We’ve come a long way regarding communications. Not so long ago, phones used to make calls only; however, the landscape is undoubtedly broader. We now have many options to connect and interact with friends, family, coworkers, and more. Telegram, an online messaging app, is one such option for engaging in communications nowadays. But is it safe to use Telegram? That’s the question people ask the most.
In this article, we will look closely to this question and explore the security aspects of this amazing messaging apps.
Telegram, at its core
Russian brothers Pavel and Nikolai Durov launched Telegram in 2013, aiming to put on the market a messaging app focusing on privacy and speed, which, to this day, it’s safe to say is a mission accomplished.
This cloud-based messaging app protects users’ privacy to a degree where many possibilities come to the surface (more on that in ‘The dark side of Telegram‘ section).
However, on a primitive level, one could say that much like any other messaging app, Telegram offers similar options. That is sharing texts, multimedia, emojis, stickers, GIFs, recordings, locations, etc. You can also create chat groups a thousand times (literally) bigger than WhatsApp, with up to 200,000 members per group.
These outstanding features speak for themselves. Nonetheless, Telegram’s security remains a topic of discussion.
So, what’s the reality? Buckle up while we disclose the results of our Telegram security inspection.
Encryption
When you think of security in messaging apps, the first word you associate with it is encryption. End-to-end encryption is a method that encrypts messages across apps and forbids third parties from accessing the content.
This method gained popularity in 2013 after whistleblower Edward Snowden’s report, and years later, it became a recurrent practice in a group of apps and software to protect and ensure privacy.
Regarding this, Telegram uses a mix of encryption methods. There are currently two modes, the standard one and the Secret Chat mode.
Although the standard mode doesn’t use E2EE, Telegram has found a way to make privacy a priority. Their privacy policy says in clause 3.3.1.
All data is stored heavily encrypted, and the encryption keys in each case are stored in several other data centers in different jurisdictions.
Like this, local engineers nor physical intruders can access the data and manipulate it. If a third party were to request stored information, it would have to go through endless legal loops and jurisdictions, resulting in a complete blockage of the requested data.
However, as stated before, even though the standard mode keeps the data secured, it is still cloud storage.
On the other hand, the Secret Chat mode is the perfect choice for thoughtful users who worry about their privacy. In this mode, all the messages or data you share don’t allocate on Telegram servers; the recipient keeps them locally in their device and can only decypher the data with the appropriate decryption keys.
A cloud-based app
A regular Telegram user would think of the app as a messenger. Nonetheless, it is, at its core, a chat cloud service. Cloud-based chats allow you to access your data from multiple devices; even though they’re not end-to-end encrypted, they are relatively safe, and you can activate the Secret Chat mode if you want an extra layer of protection.
Protocol
Telegram has developed a cryptographic protocol named MTProto that helps protect the privacy of its users. This protocol received a bit of backlash in the past, especially in early versions, where they used the obsolete SHA-1 function.
They amended this error later with the MTProto 2.0, which uses SHA-256 instead. The implementation of this protocol was well received overall. In 2021, a researcher pointed out vulnerabilities in the encryption, but Telegrams’ team made changes based on the researcher’s observations.
Telegram rules of privacy
The founders of Telegram created the app intending to provide the most private possible experience. They don’t want to use data to their advantage; for this reason, they built two essential rules.
- They won’t use all data collected for advertisement purposes.
- They will store only essential data.
In short, you can count on the Durov brothers to have your back. But what about the data Telegram collects?
Data management
To enforce the protection against spam and abuse that Telegram guarantees in its Privacy Policy, they collect metadata from each user, such as IP address, username, contact list, phone number, the device used, etc. And they can keep this information for as long as 12 months.
Telegram privacy becomes ambiguous as they claim to be 100% focused on protecting people’s identities. Yet they access, copy, and save your contact list to use in the future. They store and use the full names and phone numbers of the contacts on your list to notify you when someone has joined the community.
Undoubtedly, this is an endorsement of the “is Telegram a secure messenger?” question all over the internet.
Telegram Data Report
At least not all is lost. If you want to know what data Telegram stores from you and for what purposes, a resource you can use is the Telegram Data Report bot available in the app.
Because Telegram complies with the GDPR law created in 2018 by the European Union, you have the right to know the data they collect from you and the circumstances for the collection (GDPR Art. 15).
Requesting this report is quite simple; you need to follow these steps:
1. Install the bot on your mobile app
Open Telegram and go to the search bar. Once there, type “@GDPRbot” and select the verified option; it should look like this:
2. Install the desktop app on your laptop or computer
The previous step will allow you to request the data. However, you will access the download from your desktop app. Make sure to download and install the desktop app accordingly.
You can do this by going to https://desktop.telegram.org/ and clicking the download button. The default download will match the characteristics of your device.
3. Request the data from the chatbot
Go to the chatbot and click on the “Start” button.
After you do this, a chat window will open, followed by a “/start” command sent automatically and a welcome text. You will find in this text what you need to type in to request your data or contact authorities.
Now, type the “/access” command to download your data. Once you’ve typed and sent this, you will receive a message with instructions.
4. Download the data from your desktop app
Go to the top left of your desktop application and click on the three lines to see the drop-down menu.
After this, click on “Settings,” then “Advanced,” and scroll down to the “Export Telegram Data” option. Set the data you wish to extract and click on “Export.”
Important note: For safety reasons, the data will be only available after 24 hours of the request. You need to authorize the export request from all your devices first.
The dark side of Telegram
In contrast to the quest of the founders to make the service a transparent messaging alternative, Telegram security has lost its vigor as the app hosts an increasing number of illegal activities. That’s one of the reasons why many people consider deleting Telegram accounts after some time.
Precisely because of the lack of traceability, all sources of criminals use Telegram for scamming, hacking, malware sharing, copyright infringements, pornography, and other forms of criminal activities.
The app has slowly become a deep web for dummies, which has caused general concerns in the community. The chat groups being as big as they are, allow users to connect with thousands of people, resulting in an enormous opportunity to plan for riots and protests. For example, Rotterdam rioters connected through the app.
This fact has raised awareness among some countries that have opted to ban the application to reduce the risk; this is the case of Iran, Pakistan, and China. From 2018 to 2020, Russia joined the latter nations and blocked the app after Telegram refused to share encrypted messages on the chat.
Telegram business model
It’s safe to say rather than being a well-cemented business model from the beginning, Telegram’s creation has responded to the final user demands, not the founders.
The company predominantly relies on the financing of its founder Pavel Durov and his board of investors. While many argue this is not sustainable, the team resists putting ads on the messenger. The revenue is not the main topic of discussion; instead, the company focuses on allowing to send messages fast and 100% free.
Nevertheless, in hopes of supporting the growth of the application, the team has explored new ideas, such as a Telegram premium version.
Subscription model
Telegram announced its subscription model in June 2022; Durov’s channel described this as “a subscription plan that allows anyone to acquire additional features, speed, and resources.”
The announcement explained that, since its creation, the app allowed its users far more possibilities than any other messaging platform. They said; to continue to offer a reliable premium-like service for free, they must create a paid version.
The free version will continue to exist, but they’ll double the limits for premium subscribers to offer them even more options. From faster downloads to exclusive stickers, up to 4 GB uploads, voice-to-text conversion, chat management, premium badge, and more.
Telegram privacy tips
With all the controversy around the app, there are many uncertainties about how to use Telegram securely. In this Telegram security review, we’ve gathered the best privacy tips for you to apply:
1. Keep it “Secret”
If you want to take the most out of Telegram’s privacy, you need to activate the Secret mode. A common misconception is this mode is automatically activated, but that’s not the case.
To access end-to-end encryption, go to the contact’s profile, and click on the three dots in the upper right of the screen. Once you do this, you’ll see a list of options, select the “Start Secret Chat” one and activate the Secret mode.
Not only will this ensure your messages are encrypted, but it will also forbid forwarding and screenshotting (except for iPhone users. Don’t worry, you’ll be notified if a screenshot is taken), and you’ll have a self-destruct timer.
2. Level your security up
You can keep your privacy from people with access to your phone by activating an extra layer of security called Two-step verification.
To do this, open the app, click on the three dots in the upper left of the screen, select “Settings,” then “Privacy and Security,” and then “Two-Step Verification.”
You’ll need to set a password you’ll be asked for when you log in on a new device, in addition to the SMS you receive. There are some optional steps in case you forget the password, such as setting a password hint and entering a recovery email.
If you want to armor yourself, make sure you do this. That’s because if you lose your password, you won’t be able to access your account.
3. Make messages go away
On the standard chat mode, you can auto-delete messages by tapping the three dots in the upper right of the chat window and then selecting the “Auto-Delete” option. After this, you’ll need to set the time after you wish messages to auto-delete.
4. Define what privacy means to you
Telegram offers plenty of options for users to customize their privacy and security settings. You get to choose what you want others to see or do; that includes your phone number, last connection, profile pic, forwarded messages, or the ability to call you.
To do this, go to “Settings,” then to “Privacy and Security,” and tailor from there.
5. Use a VPN
Nothing says more anonymity than a Virtual Private Network (VPN). A VPN is a Software as a Service that allows users to hide their IP addresses by encrypting the traffic and providing a proxy server to connect without a trace.
Whether you want to stay safe and anonymous online or use Telegram in a country where the app is banned, a VPN is your go-to option.
Our top recommendation is ExpressVPN. This VPN provider tops the countless options on the market by being easy to use and having 3,000+ servers in around 94 countries.
Telegram or WhatsApp?
For sure, this is the most argued question. But its answer depends on what you’re looking for as a user.
In terms of privacy, Whatsapp has everything to lose. Since 2014 when Facebook acquired the app, the fear of the users that the app would share information for advertisement became a reality.
It’s simple if you’re looking to be private, stay safe on Telegram. On the other hand, if security is the subject, people often forget Telegram offers encrypted messaging only in Secret mode, while Whatsapp has it by default. For average users, WhatsApp with a VPN is a better combo than Telegram.
Is there any safe Telegram alternative?
If you’re a user who takes privacy and security seriously, then Telegram might not be a perfect choice. Using a VPN and customizing your privacy and security can help you attain this. However, apps like Signal have proven to be private and safe to a greater level.
FAQs
Telegram collects metadata such as IP address, username, the device used, and the contact list. Despite the controversy over the latter, it has proven to be safe.
Software like Eyezy can easily track a chat in the standard version of the app. However, in the Secret mode, it’s impossible to do this as it leaves no traces in their servers.
Although the company launched a premium version last year, all the functionalities of the regular version are still free and available. The premium version offers additional benefits such as faster downloads, 4GB uploads, premium stickers, etc.