This is the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

It’s Kevin Pham, intern on the Digital Security Training team, taking over the newsletter this week.

In the news

Following the recent arrest of Telegram founder and CEO Pavel Durov, the messaging app has modified its FAQ page to clarify some new rules. It had previously claimed that information related to private chats would be immune to government inquiries. Instead, Telegram has removed these references to highlight its “Report” feature. This signals a modest change in its historically relaxed content moderation policy.

In a statement to The Verge, Telegram spokesperson Remi Vaughn writes, “On Telegram you could always report messages from any group to moderators, this acts like forwarding. Private chats are still private too – although you could always report a new incoming chat to moderators by using Block > Report. Anyone can check Telegram's open source code and see there were no changes. The FAQ change only made it clearer how to report content on Telegram, including via DSA. The removed language was never related to content reporting.”

Even if the Report feature had been implemented before Durov’s legal troubles, Telegram is rarely compliant with government inquiries. Its financial structure operates through a complex network of shell companies that can obscure subpoenas and takedown requests. However, this method is not as reliable as end-to-end encryption, which Telegram does not implement by default. Read more here.

What you can do

In the wake of Durov’s arrest, we covered Telegram’s lackluster security features. Although a spokesperson claimed that private chats remain usable, it is clear that end-to-end encryption works best when enabled by default. Despite marketing itself as a secure messenger, Telegram operates much more like a social media platform, where people have fewer expectations of privacy. End-to-end encrypted apps like Signal don’t face similar moderation issues, as there is less to moderate on their end. If you are a journalist who heavily uses Telegram, consider these points:

  • Signal allows you to have group chats that can contain up to 1,000 people, and video calls up to 50 people. While there are security concerns with having that many recipients in a conversation, small-to-medium-sized group chats work well on it.
  • Followers or potential sources should be encouraged to contact you through a secure communication method like Signal. Make sure that your contact information is easily viewable on your profile. You may find our guide on setting up secure tipline pages helpful.

Updates from our team

  • Our second advice column just dropped, and this time our team answers a question about what happens if you lose the phone where you store your two-factor authentication codes. Give it a read! We’re just getting started here, so let us know what you think. Check out our announcement and submit your questions.
  • We’re co-hosting “Source!,” the London Logan Symposium, with The Centre for Investigative Journalism on Nov. 14-15 in London, England. Hear from journalists from all over the world about press freedom issues and the challenges they face in protecting themselves and their sources. Register to attend here.
  • Now that Signal supports 50 users in a videoconferencing call, instead of 40, we’ve updated our guide to videoconferencing tools with this change. Check it out.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Kevin

Kevin Pham
Digital Security Training Intern

Freedom of the Press Foundation