Why Telegram is not as secure as you think
In 2021, WhatsApp announced that it was sharing information with Facebook. This wasn't the first time the company had made such an announcement, but many of its users reacted to the news by looking for a new way of communication.
One of the most popular destinations for those who decided to leave WhatsApp was Telegram. And many of those users thought that if you wanted more security, Telegram was the app to install.
But for all the perks of being a Telegram user, it may not be as secure as people think. Here's why.
What is Telegram?
Telegram is an easy-to-use messaging app that offers many features similar to WhatsApp.
The platform was founded in 2013 by Pavel Durov, who also created the Russian social network VKontakte and Nikolai Durov. As of 2021, Telegram has 500 million active users.
Why is Telegram secure?
It provides end-to-end encryption and allows you to send self-destructing messages.
The platform also has a history of being used by people who need private messages. In 2019, for example, protesters in Hong Kong used the service.
Telegram is also regularly marketed as a more secure alternative to WhatsApp, which makes it the natural first choice for many users looking for more security.
Why Telegram is not as secure as you think
Telegram has many useful security features, but there is room for improvement. Here are five reasons why.
End-to-end encryption in Telegram is disabled by default
By default, all Telegram messages are encrypted. But this only happens during the transfer from your device to the Telegram servers. Once they reach Telegram's servers, the data is decrypted, so the messages can be accessed.
End-to-end encryption is important because it prevents the server owner from accessing your data and sharing it with government agencies. It also prevents hackers from accessing your information.
Telegram provides end-to-end encryption for private messages, but only if you specifically select the Secret Chat option. This option must also be selected individually for each of your contacts.
Telegram does not provide end-to-end encryption for group chats.
Telegram's privacy policy includes a lot of disclaimers
Telegram's privacy policy includes a lot of disclaimers that you wouldn't expect to find in a privacy-focused app. For example, the company records your IP address, device information, and username changes — and stores them for up to 12 months.
Telegram can also read your cloud chat messages to investigate spam and other forms of abuse. Furthermore, they can provide your phone number and IP address to the authorities - if they are legally required to do so.
Telegram uses a proprietary encryption protocol
Telegram uses a unique encryption protocol known as MTProto.
MTProto is developed by Telegram - the only company that uses it. This means that it has not been tested as much as other more widely used protocols.
If there's a vulnerability in something all apps use, we'll probably know about it. But if there is a vulnerability in MTProto, it will be much easier for it to go unnoticed.
Second, some security experts have pointed out potential issues with how MTProto was designed. The most recent example of this occurred in July 2021, when computer scientists from ETH Zürich in Switzerland and Royal Holloway, University of London in the United Kingdom, reported various security vulnerabilities.
Researchers from Aarhus University in Denmark also discovered vulnerabilities in 2015.
Admittedly, the vulnerabilities discussed were not particularly serious. Thanks to Telegram, they responded to the claims and took action to fix it almost immediately.
You are supposed to use your phone number
If you want to use Telegram, you need to provide a phone number. Due to the fact that most people's phone numbers are linked to their identity, this makes it impossible to register in Telegram anonymously (without using a transcriber).
This is something all popular messaging apps are guilty of, and there is nothing outrageous about this policy, as phone numbers are collected to make it more difficult for people to create hundreds of accounts for spam purposes. But this is something you need to be aware of if you want an anonymous communication app.
