End-to-End Encryption FAQ

While checking the results of a recent quiz on how End-to-End Encryption (E2EE) works on Telegram, I noticed that not everyone in the TSF understands this. This document offers some templates along with the basic ideas behind our design decisions.

1. Why are Secret Chats only available on their devices of origin?

The question goes pretty deep, so it‘s best not confuse the user with too many details right away. Let’s send this first and then explain if any extra questions arise:

While your Cloud Chats can be accessed from any of your devices anytime, Secret Chats are not part of the Telegram Cloud and are device-specific by design. This way you can always be sure that they are safe for as long as your phone is safe in your pocket. Secret Chats also use end-to-end encryption, so they can’t be synced in the same simple and convenient way as Cloud Chats. We may add support for multi-device Secret Chats in the future.

Meanwhile, if you want your conversations to be synced across many devices, consider using Cloud Chats. Please note that they are encrypted as well and are further protected by Telegram's distributed infrastructure. Let me know if you want to learn more about security on Telegram.

See also: The ‘Learn more’ template »

Note: Same as with any templates, please be very careful when sending this one. Take care to adapt the text in such a way that it fits the user‘s questions and situation perfectly. This is especially important when dealing with security-related questions. If you’re not sure you‘re qualified to continue the conversation, don’t hesitate to ask in your local group. There's always help!

Now let's look at the question in a little more detail:

Multi-device End-to-end encrypted chats are a mess

The concept of End-to-End Encryption has no limits for the number of communicating devices. However, if you want to access your end-to-end encrypted chats from multiple devices, you’re facing many technical difficulties, especially when it comes to connecting new devices, loading chat history and restoring backups.

Most of our competitors (notably, Whatsapp and iMessage) solve these problems in ways that make their end-to-end encryption useless (this is a big topic, so requires a separate manual). To solve them in a secure way, you’d have to sacrifice usability and some of the features you’re used to – the result would never be as fluent and simple as what we offer in Cloud Chats.

One-device Secret Chats are a feature

Secret Chats are not just about End-to-End Encryption, otherwise we‘d have simply called them ’end-to-end encrypted chats'. Secret Chats are a bundle of tools for private single-device communication. They are self-sanitizing thanks to self-destruct timers, and you can’t forward messages from them. That secret chats are only available on their devices of origin is also a feature.

We like to keep our Secret Chats where we can see them. With single-device chats you can be 100% sure that nobody can access your chats without accessing your (or your chat partner’s) phone first. Politicians and businesspeople around the world appreciate this and have been among Telegram’s early adopters in most countries. The impact for regular users is even higher since they are more likely to leave their work or home computers unlocked and unattended.

Most of us have one main device and can manage to keep an eye on it at all times. As a mass user, you probably don’t want these constraints to apply to all of your data, and this is where Cloud Chats come to the rescue.

Naturally, it would have been possible to have three types of chats: Cloud Chats, Single-Device Secret Chats, and Multi-Device Secret Chats – a stripped-down and somewhat lamer version of cloud chats. But such levels of complexity are unacceptable for a mass market app, so we had to choose. We chose to have fully functional multi-device cloud chats and single-device secret chats with their own suite of functions like self-destruct timers, protection from forwarding, etc.

What makes Cloud Chats cool?

Cloud chats don't use E2EE, but we went out of the way to make them as secure as possible while retaining the flexibility that made them famous.

These are the most important features of Telegram’s cloud chats for our users:
1. You can log in on any device and see all your chats, immediately.
2. You can start typing on one device, then continue on another – even if you just logged in there for the first time.
3. If you lose your device, you can immediately get all your cloud chats and contacts back.
4. If you need to find a message, you can use instant search to find it, regardless of when and which of your devices you were using when you sent or received it.

Are Cloud Chats secure?

Since without E2EE Cloud Chat data is theoretically accessible, we use a unique distributed infrastructure to protect it. Cloud Chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, local intruders or engineers can't access this data, and several court orders from different jurisdictions are required to force us to give up any of it.

Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people's privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.

As a result, we have disclosed 0 bytes of user data to third parties, including governments, to this day.

To sum up: Single-device Secret Chats

  • Secret Chats are only available on their devices of origin. This is a feature.
  • Eliminates risk for private conversation if another device is lost, stolen or simply left unattended.
  • Multi-device Secret Chats would never be as fluent and easy to use as Cloud Chats: no history sync on new devices, no automatic backups, no server search, no cloud drafts.
  • Other messengers claim they have both E2EE and these features, but in fact they invalidate their E2EE (e.g., iMessage supports multiple devices, but thanks to the way they do it their e2e claims are also invalidated. WhatsApp pushes third-party unencrypted backups to their users, these backups nullify their e2e claims. More on this in a more detailed manual coming soon.)
  • Cloud chats are stored heavily encrypted and are protected by Telegram’s unique distributed infrastructure.
  • We may introduce multi-device Secret Chats in the future, even though this requires a lot of work and careful planning.

2. Why are there no Secret Chats on desktop apps?

The answers to this question are closely connected to the fact that we decided to restrict Secret Chats to their devices of origin (see above). You could use this template for starters:

Secret chats require permanent storage on the device, something that Telegram Desktop and Telegram Web don’t support at the moment. We may add this in the future. Currently, both the desktop and the web app load messages from the Cloud on startup and discard them when you quit. Since secret chats are not part of the cloud, this would kill all your secret chats each time you shut down your computer.

Secret chats are also device-specific and disappear if you log out — considering this, it is handier to keep them on the one device that you always carry with you. In case you are concerned about the security of your chats on desktop, please note that they are encrypted as well and are further protected by Telegram's distributed infrastructure. Let me know if you want to learn more about security on Telegram.

See also: The ‘Learn more’ template »

Note: Same as with any templates, please be very careful when sending this one. Take care to adapt the text in such a way that it fits the user‘s questions and situation perfectly. This is especially important when dealing with security-related questions. If you’re not sure you‘re qualified to continue the conversation, don’t hesitate to ask in your local group. There's always help!

Now let's look at the question in a little more detail:

Desktops are less personal

We log in from many places on web and desktop. Many of our desktops are monitored by network administrators at work, or accessed by family members at home. We often leave our desktops and even laptops unattended. It's much easier to keep an eye on your phone.

Open systems vs. Sandboxed systems

Desktop systems and browsers are much more open environments, as opposed to sandboxed environments like mobile OSs. To have Secret Chats, you need your app to store data on the device, and implementing this is slightly more complicated in open systems. The Web and Desktop apps currently get all data from the cloud on startup and discard it when you quit or log out. This would mean losing all your secret chats each time you shut down your computer.

But the real challenges for desktop chats arise because Telegram’s Secret Chats are meant to be single-device chats (see above):

A chaos of chats with the same person

If each chat only connects two devices, users get many different chats with the same person. Imagine two people that have a laptop, a desktop at work and a mobile device each. That’s 9 secret chats in total, and most of them are useless at any given moment.

“Is she still at work?” “Should I message him at the home PC?” Most of us will have multiple desktops (work, home, laptop), most of us will have only one main phone. It is most likely that you can get the person by messaging their mobile phone.

Search-related troubles

There’s an added twist when it comes to finding a certain message. Since no server-side search for messages is possible in the E2EE paradigm, the user would have to remember on their own where to look for a particular message (was it in this chat on this device, or in that chat on that device?). Telegram wouldn’t be able to help in any way.

Remember those 9 secret chats with the average person? Each would have an independent chat history, and no server-side search could tell you which one has that important message.

Temporary sessions

And if that wasn’t enough, desktop sessions tend to be a lot more transient. One of the important features of secret chats is that they are destroyed on your device when you log out. Most desktop users log out rather frequently. Telegram Web users do this even more often.

Each time a user logs out, this creates an unusable discarded chat on their partner’s device. Having them on Desktop and Web would mean a lot more such unusable chats cluttering our chat lists.

What about Secret Chats in the Mac OS native app?

The Mac OS native app, like many others, began as a third-party unofficial app. We always keep an eye out for what third-party developers are doing in our ecosystem. Sometimes features they implement become very popular and make their way to our official apps. This was not the case for Secret Chats in the Mac OS app, which enjoyed a statistically marginal existence. After the app became part of Telegram's official lineup, we did not cut this functionality in order to see if official status would change anything.

Several years later, statistics confirm our guesses about the viability of Secret Chats on desktops: same as before, only 2% of the Mac OS app users use them in that app. At the same time, all users of the Mac OS app actively use Secret Chats on their mobile devices – just like other Telegram users.

To sum up: No desktop Secret Chats

  • Desktops are a much less personal environment, frequently monitored at work and left unattended at home. It’s easier to keep an eye on mobile devices.
  • Implementing secure storage is more complicated in open desktop systems as opposed to sandboxed mobile environments. Secret Chats require storage to work.
  • Secret Chats are single-device, so adding more potential sources would result in many Secret Chats with the same person. A mess in UI and no idea which chat to send your message to. You’re more likely to reach a person on the mobile phone.
  • To find a message, you’d have to search across multiple Secret Chats with the same person on many devices. The server wouldn’t be able to tell you where to look.
  • Logging out kills Secret Chats, temporary sessions create garbage chats on the partner's device.
  • We may introduce Secret Chats to our desktop and web apps in the future, even though this requires a lot of work and careful planning.

Note: These arguments and templates are meant for the majority of Telegram users that use a mobile phone as their primary device. If a user tells us that they use their desktop as a primary device, these templates won't work as well. Such users require a different, bespoke approach.

The ‘Learn more’ template

Both templates in this manual have the line ‘Let me know if you want to learn more about security on Telegram’. Here's a general template you could give to a user who wants to learn more after getting one of them:

All Telegram data is encrypted and cannot be deciphered by your ISP, network administrator, or random hackers. Cloud chats are stored encrypted in the Telegram Cloud, and the keys needed to decipher this data are kept in other data centers spread across different jurisdictions. This way, local intruders or engineers can't access this data, and several court orders from different jurisdictions are required to force us to give up anything. More on this in the FAQ: https://telegram.org/faq#q-do-you-process-data-requests

Secret chats are meant for people who want even more than that. They use end-to-end encryption, so there is no way to decipher your data without accessing your device. It means you don‘t even need to trust Telegram when you use Secret Chats — their secrecy is guaranteed client-side and anyone can check the source code of Telegram clients.

If you are concerned about security in general, there are other important precautions you could take. Consider protecting your account by enabling 2-Step Verification and setting up a strong passcode to lock your app, then it won’t be possible to access your chats by stealing your device or even by intercepting your SMS code. You will find both options in ‘Settings’ under ‘Privacy and Security,’ ask me if you’d like more details.

Note: Same as with any templates, please be very careful when sending this one. Take care to adapt the text in such a way that it fits the user‘s questions and situation perfectly. This is especially important when dealing with security-related questions. If you’re not sure you‘re qualified to continue the conversation, don’t hesitate to ask in your local group. There's always help!

Further reading

This text and templates should be enough for conversations with ordinary Telegram users. If you would like to go deeper down the rabbit hole, you can study this in-depth manual on End-to-End Encryption. If you have any questions about that one, contact Markus without hesitation. It’s very important that we understand everything.