatter revealed as new Windows malware

Sometimes it take a small bug in one thing to find something massive elsewhere.

During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the encrypted messaging app Telegram .

The researchers described their newly discovered malware, dubbed GoodSender, as a “fairly simple” Windows-based malware that’s about a year old, which uses Telegram as the method to listen and wait for commands. Once the malware infects its target, it creates a new administrator account and enables remote desktop — and waits. As soon as the malware infects, it sends back the username and randomly generated password to the hacker through Telgram.

It’s not the first time malware has used a commercial product to communicate with malware. If it’s over the internet, hackers are hiding commands in pictures posted to Twitter or in comments left on celebrity Instagram posts.

But using an encrypted messenger makes it far harder to detect. At least, that’s the theory.

Forcepoint said in its research out Thursday that it only stumbled on the malware after it found a vulnerability in Telegram’s notoriously bad encryption.

End-to-end messages are encrypted using the app’s proprietary MTProto protocol, long slammed by cryptographers for leaking metadata and having flaws, and likened to “being stabbed in the eye with a fork.” Its bots, however, only use traditional TLS — or HTTPS — to communicate. The leaking metadata makes it easy to man-in-the-middle the connection and abuse the bots’ API to read bot sent-and-received messages, but also recover the full messaging history of the target bot, the researchers say.

When the researchers found the hacker using a Telegram bot to communicate with the malware, they dug in to learn more.

Fortunately, they were able to trace back the bot’s entire message history to the malware because each message had a unique message ID that increased incrementally, allowing the researchers to run a simple script to replay and scrape the bot’s conversation history.

The GoodSender malware is active and sends its first victim information. (Image: Forcepoint)

“This meant that we could track [the hacker’s] first steps towards creating and deploying the malware all the way through to current campaigns in the form of communications to and from both victims and test machines,” the researchers said.

Your bot uncovered, your malware discovered — what can make it worse for the hacker? The researchers know who they are.

Because the hacker didn’t have a clear separation between their development and production workspaces, the researchers say they could track the malware author because they used their own computer and didn’t mask their IP address.

The researchers could also see exactly what commands the malware would listen to: take screenshots, remove or download files, get IP address data, copy whatever’s in the clipboard, and even restart the PC.

But the researchers don’t have all the answers. How did the malware get onto victim computers in the first place? They suspect they used the so-called EternalBlue exploit, a hacking tool designed to target Windows computers, developed by and stolen from the National Security Agency, to gain access to unpatched computers. And they don’t know how many victims there are, except that there is likely more than 120 victims in the U.S., followed by Vietnam, India, and Australia.

Forcepoint informed Telegram of the vulnerability. TechCrunch also reached out to Telegram’s founder and chief executive Pavel Durov for comment, but didn’t hear back.

If there’s a lesson to learn? Be careful using bots on Telegram — and certainly don’t use Telegram for your malware.

Indonesia unblocks Tumblr following its ban on adult content

Indonesia, the world’s fourth largest country by population, has unblocked Tumblr nine months after it blocked the social networking site over pornographic content.

Tumblr — which, disclaimer, is owned by Oath Verizon Media Group just like TechCrunch — announced earlier this month that it would remove all “adult content” from its platform. That decision, which angered many in the adult entertainment industry who valued the platform as an increasingly rare outlet that supported erotica, was a response to Apple removing Tumblr’s app from the iOS Store after child pornography was found within the service.

This impact of this new policy has made its way to Indonesia where KrAsia reports that the service was unblocked earlier this week. The service had been blocked in March after falling foul of the country’s anti-pornography laws.

“Tumblr sent an official statement regarding the commitment to clean the platform from pornographic content,” Ferdinandus Setu, Acting Head of the Ministry of Communication and Informatics Bureau, is reported to have said in a press statement.

Messaging apps WhatsApp and Line are among the other services that have been forced to comply with the government’s ban on ‘unsuitable’ content in order to keep their services open in the country. Telegram, meanwhile, removed suspected terrorist content last year after its service was partially blocked.

While perhaps not widely acknowledged in the West, Indonesia is a huge market with a population of over 260 million people. The world’s largest Muslim country, it is the largest economy in Southeast Asia and its growth is tipped to help tripled the region’s digital economy to $240 billion by 2025.

In other words, Indonesia is a huge market for internet companies.

The country’s anti-porn laws have been used to block as many as 800,000 websites as of 2017so potentially over a million by now — but they have also been used to take aim at gay dating apps, some of which have been removed from the Google Play Store. As Vice notes, “while homosexuality is not illegal in Indonesia, it’s no secret that the country has become a hostile place for the LGBTQ community.”

WhatsApp copies Telegram to add one-way ‘broadcast’ mode to group chats

“Good artists borrow great artists steal” is a phrase that Facebook seems acutely aware of.

It’s common to speak of Instagram, the Facebook-owned photo-app-now-social-network, borrowing from Snapchat, but now Facebook’s WhatsApp chat app is increasingly drawing its innovation from others such as Telegram.

This week, WhatsApp outed a new feature for its groups that is essentially a replica of Telegram’s channels — that is, a one-way broadcast communication stream.

Telegram channels are popular for setting up a broadcast news feed that allows people to sign up to get alerts from channel admins, who might be news agencies, companies, schools, public interest groups or more. Now WhatsApp is adding the feature to gives its message app new use cases.

Actually, as is often the case for WhatsApp, users have unofficially adopted channel-like behavior for some time. Last year, for example, there were reports of a rural journalist using the messaging app to report and broadcast local news. Doing that is suddenly a whole lot easier through this new ‘broadcast-only’ feature.

“One way people use groups is to receive important announcements and information, including parents and teachers at schools, community centers, and non-profit organizations. We’ve introduced this new setting so admins can have better tools for these use cases,” WhatsApp wrote in a short blog post.

Still, the fact that WhatsApp requires users to provide a phone number to join groups — anyone’s number can be looked up by any group member — is one issue when it comes to creating or joining public groups. Telegram has introduced usernames, which mitigate that issue, but still, the app doesn’t have anything like WhatsApp’s scale which is a crucial consideration when deciding which app to plump for.

WhatsApp has over 1.5 billion active users, more than 200 million of which are in India, whereas Telegram recently passed 200 million active users worldwide.