There are numerous free messaging apps around, but one of the most popular is Telegram. Telegram earned that reputation mainly because of two features: group chat facilities and security. Its huge possibilities for groups and channels are unchallenged, but concerning security, there are some issues we have to explore.
Telegram is an open source app created by two Russian brothers, Nikolai and Pavel Durov. The app was banned from Russia, however, and the company now has offices in the United Kingdom, Germany, and Dubai. Concerning data storage, Telegram has a hybrid system where you can decide whether to store the data on your phone or one of the several servers worldwide. The first point of concern: Telegram has not subjected its app to an independent and experienced auditor. For that reason, it is wise to be suspicious.
You need a mobile phone number to register and use Telegram. Apart from that, the phone is not a necessary tool because Telegram also has desktop apps for Windows, Mac, and Linux. However, essential features like secret chats are not available on the desktop version. That can be confusing because you are not necessarily aware of some contacts not having read your secret chats because they do not use a mobile device.
How safe are these normal, secret chats? To start with normal chats, they are not encrypted at all. Even WhatsApp is safer in this regard. Sending normal messages in Telegram, therefore, is an absolute no-go. It is kind of confusing and problematic that encryption is not applied by default. Other secure messaging services – such as Signal – apply end-to-end (E2E) encryption on all communications (normal chats, group chats, and voicecalls) by default.
The group chat possibilities on Telegram are huge, with support for up to 200.000 members per group. These chats (cloud chats) are securely encrypted only in transit between devices. But the group chats are not safe. Telegram can read chat data since it handles the encryption and decryption of messages at the servers.
If you use the secret chat option, all messages are end-to-end encrypted using MTProto. Secret chats are not stored on the Telegram servers and can only be accessed through the sending and receiving devices. Secret chats also have auto self-destruct options and informs about the other end taking a screenshot, further increasing the security. Finally, voicecalls are automatically E2E encrypted and are considered to be secure.
If we take a closer look at the privacy policy and the encryption method – MTProto security – things start to get worse. The protocol has been criticized by several cryptography experts. Concerning Telegram’s privacy policy, Telegram can collect lots of personal information like IP address, devices, and history of usernames and keep it for up to twelve months. They will probably also use this to utilize aggregated metadata. Finally, the information in the cloud chats is not safe either, can be shared with linked companies, and could be provided to law enforcement institutions.
To be on the safe side, go for a more secure alternative like Signal. If you wish to continue using Telegram, be aware that your IP address will be saved. Therefore, install a VPN when making an account and to use the app. Furthermore, do not use your own phone number when creating an account, but use a paid or free SMS service (disposable SMS). Finally, only use secret chats and voicecalls. Keep these precautions in mind, and some Telegram features can be safe.
For individuals or groups who place high importance on privacy and security, there are far better alternatives, free or paid. Some examples are Signal, Threema, and Wire.
The post Is Telegram messenger secure? appeared first on Rana News.