Privacy concerns related to sharing data with Facebook drove a sea of users away from WhatsApp and towards other chat platforms, including Telegram. The messaging app is used by more than 500 million active users. However, that begs the question: is Telegram secure at all? We clarify all questions about security here.
What is Telegram
Telegram is a cloud-based instant messaging app that launched in 2013 and has since gained a loyal user base. It was developed by Pavel and Nikolai Durov, two Russian brothers best known for developing the social networking platform VK (formerly VKontakte).
The app offers a secret chat option with end-to-end encryption, as well as a regular chat variant that is encrypted in the Telegram cloud. It's available on iOS, macOS, Android, Windows Phone, Windows, and Linux.
You can see a regular chat in the Telegram app for Android. Is Telegram encrypted?
The app has two layers of encryption. Private and group cloud chats support server-to-client encryption, while secret chats benefit from client-to-client encryption. Telegram encryption is based on 2048-bit RSA encryption, symmetrical 256-bit AES encryption and a secure Diffie-Hellman key exchange..
Server-Client Encryption
MTProto is the custom mobile protocol developed by the Telegram team. It is important to mention that MTProto only applies to standard cloud chats on mobile devices and does not offer end-to-end decryption by default. This is a notable security issue related to Telegram. MTProto has already received a lot of criticism. This symmetrical encryption scheme used in Telegram is not IND-CCA-safe. This makes it possible to convert any ciphertext into a different ciphertext that can be decrypted into the same message.
End-to-end encryption
The problem with Telegram's E2E encryption is that it is not applied by default. Most of the chats (cloud chats) on Telegram are securely encrypted as they are transmitted between your devices and Telegram's servers. As soon as chat messages arrive on the Telegram servers, they are encrypted with MTProto while they rest on the servers. Telegram can, however, read chat data as it takes over the encryption / decryption of the messages on the servers.
Other messaging services, such as Signal or WhatsApp, use end-to-end encryption as standard on all communications. The service cannot read these messages. Only the sender and the recipient can read E2E-encrypted messages. In other words, any service that uses E2E encryption on all of its messages is more secure than Telegram.
Telegram supports end-to-end encryption for two types of communication: secret chats and voice calls . Secret chats are chats that are not stored on Telegram servers and are only accessible to the devices involved in the chat. Secret chats should be just as secure as MTProto, but users need to remember to turn them on. You can read about how to create secret chats in Telegram in another article.
Voice calls are automatically E2E encrypted, which also makes them as secure as MTProto allows..
How does Telegram process personal data?
First of all, Telegram's process of preventing spam and abuse includes collecting information such as IP addresses, device details, history of username changes and more. This data, when collected, is stored for a maximum of 12 months before being deleted. This gives malicious third parties plenty of time to gain access to it.
Second, Telegram moderators are allowed to read standard chat messages marked as spam and abuse to determine if this is true or not. While this is reasonable practice, it also means that others can read what you write there.
Finally, the app can also save aggregated metadata to better customize your experience. For example, it calculates a rating based on who you text most frequently to create a personalized list of contacts that appears when you open the search menu.
None of these three concepts is unknown in the digital world. However, as a user, you must be aware of how your sensitive data is handled before you share it in an app.
Who does Telegram share your data with?
In addition to the other users with whom you communicate via the app, Telegram indicates two further possible data targets in section 8 of its data protection policy entitled "Who may be provided with your personal data". First, and this is obvious, Telegram shares its users' personal information with its parent company and a group member that provides support for its services.
However, Telegram also reserves the right to pass on your IP address and telephone number to government authorities. However, this only happens if the company receives a court order stating that a user is under suspicion of terrorism.
Right-wing extremist content on Telegram
Messenger is the youngest social network that is under pressure to contain extremist content. It is criticized that conspiracy theorists and right-wing extremists cavort on Telegram. Dozens of posts and online groups with violent content related to the riots in Washington and the Capitol storm, for example, have been removed from the platform, according to Telegram.
Following the closure of Parler, the social network primarily used by right-wing extremists, and efforts by Facebook and Twitter to rid their platforms of hateful material, far-right users have flooded other social networks such as Telegram.
The fact that, despite Telegram's alleged efforts, numerous public channels and groups with hate speech, conspiracy theories and racist memes persist, gives reason to believe that Telegram does not take content moderation as seriously as other platforms.
Advantages and disadvantages of Telegram
Here is a quick recap of the pros and cons:
+ Advantages
- Open source apps and Telegram database library
- Self-destructive news
- Users can be logged in on multiple devices at the same time
- Supports two-step authentication
- GDPR compliant
- Disadvantage
- Registration requires a phone number
- E2E encryption for secret chats only
- No third party audits
- Servers are not open source
- Logs the IP address and other user data
- Administrator can read personal messages marked as spam
Conclusion on Telegram's security
So is Telegram safe? No, or at least not as much as it would like to be. Nevertheless, it has its advantages over other messengers. If you take the right security precautions beforehand, Telegram, with its 500 million user base, is a place to connect with friends or family. However, if you are extremely concerned about your privacy, you might want to keep your hands off Messenger. You should definitely not share important or very personal data there. Because Telegram is, in fact, not as secure as the company claims to be. Also Read: Telegram Chat: The Safe Privacy Nightmare - An Analysis And A Commentary.
