This is the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

It’s Kevin Pham, intern on the Digital Security Training team, taking over the newsletter this week.

In the news

The arrest by French authorities of Telegram founder Pavel Durov in connection with alleged illegal content on the messaging app has helped foster the mistaken notion that it is a standard end-to-end encrypted messenger.

Telegram, known for its relaxed moderation, is actually more popular for its unencrypted group chats and broadcast channels. This explains why some journalists use Telegram for their investigative work on extremism, disinformation, and global conflicts.

Durov has previously bashed mainstream end-to-end encrypted messenger apps in favor of Telegram. He even claimed that Signal’s encryption is inferior despite evidence to the contrary.

Johns Hopkins cryptography professor Matthew Green deconstructed these arguments in a blog this week, arguing that Telegram does not meet the definition of an encrypted messenger. “If you want to use end-to-end encryption in Telegram,” he added, “you must manually activate an optional end-to-end encryption feature called ‘Secret Chats’ for every single private conversation you want to have.” Read more here.

What you can do

Telegram should not be utilized for confidential conversations. However, we also know that more secure alternatives are banned in many regions where Telegram is popular. If you must use it for investigative or personal purposes, we recommend the following steps:

• In Telegram, end-to-end encrypted secret chats only work in 1:1 conversations and are disabled by default. We know most people will use the default settings generally; this is why if Signal is available in your region, we recommend using it when possible.
• We recently wrote about Signal's options for bypassing censorship in a recent edition of our newsletter. Check that out here.
• If you need to join group chats and broadcast channels, avoid displaying personally identifiable information on your Telegram profile. In “Settings,” go to “Privacy and Security” and scroll down to the “Privacy” section. Make sure that nobody can see your phone number, profile photo, date of birth, and last-seen status.
• You can also register a new account with a virtual number provider like Google Voice. Consider minimizing personally identifiable information on your user profile.
• Media files like images and videos could potentially spread malware. To prevent auto-downloads, go to “Settings” > “Data and Storage” > “Using Cellular” and “Using Wi-Fi” > “Auto-Download Media.”
• To learn more about how to use a variety of other encrypted chat tools, check out our guides to secure communication.

Updates from our team

• Are you a journalist with a digital security question? Share it with us for our new digital security advice column! We’re trying this out for the first time, so let us know if you like this kind of thing and if you’d like to see more: https://freedom.press/training/blog/advice-column-announcement

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Kevin

–

Kevin Pham
Digital Security Training Intern
Freedom of the Press Foundation