Why Telegram Isn’t as Secure as You Think It Is

In 2021, WhatsApp announced that it was sharing information with Facebook. It wasn't the first time that the company has made such an announcement, but many of its users reacted to the news by looking for a new mode of communication.

One of the most popular destinations for those who decided to leave WhatsApp was Telegram. And it was believed by many of those users that if you wanted more security, Telegram was the app to install.

​​But for all the perks of being a Telegram user, it might not be as secure as people think. Here's why.

What Is Telegram?

Telegram is an easy-to-use messenger app offering several similar features to WhatsApp.

The platform was founded in 2013 by Pavel Durov, who also created the Russian social network VKontakte, and Nikolai Durov. As of 2021, Telegram has 500 million active users.

Why Is Telegram Considered Secure?

Telegram has a reputation for being secure because it has several features that suggest this. For example, it offers end-to-end encryption and allows you to send self-destructing messages.

The platform also has a history of being used by people who require private messaging. In 2019, for example, protestors in Hong Kong used the service.

Telegram is also regularly marketed as a more secure alternative to WhatsApp, making it a natural first choice for many users looking for more security.

Why Telegram Isn't as Secure as You Think It Is

Telegram has many useful security features, but there is room for improvement. Here are five reasons why.

Telegram's End-to-End Encryption Is Off by Default

By default, all Telegram messages are encrypted. But this only occurs while in transit from your device to Telegram servers. Once they arrive on Telegram servers, the data is decrypted, and the messages can therefore be accessed.

End-to-end encryption is important because it prevents the server owner from accessing your data and sharing it with government agencies. It also prevents hackers from accessing your information.

Telegram does provide end-to-end encryption for private messages, but only if you specifically select the Secret Chat option. ​​​​This option also needs to be selected individually for each of your contacts.

Telegram does not provide end-to-end encryption for group chats.

Telegram’s Privacy Policy Has a Lot of Disclaimers

The privacy policy of Telegram includes a lot of disclaimers that you wouldn't expect to find in a privacy-focused app. For example, the company records your IP address, device information, and username changes—storing them for up to 12 months.

Telegram can also read your cloud chat messages to investigate spam and other forms of abuse. Moreover, they can provide your phone number and IP address to authorities—if legally requested to do so.

Telegram Uses a Proprietary Encryption Protocol

Telegram uses a unique encryption protocol known as MTProto.

MTProto was developed by Telegram—and they are the only company that uses it. This means that it hasn't been tested as much as other protocols that are used more widely.

If there's a vulnerability in something that all apps use, we're likely to know about it. But if there's a vulnerability in MTProto, it would be a lot easier for it to go unnoticed.

Secondly, some security experts have pointed out potential problems with how MTProto is designed. The most recent example of this occurred in July 2021, when computer scientists from ETH Zürich in Switzerland and Royal Holloway, University of London in the UK reported various security weaknesses.

Researchers from Aarhus University in Denmark also found vulnerabilities in 2015.

Granted, the vulnerabilities discussed were not particularly serious. And to Telegram's credit, they responded to the claims and took action to fix them almost immediately.

You're Supposed to Use Your Phone Number

If you want to use Telegram, you need to provide a phone number. Given the fact that most people's phone numbers are tied to their identity, this makes it impossible to sign up to Telegram anonymously (without using a burner).

This is something that all popular messenger apps are guilty of, and there's nothing nefarious about this policy.Phone numbers are collected to make it more difficult for people to create hundreds of accounts for the purposes of spam. But it is something that you should be aware of if you want an app for anonymous communication.

Alternatives to Telegram

If you're looking for a private messaging app alternative to Telegram, you've got plenty of choices. Below are three popular solutions.

Signal

Signal offers end-to-end encryption by default, has a complex privacy policy, and uses an encryption protocol that experts respect.

It also has a few added privacy features. You can send messages anonymously where even the Signal server doesn't know who the sender is. Moreover, you have the option to blur faces in any photos that you upload.

The app also prides itself on not having trackers, and advertisers cannot run their campaigns on the platform.

WhatsApp

Okay, so WhatsApp has its own potential security issues. It has admitted to sharing information with Facebook, which owns the company. On top of that, it's also largely closed source.

One big advantage over Telegram, however, is that all WhatsApp messages have end-to-end encryption enabled by default. This means that regardless of whether or not you trust Facebook, WhatsApp cannot read your messages. WhatsApp also uses the same encryption protocol as Signal.

Wickr

Wickr is an interesting alternative to Telegram because it allows you to create an account without providing any personal information—so you don't need to provide a phone number. Instead, each account belongs to whoever knows the password.

It doesn't log IP addresses or device IDs. And whenever you upload an attachment, it automatically removes any metadata. This makes it ideal for anonymous communication.

While Wickr can be used solely as a messaging app, it's also a collaboration tool. This means quite a bit of added functionality, such as the ability to share screens and your location in real-time.

Does Telegram Have a Security Problem?

While Telegram isn't inherently insecure, it's worth looking deeper at why the platform might not be as secure as you think. You can find many of its security features on other messenger apps, and the fact that end-to-end encryption isn't on by default needs to be on your mind when considering this service.

When using Telegram, you probably won't run into many issues. However, if you're picking the app based purely on security, you might want to consider comparing it to other services before making a commitment.

Author: Elliot Nesbo

Source: Elliot Nesbo.” Why Telegram Isn’t as Secure as You Think It Is”. Retrieved From https://www.makeuseof.com/telegram-security/

All Rights Of This Article Reserved To MakeUseOf

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: