Privacy protection: how secure is Telegram Messenger?



Profile picture of Jan Hajek Hacker Noon

@JanhajekJan Hajek

Developing websites and blogs as a hobby. Once bought 250 domains and still don’t know what to do with them.

Telegram is a cloud-based, cross-platform instant messenger available for free. End-to-end secure video communication, VoIP, file sharing and various other features are also accessible. First released for iOS on August 14, 2013 and for Android on October 2013, Telegram Messenger is a basic instant messaging app that is fast, convenient, efficient, and can sync across all of the user’s devices. With over 500 million daily users, it is one of the ten most downloaded apps in the world. According to the developers of Telegram Messenger, it is a secure and easy to use application. Telegram features such as media, groups, and chat are encrypted with a combination of 256-bit symmetric AES encryption algorithm, 2048-bit RSA encryption, and secure Diffie-Hellman key exchange.

Is Telegram secure?

In exploring the security perspective of messaging, we focus on technologies that are secure by default. Although Telegram supports end-to-end encryption (E2E), it must be activated conversation by conversation using a secret chat. As a result, Telegram’s default conversations are much less secure.

Telegram explains the reason for this opt-in as “convenience”; regular messages in Telegram are encrypted in the cloud and can be synced through different devices, while the chat creator has to manually save the secret chat. Additionally, Telegram group chats are not encrypted; any participant can silently download video and audio files. In addition, in terms of security, open-source has many advantages, mainly transparency, which is the foundation of trust. Telegram is partly open source; client side programs are open source, but the server side is closed.

Data storage

With the exception of secret chats, Telegram chats are saved to the cloud by
fault. Telegram intends to provide data storage through distributed networks and highly encrypted cloud data. The security key is shared across all regions to prevent information leakage by a single nation or small community of allies asking for details or a key. There are also some problems with this technique.

Since the encryption keys are stored on the server, Telegram will technically decrypt the communications stored in the cloud. Second, in the event that Telegram’s infrastructure is compromised, an adversary can access the encryption keys to decode the conversations.

The importance of Telegram, especially in different states, makes it a
target for nation states. As a result, Telegram’s entire security model
cloud is based on trust in a centralized authority, which is a
security strategy.

Encryption method in Telegram

Crypto researchers criticized Telegram for using MTProto, a non-standard cryptographic protocol. Certainly, trust cannot be gained in an algorithm until the scheme has undergone years of extensive research, testing, and scrutiny, which MTProto has not achieved. Several security bugs in MTProto have been found, but the majority of them are theoretical. Despite criticism, the Electronic Frontier Foundation’s secure communications dashboard rated Telegram’s hidden chat as 7/7. Likewise, in a white paper titled “Automated Symbolic Verification of Telegram’s MTProto 2.0,” the researchers concluded that the protocol is sound and that MTProto 2.0 has no conceptual flaws, but they also addressed the likelihood of implementation bugs. implementation and threats of secondary channels.

Legal issue

Telegram encompasses public networks for broadcasting messages to a
large number of users. Telegram is used to interacting with the
Iranian and Russian governments. As, at the request of the government, Telegram shut down an Iranian opposition channel in 2017 for encouraging violence; In addition, Telegram has decided to ban several robots, including stickers in Iran.

Likewise, Telegram was banned in Russia in April 2020 due to failure to comply with the FSB’s requirement to issue encryption keys. The ban was lifted in June 2020 after Telegram agreed to conduct the investigation as required. Despite this, Telegram has said in its privacy policy that it is still required to report a single case of data disclosure at the request of the government.

Since Telegram collects and maintains a large amount of information for the distribution of its services, the data can be of considerable importance to a country and Telegram may be required to provide court order information.

Privacy protection

According to Telegram’s privacy policies, they collect information such as IP addresses, device information, history of username changes, which Telegram apps you have used and more in connection with their protocol for protection against spam and abuse. If these data are processed, they are kept for 12 months before being deleted. Twelve months is a huge amount of time for malicious third parties to gain access to user data.

Additionally, Telegram moderators are allowed to read regular chat messages marked for spam and bullying to decide whether the statement is accurate or not. While this is a fair practice, it still implies that someone will read what you have written anyway.

Additionally, the app can save compiled metadata to better personalize your experience. For example, it creates a personalized list of contacts by calculating a ranking based on who you send messages most often when you open the Find menu. In the digital world, none of these three ideas is new. However, when exchanging personal data on an app, users should be mindful of how the data is handled.

Telegram transfers the entire address book to the Telegram cloud to be
notified if anyone on the contact list signs up for the Telegram service. Telegram knows this way from the user’s social graph, including people who are not using their service. Telegram defines two possible additional data sources in section 8 of its privacy policy titled With whom your personal data may be shared, in addition to other users you wish to connect with through the app.

Telegram exchanges its user’s personal data with its parent company and a community member who funds its services. On the other hand, Telegram retains the freedom to reveal your IP address and phone number to the relevant authorities. This happens after the organization issues a legal order claiming that a client is guilty of terrorist activity. This has not yet happened, but it will be recorded in a transparency investigation if it does.

Although Telegram is encrypted on multiple layers, which adds a
encryption layer to user details, it is not a reliable messenger in terms of
confidentiality and protection. As the messenger collects a lot of metadata from users, it can be exploited by attackers. Malicious third parties can also
abuse the metadata of the users of the application. For all the people whose primary concern is the privacy and privacy of their data, Telegram Messenger is not secure for them.

Profile picture of Jan Hajek Hacker Noon
through Jan Hajek @Janhajek. Developing websites and blogs as a hobby. Once bought 250 domains and still don’t know what to do with them.My tech and SEO blog

Key words

Join Hacker Midi

Create your free account to unlock your personalized reading experience.



Leave A Reply