Secure messenger for telegrams. Choosing a secure messenger for Android: Telegram, SafeUM and VIPole Secure Messenger. How to add stickers to Telegram

Messenger Telegram is a free service for real-time communication. A couple of years ago, Telegram Messenger was not very well-known, but now it is experiencing a real surge of interest.

Brands create their channels in it along with Instagram and other social networks, and people just chat with pleasure.

Are you looking for an opportunity to get rid of your “uncle's” job in order to finally control your employment and income level by yourself?

Trading is a real chance for a stable income. You only need a few hours a day, internet access and a desire to learn.

Clear trading signals, practical advice and honest statistics - Grandfather trader earns himself online and teaches his team to earn money.

A quick and successful start in trading under the free guidance of an experienced mentor? Yes, it happens. Connect , study, earn!

Important info: iPhone 11 Pro Max is playing on the channel right now, so you can not only learn the intricacies of trading, but also get the coolest gadget to date. Click here!

Let's talk about the features of the free Telegram messenger and why you should download it

How the Telegram messenger differs from other social networks

In fact, what is it for at all? These messengers are already enough, take the same one. Let's figure out why Telegram cannot be compared with them.

  • Telegram provides the maximum. More secure communication is hard to come up with.

The messenger's feature is. Unlike regular correspondence, data from such chats does not go to Telegram servers, but remains on your phone.

Thus, nobody ever will not be able to find out what you were talking about in the secret chat.

  • The speed of the messenger is an order of magnitude higher than the indicators of Viber and WhhatsApp.

At the same time, Telegram consumes less traffic.

  • Telegram is absolutely free.

There is no monetization in the application generally.

  • Another plus for Telegram is the self-destruction of messages.

This parameter can be configured by specifying the time after which messages will be deleted.

  • Telegram Messenger does not limit message size.
  • Telegram is open source and API.

What is the Telegram messenger for?

As we have already found out, this is a convenient and free service for communication, which you can use on almost any device.


Telegram Messenger has become an integral part of the life of a multi-million audience

But besides this, Telegram Messenger has a bunch of other features and chips. Everything in order:

  • There are bots in Telegram.
  • In addition to communication, the messenger makes it possible to subscribe to channels.

These are a kind of mini-blogs in which they collect useful information on a specific topic. For example, there are Telegram channels about cryptocurrency, cooking, travel, making money on the Internet, politics, etc.

Information in them can be presented in the form of text, pictures, audio recordings or videos, as well as in the form of a link to the source.


Enjoy all the benefits of Telegram Messenger

You don't have to look for ready-made communities - you can

End-to-end encryption in instant messengers has gained popularity because it happens completely invisible to users. They do not need to independently generate key pairs, sign them, distribute public and protect secret keys, revoke old and compromised ones in time - everything is done automatically, and the correspondence is magically protected. But is everything really so good?

Back in 2004, our compatriot Nikita Borisov, together with Ian Goldberg, developed a universal cryptographic protocol for instant messaging systems. The protocol was named OTR (Off-the-Record Messaging) and began to be distributed openly under the GPL license in the form of a ready-made library. In the future, OTR became the basis for other popular protocols with additional methods of increasing security. In particular, the Signal protocol, formerly known as TextSecure. Most other modern instant messengers work on the basis of Signal.

Principles of encryption of correspondence

Conceptually, all cryptographic methods of protecting correspondence should provide at least two basic properties: confidentiality and integrity of messages. Confidentiality means that only the interlocutors can decrypt each other's messages. Neither the ISP, nor the messenger developer, nor any other third party should be technically able to perform decryption in a reasonable amount of time. Integrity provides protection against accidental corruption and targeted spoofing attacks. Any message changed during transmission will be automatically rejected by the receiving party as damaged and lost confidence.

Modern instant messaging protocols also address additional challenges to improve convenience and security. In the Signal protocol and its closest analogs, these are properties such as asynchronous transmission, forward and backward secrecy.

You've probably noticed that missed messages are delivered in messengers. They come even if you were talking in a group chat and suddenly disconnected for a long time in the middle of the conversation. This is asynchrony: messages are encrypted and delivered independently of each other. At the same time, due to time stamps and some additional mechanisms, their logical sequence is preserved.

A property such as forward secrecy, implies that if the encryption key of the current message is compromised, it will not be possible to decrypt the previous correspondence with it. To do this, messengers often change session keys, each of which encrypts its own small portion of messages.

Likewise reverse secrecy protects future messages if the current key is compromised. New keys are generated in such a way that it is extremely difficult to calculate their relationship with the previous ones.

Forward and backward secrecy is implemented in modern key management mechanisms. The Signal protocol uses the Double ratchet (DR) algorithm for this. It was developed in 2013 by crypto consultant Trevor Perrin and founder of Open Whisper Systems Moxie Marlinspike.

The name is a reference to the mechanical encryption machine Enigma, which used ratchets - gears with oblique cogs moving in only one direction. Due to this, the state of the gears, repeating one of the recently used ones, was excluded in the cipher machine.

By analogy with them, the "digital ratchet" also prevents the reuse of the previous states of the cipher system. DR often changes session keys, while preventing the reuse of previously generated keys. This is how it provides forward and backward secrecy, that is, additional protection of individual messages. Even in the case of a successful selection of one session key, the attacker will be able to decrypt only the messages encrypted by him, and this is always a small part of the correspondence.

Many other interesting mechanisms are implemented in the Signal protocol, the description of which is beyond the scope of this article. The results of his audit can be found.

Signal and its analogues

The end-to-end encryption provided by Signal is used today both in the eponymous messenger from Open Whisper Systems and in many third parties: WhatsApp, Facebook Messenger, Viber, Google Allo, G Data Secure Chat - all of them use the original or slightly modified version of Signal Protocol, sometimes giving them own names. For example, for Viber, this is the Proteus protocol - in fact, the same Signal with other cryptographic primitives.

However, with a similar implementation of end-to-end encryption, an application can compromise data in other ways. For example, WhatsApp and Viber have a chat history backup feature. In addition, WhatsApp sends communication statistics to Facebook's servers. The protection of the local and cloud copies of the correspondence is formal, and the metadata is not encrypted at all - this is openly stated in the license agreement.

The metadata shows who communicates with whom and how often, what devices they use for this, where they are located, and so on. This is a huge layer of indirect information that can be used against interlocutors who consider their communication channel to be protected. For example, the NSA doesn’t care what words the suspect used to congratulate Assange on leaving Obama as a fool and what Julian answered. What matters is that they are rewritten.

As mentioned above, all messengers periodically change session encryption keys, and this is a normal process. The main key can change if the interlocutor moved to another device, went offline for a long time ... or someone started writing on his behalf, having hijacked the account.

In the original Signal app, a key change notification is sent to all participants in the conversation. In WhatsApp and other messengers, this setting is disabled by default, as it does not convey meaningful information to most users. Also, the key changes in the absence of the interlocutor online for a long time - this is both a bug and a feature at the same time.

As a researcher from the University of California at Berkeley Tobias Boelter wrote on this issue, when an attack on a service is possible, it is possible to create a new key and receive messages instead of the addressee. Moreover, the operators of WhatsApp servers themselves can do the same - for example, at the request of special services.

Signal protocol developers refute Bölter's findings and defend WhatsApp. According to them, key substitution gives access only to undelivered messages. Weak consolation.

You can enable the notification of the key change in the settings, but in practice this paranoid mode is unlikely to give anything. The messenger notifies about the key change only after the message has been re-sent. It is believed that this is more convenient for the users themselves.

Opening methods

Let's say we heeded these arguments. Let's take as a working assumption that the Signal protocol has no practical vulnerabilities. And what? The problem of encrypting correspondence remains, since Signal, WhatsApp, and other messengers, end-to-end encryption guarantees confidentiality only when the attacking party has nothing else to do except intercepted messages in encrypted form.

In practice, the FBI and related departments of the bureau, in the background monitoring of a person, bypass the metadata of his communications, and the messages themselves, if necessary, are received in other ways that do not require either breaking a strong encryption protocol or factoring long keys.

As proof of the reliability of any cryptosystem, the results of competitions for breaking it are often cited. Say, no one took the announced prize, which means they could not hack it. This is where a typical substitution of concepts takes place. It's one thing to read the secret messages of a live interlocutor, and quite another to fulfill the conditions of the competition for hacking the dialogue of bots (or messenger developers who are waiting for a catch in every message). Usually the conditions are written in such a way that the contestants are eventually presented with a problem that cannot be solved in the allotted time.

In real life, chasers for someone else's correspondence are not limited by any rules. They will not necessarily look for holes in the end-to-end encryption protocol itself, but will break what is easier. Use social engineering (which is why I wrote about living people), vulnerabilities in the OS (there are thousands of them in Android), drivers and third-party software - any tricks imaginable. Normal heroes always go around, and employees of three-letter departments are no exception.

With physical access to a smartphone (even short-term and without root), all the more, there are many new attack vectors that go beyond the competition for hacking the messenger. Usually, in this case, it is possible to use "not a bug, but a feature" of the application, left by the developers for convenience (hacking).

Let me give you an example. In our laboratory, it often happened that an employee went out for a couple of minutes and left his smartphone on charge. Everyone had smartphones, but there weren't enough sockets. Therefore, we allocated a special table with a surge protector - a kind of gas station where all or almost all smartphones were lying during the day.

Naturally, we walk up to this table ten times a day, take our (and sometimes others' - by mistake) smartphones and put them on to charge further. Once I needed to find out what Vasya writes in messengers. There was a suspicion that he was leaking information on projects, and our security service just shrugged. End-to-end encryption is an impregnable wall. The BYOD concept did not catch on with us. They also tried to ban the use of instant messengers and smartphones in general, but nothing good came of it. Too many communications are tied to them today. Therefore, with the approval of the security service (paragraph 100500: "... in exceptional cases has the right ..."), I simply chose a convenient moment and did this:

  1. I waited for Vasya to go for food. This is at least three minutes, and two will be enough for me.
  2. I calmly take his smartphone and sit back in my seat.
  3. The smartphone is locked, but I know the pattern. Vasya used it hundreds of times with me. You will involuntarily remember this "letter siu".
  4. I launch a browser on my computer and go to the WhatsApp web interface page. A sync QR code is generated on it.
  5. I open WhatsApp on Vasya's smartphone. I go to Chats → Settings → WhatsApp Web.
  6. I scan the QR code with my smartphone.
  7. Everything. Vasya's full chat history is loaded in my browser.
  8. We remove traces and return someone else's smartphone to its place.

Now I see all of Vasya's past and current correspondence. I will see her at least until the end of the day, until WhatsApp changes the key or Vasya manually disconnects the web session. To disable it, he must suspect something was wrong, then enter the same WhatsApp Web menu item. There he will see a message about the last web session ... which will be completely uninformative. It indicates only the city (by GeoIP), browser and OS. Vasya and I all of these variables completely coincide (one laboratory, one network, typical computers with the same software). Therefore, this record does not give him cause for concern.

The web session is convenient for ongoing monitoring. Additionally, you can do backup chats - for the record.

A few days later, Vasya switched to Telegram. The method of controlling his correspondence was broadly the same.

  1. We take his smartphone, unlock it with the usual "letter siu" and open Telegram.
  2. We go to the Telegram website in our browser.
  3. Enter Vasya's phone number.
  4. We catch the confirmation code that came to his Telegram.
  5. We enter it in our browser window.
  6. We delete the message and all traces.

Soon Vasya installed Viber, and I had to do a new trick.

  1. We take his smartphone for a couple of minutes.
  2. Open Viber → “Settings → Calls and Messages → Email Log”.
  3. We copy the archive to a USB flash drive (OTG) or send it to ourselves in any other way. Fortunately, Viber provides dozens of them.
  4. We return the smartphone and remove the traces.

The thing is, Viber doesn't have a web version. It would be possible to install the desktop one and also link it to Vasya's Viber mobile account, but I chose the method that was easier to implement.

Vasya "sat down for treason" and put on Signal. Hell, this is the exemplary messenger recommended by Schneier, Snowden and the Electronic Frontier Foundation! He does not even allow the user to take screenshots of the chat. How to be?

Again, we wait for a convenient moment and launch Signal on Vasya's smartphone. The messenger requires you to enter a passphrase, which I don't know ... but I know Vasya! Trying his birthday - doesn't fit. I try the code from our laboratory diplomat - it came up. It's even boring. We go to the messenger settings and stop, like a knight at a crossroads. It turns out that there are many options to get to the chats. For example, Signal allows one command to export all correspondence, and only in clear text.


Then you can head to Settings → Linked Devices and repeat the trick you did with WhatsApp earlier. Signal also opens a web session via a QR code. There is even a separate extension for this in Google Chrome.


Clone all Signal chats in Chrome

With a bonus, all contacts can be dragged out of the Signal web session. Will come in handy.

Bottom line: I don't know Vasya's encryption keys (and he doesn't know them himself!), But I can read his past and current correspondence in all messengers. Vasya suspects nothing and continues to believe that "end-to-end encryption" guarantees him complete confidentiality.

With physical access to a smartphone, it becomes easy to gain control over any messenger, but even it is not necessary for hacking messages. You can lure a victim to a phishing link and remotely pull a smartphone - in old Android versions and the preinstalled browser lacks holes. The Trojan will receive a root (now this is a routine automatic procedure), start taking screenshots, memory dumps ... or simply make it easier to back up all chats of the next messenger in clear form.

Telegram

This messenger is worth talking about separately for a number of reasons. First, it uses a different end-to-end encryption protocol - MTProto. After getting rid of childhood diseases (

Telegram security is a very exciting section for all users of the application. We will tell you everything in one article about Telegram and its security. Read faster!

One of the most important criteria in favor of choosing an application is the safety of the user and the preservation of the data received by him. Almost all programs and applications, despite high degree protection, amenable to hacking - information was transferred to third parties, and accounts were used as a carrier of spam. The developers provided for the possibility of full control over access to the profile, therefore, when creating the application, a secret code was used, which cannot be opened. The developers have proven: Telegram = security.


Since the release of the application, since 2013, not a single case of hacking of the messenger has been recorded. The creators of the program, confident in the super-security of their development, created a competition - the winner will receive tens of thousands of dollars if he gains access to someone else's profile and opens the message history. Inspired by such an award, thousands of genius programmers tried to do this, but their attempts were unsuccessful - can you imagine the security level of the Telegram application? Nevertheless, one person partially made a victory: nevertheless, he could not find out the history of messages, but only found a vulnerability in chats. As a result, he got only half of the prize money, but Pavel Durov made a "Knight's move" and invited this programmer to work in the messenger.

Is Telegram safe in the Russian Federation?

This is interesting: Telegram uses a special encryption protocol that was developed by Nikolai Durov and a team of programmers. It is one of the most secure protocols for 2016. That is why Durov had a conflict with the FSB in 2017, they simply could not listen to Telegrams.

How to increase the security of Telegram?

Despite the strong security, you should not neglect the precautions - the program has a high level of additional protection:

  • Do not give your phone to unauthorized persons under any circumstances, even if you are sure of them;
  • Set a password on your phone, and do not tell anyone;
  • Do not be limited to one password - in the Telegram settings (privacy and security section) set a double access code;
  • Hide your phone number on the main Telegram profile page (we remind you that the application provides access to this information only for saved contacts);
  • Always end started sessions and log out of your profile;
  • Use self-destructing and secret chats;
  • Set restrictions on the sharing of information the last time you were online.

Real Telegram users have left very positive reviews about the security of the messenger. You can read them both on the main page of Telegram in the app store, and by looking at various reviews of bloggers.

Interesting feature is that in addition to the MTProto encryption protocol, users can configure both two-step authorization and self-destructing messages and account destruction. Which casts doubt on any hacking attempts, even from the FSB. by the time you gain access (and this is almost impossible), either the correspondence can be destroyed, or the account will no longer exist! All the same applies to and - secure, encrypted and you can destroy the account.

Providing data to third parties

Many large companies and applications admit that they have access to user accounts, use their data and saved files, explaining that it is easier to find out what the program lacks. Many users are extremely unhappy with this outcome. With Telegram, you don't have to wonder whether it is leaking data to the FSB or to third parties - even the developers do not have access to other people's profile data. In the confrontation with Telegram, the FSB repeatedly demanded to provide such information, but the FSB's demands were never fulfilled.

Telegram security or the wiretapping myth

Another important problem is the possibility of eavesdropping on FSB data. There is no reason to panic: thanks to the high level of protection and strong encryption of Telegram data, the data cannot be eavesdropped and transferred to fraudsters. Before wondering whether it is possible to listen to the data or not, check out the user statistics: Telegram users include businessmen and well-known politicians, special services and even secret groups. None of them could complain about Telegram's poor security. The cryptographic contract established by the creators of the application provides an additional layer of protection. So, answering the question whether it is possible to listen to a Telegram in the Russian Federation, the answer is quite unambiguous - no (or not yet), even if you are a secret agent of the FSB) Also, if the program registers a hacking attempt, it automatically sends the user an access confirmation code, which, in in turn, also excludes the possibility of hacking.

On the other hand, the majority of users actually still listen to Telegram by the FSB special services or not, because there is essentially nothing to hide.

The instant messaging program "Telegram" from the creator of the social network "VKontakte" is called the main competitor of the world famous WhatsApp. At first glance, they are really similar: the same purpose, almost the same dialog boxes and similar functionality. So maybe these are clone apps? Or are there global differences between them? And in general, was there any point in creating a product that already has analogues?

I offer a brief introduction to the free cross-platform messenger "Telegram". After reading, you yourself will answer these questions and you will be able to decide whether it is worth switching to it from competitors' products.

Why Telegram was created

According to the author of the project, "Telegram" is, first of all, a secure messenger (). This messenger was created precisely for the purpose of protecting the data exchanged by users from interception and eavesdropping. To do this, the program uses its own cryptographically strong encryption technology MTProto, which, if not impossible, is very difficult to crack. This is exactly what WhatsApp, Viber and other similar products do not have.

Another goal is to get the fastest messenger in the world. The developers also coped with this task with a bang, so that high speed and low traffic consumption are the second global difference between Telegrams.

How to use the program

Phone binding and russification

Let's start our acquaintance from the moment of installation. Download Telegram for your computer or mobile device and install as a normal application. After starting, enter your number into the messenger mobile phone- this will be your account. This will be followed by a check - a confirmation code will be sent to the specified phone. After verification, enter your first and last name in your profile so that other users can find you by them. This completes the registration.

By default, the messenger is set to English language, and switching it to Russian just won't work. To add Russian, Ukrainian, Belarusian and a number of other missing languages ​​to Telegram, you need to download the localization file by sending it to yourself from another Telegram client. Or request it from Robot Anton by sending one of the commands:

  • locale android- means "send a crack for your Android phone or tablet."
  • locateios- the same for Apple gadgets.
  • locate tdesktop- for Windows.
  • locate osx- for OS X.

After the file has been sent, click on it to download it to the device (the arrow should be replaced with a paper clip).

In the mobile version of the client, click on the "three vertical dots" button, which is located on the right side of the message.

Select the item " Apply localization file", Go to the section" Settings» – « Language»And install the Russian language.

In the computer version (Windows and OS X), right-click on the sent file, select “ Save File As”And save it anywhere.

Download the crack and restart the application.

Adding contacts

To search for acquaintances among Telegram users, open the menu " Contacts". The list will display the people whose numbers are in your phone book. To add new contacts, open the section of the same name and click the button shown in the screenshot.

Enter your phone number and username. Click " Save».

To start communicating with people who do not use the program yet, go to the section " Contacts" and press " Invite friends».

Select the means with which you want to send them an invitation, for example, Skype, WhatsApp or SMS sending program.

Find a friend in the contact list of this app. A link to download Telegtam will be attached to your invitation.

As soon as a friend installs the messenger, he will immediately appear in your contact list.

Message exchange

To send a message to someone, click on the username "Telegram", type text in the chat window, or click on the "Microphone" icon and record a voice message. Click the submit button.

You can attach files to messages, as well as insert emoticons and stickers - pictures that express emotions.

To create the most secure chat - secret, click in the menu " New secret chat»And select the subscriber. Everything that you pass on to each other will remain strictly confidential.

For additional protection from prying eyes, the secret chat data can be deleted - either manually or by timer, using the menu options (which opens via the "three dots" button in the upper right corner).

In addition to individual chats, the program has a messaging function within the group (launched through the main menu - " A new group") And creating channels (in the same place, through the line below). A channel is, as a rule, a mass distribution of demonstration materials to selected subscribers.

By the way, besides living people, robots (bots) live in Telegram. Bots are scripts designed to perform a task. For example, registering users on your site, counting posts, and more. If you wish, you can order your own bot with a given set of functions.

What else distinguishes Telegram from peers?

In addition to enhanced protection and high transmission speed, this messenger is distinguished by the fact that:

  • Works in the cloud, synchronizes not only settings and contacts between devices, but also chats (except for secret ones).
  • Allows you to exchange any files, not just videos and photos. And there is no size limit.
  • Works on both mobile and stationary platforms, and also has a web version.
  • Open source code (not all of them yet) and the API of the program can be used by everyone.
  • Doesn't show ads.
  • Free even for commercial use.

And if you find fault, you can find a couple of shortcomings: the lack of an invisibility mode and excessive body movements when adding the Russian language. To the second, the developers gave the following explanation: "the Russian-speaking audience can successfully replace Telegram with the VKontakte messaging function, and besides, the active increase in users from Russia will most likely become a reason to ban the distribution of the program in our country."

I think it's not worth explaining why you need to protect your messages, so let's skip this point and move on to the main dilemma - can such messengers do this? Today, there are many options for encryption: crypto, double (or even triple) identification, PIN, and others. The messages themselves can self-destruct, be encoded or sent directly to the user, bypassing the server.

advertising

Note that the last method is the safest: information is not stored anywhere and, therefore, a third party cannot intercept it. True, in this case, a dry conversation between two "conspirators" turns out, which makes the messenger highly specialized. And if you also want video calls? Perhaps we'll start ...

... from an old friend - Telegram. This application continues to grow in features and clearly deserves attention. So let's check its latest version and find out if it's as secure as they say.

The second test subject is SafeUM, which is distinguished by a huge number of different protections, which makes the study more interesting, and will end the review of VIPole Secure Messenger, which offers secure voice and video calls. Thus, we will try not to miss anything and will be objective.

The test equipment was a DEXP Ursus 8EV2 3G tablet (Android 4.4.2, MT8382 processor, 4 x Cortex-A7 1.3 GHz, Mali-400 MP2 video core, 1 GB of RAM, 4000 mAh battery, 3G module, Wi-Fi 802.11 b / g / n).

advertising

Telegram

Acquaintance

Telegram does not need an excessive introduction, since we have already written about it. However, it's time to refresh your memory, because a lot has changed in this application, and the overview of protected messengers would not be complete without it.

But is this program really so secure if it stores messages in the cloud, transferring them through different servers? Which Telegram feature can really be called "secret"? Has the application itself changed for the better? This is what we'll talk about.