Russian police have started stopping people in the street and scrolling through messages stored on their phone, according to a video uploaded to social media. This has started widespread concern around what police may do if they find messages they determine warrant arresting someone, and comes as Russia has detained thousands of people for protesting against the country’s war against Ukraine.
Both Ukrainian and Russian officials are using Telegram to share information, as well as pro-Ukrainian hacking groups and ordinary citizens to share images of resistance. With that in mind, here are some pieces of advice for using Telegram, one of the most popular messaging and social network apps in Russia and elsewhere, a bit more securely when it specifically comes to deleting messages stored on the user’s phone.
UNDERSTANDING DISAPPEARING MESSAGES
Telegram has a variety of features that can delete various types of messages, either manually or automatically over time, but understanding their limits and nuances is important for ensuring that you’re only retaining data that you want to.
Ordinarily, Telegram messages between people do not disappear automatically. Users need to either select individual messages that they wish to delete, or click the “Clear Chat History” option. This will remove all the messages between the two people. Users can also click the stopwatch option and select a timer for any messages sent following that to be deleted after a certain period of time, such as one day, or one week.
Those settings will not remove evidence that a conversation did take place, though. In your conversation screen which lists all of the different conversations you are currently part of, it will still show the username or account you communicated with, only the messages will be deleted. To remove that evidence as well, a user needs to select “Delete Chat.”
Normal Telegram chats are not end-to-end encrypted. Telegram’s ‘Secret Chat’ feature starts a conversation with end-to-end encryption (other apps, such as Signal, Wire, and Wickr, use end-to-end encryption by default). The Secret Chat feature also allows shorter time periods for automatically disappearing messages such as one or five seconds. This timer will only start once the recipient has read the message, though, not after a user has sent the message. So if the person the user is talking to doesn’t see or receive the message, it may remain on the sender’s phone unless manually deleted.
The Secret Chats feature also has the same issue where although the messages themselves are removed by automatically deleting messages, the existence of the conversation remains. Once you’re done talking or want to remove evidence of the conversation from your phone, you can select the “Delete and Leave” option at the bottom of the chat window or “Delete Chat.”
CHANNELS WORK DIFFERENTLY
One of the most popular features on Telegram is its channels, where administrators often broadcast messages to hundreds, thousands, or sometimes even more subscribers. Administrators—the people who run these channels—can set the channel’s messages to expire after a certain period of time. However, individual members of channels cannot do this themselves. If a user is a member of a channel and needs to remove messages from that channel from their phone, they should leave the channel itself. This will remove the channel’s messages.
Telegram confirmed this in a message to Motherboard. “Auto-delete is indeed for the channel or group admins to decide. A member of that community can leave to remove those chats from their devices,” the company wrote.
CASUAL INSPECTION IS NOT THE SAME AS FORENSIC EXAMINATION
In the video shared online, the Russian police officers read through their subjects’ messages in the same way an ordinary user would, by just using their finger to scroll through the conversation histories. Disappearing messages and deleting evidence of conversations may be suitable for combating that sort of casual inspection, but forensic examination could pose its own threats. Law enforcement agencies often use specialist forensic technology and tools to not only unlock the devices of people who refuse to give them the password, but also to retrieve data stored on the phone, including data that the user may believe was deleted. Telegram did not respond to a request for comment on whether it believes its disappearing messages features are forensically sound.
Do you work at Telegram? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email firstname.lastname@example.org.