The Telegram instant messaging app is a favorite amongst blockchain and cryptocurrency enthusiasts because it puts tremendous emphasis on encryption. Telegram founder Pavel Durov even holds contests with prizes of over $200,000 to showcase Telegram’s encryption, by encouraging participants to target it.
In two ICOs earlier this year, Telegram raised $1.7 billion to build a payments capability, a self-sovereign identity solution, and a platform for dApps (decentralized blockchain-enabled applications) on top of its existing messaging service. Though ICOs have the potential to disrupt traditional finance (as I discussed recently), many of last year’s ICOs were by cryptocurrency startups promising easy, outsized returns. Most of last year’s ICOs proved to be poor investments or outright scams. In this environment, Telegram’s ICOs were attempts at a different model: a successful company with a large user base seeking to raise funds to bolster its blockchain-related offerings.
Last month, Telegram took a major step toward delivering on its vision by introducing the Telegram Passport: an identification and authorization solution that allows users to “upload your documents once, then instantly share your data with services that require real-world ID (finance, ICOs, etc.).” The Passport is an early effort at creating a self-sovereign identity (which I recently wrote about), whereby an individual’s identity information can be stored and accessed only by that individual (ideally on their personal devices). Without being included in a centralized repository, it can still be provided to third-parties whenever necessary with proper consent.
For the time being, Telegram will store personal data on the Telegram cloud, secured by end-to-end encryption. Thus, only users and the service providers they share information with will be able to see the encrypted information. Each Passport user will be asked to select a secret password. Telegram will have no access to the password either, since it will be stored in an encrypted format. Surveillance of data stored or transferred in this manner is very challenging or impossible, since even Telegram will not be able to see the personal data, accompanying messages, or passwords. Eventually, Telegram hopes to reduce its reliance on cloud storage of data altogether and to move to a decentralized system, perhaps using blockchain technology.
In addition to storing and sharing personal information, Passport incorporates ePayments, the “first electronic payment system to support registration and verification.” Founded in 2011, ePayments is part of Single Euro Payments Area and SWIFT, and it holds an e-money license from the UK Financial Conduct Authority. ePayments allows users to create an account that stores cryptocurrencies and processes payments. It supports transactions in Bitcoin, Ethereum, Litecoin, and other cryptocurrencies. Currently, ePayments has over 600,000 clients and an annual turnover of £3.5 billion ($4.5 billion).
With the introduction of Passport, Telegram has established itself as an early mover in full-service digital and self-sovereign identity solutions. Passport’s integration with ePayments will help verify and attach identities to these transactions, while maintaining anonymity and secrecy to anyone except the transacting user and the third-party service the user is transacting with.
How to Develop Apps that Integrate with Passport
Telegram is inviting developers to integrate Passport with their own apps, free of charge. Currently, Telegram verifies identities itself, and therefore Passport-integrated apps are required to use the Passport API or SDK. However, in the future, Telegram hopes to add third-party verification, so that rather than relying on the API or SDK, a Passport-integrated app can use a third-party verifier to authenticate accounts.
The Telegram Passport Manual lays out the following steps for developers looking to add Passport integration to their apps:
1. User clicks ‘Log in with Telegram’ on developer’s app
2. Developer’s app requests the data it needs
4. User’s Telegram app downloads and decrypts the data from the end-to-end encrypted Telegram cloud. If any requested data is missing from the user’s Passport (ie the user never uploaded it), the user can add it to the Passport now.
5. User’s app encrypts the data with developer’s app’s public key and then sends it to developer’s app
6. Developer’s app decrypts the data, and can request any other required information.
7. User is authenticated, and can now sign up for developer’s service.
With Passport, Telegram has ventured beyond its messaging roots to become an early provider of self-sovereign identity solutions. Though ePayments integration adds early functionality to Passport, ultimately Passport’s attractiveness to users will depend on its ability to develop a rich, varied dApp environment. Additionally, if Passport finds success as a mainstream blockchain identity solution provider, it can expect to face significant demands by governments seeking to monitor particular transactions or combat bad actors on its platform. Though Passport is an early entrant, we can expect plenty of competition in this space.