Telegram is a cloud-based, cross-platform instant messenger available for free. End-to-end secure video communication, VoIP, file sharing and various other features are also accessible. First released for iOS on August 14, 2013 and for Android on October 2013, Telegram Messenger is a basic instant messaging app that is fast, convenient, efficient, and can sync across all of the user’s devices. With over 500 million daily users, it is one of the ten most downloaded apps in the world. According to the developers of Telegram Messenger, it is a secure and easy to use application. Telegram features such as media, groups, and chat are encrypted with a combination of 256-bit symmetric AES encryption algorithm, 2048-bit RSA encryption, and secure Diffie-Hellman key exchange.
Is Telegram secure?
In exploring the security perspective of messaging, we focus on technologies that are secure by default. Although Telegram supports end-to-end encryption (E2E), it must be activated conversation by conversation using a secret chat. As a result, Telegram’s default conversations are much less secure.
Telegram explains the reason for this opt-in as “convenience”; regular messages in Telegram are encrypted in the cloud and can be synced through different devices, while the chat creator has to manually save the secret chat. Additionally, Telegram group chats are not encrypted; any participant can silently download video and audio files. In addition, in terms of security, open-source has many advantages, mainly transparency, which is the foundation of trust. Telegram is partly open source; client side programs are open source, but the server side is closed.
With the exception of secret chats, Telegram chats are saved to the cloud by
fault. Telegram intends to provide data storage through distributed networks and highly encrypted cloud data. The security key is shared across all regions to prevent information leakage by a single nation or small community of allies asking for details or a key. There are also some problems with this technique.
Since the encryption keys are stored on the server, Telegram will technically decrypt the communications stored in the cloud. Second, in the event that Telegram’s infrastructure is compromised, an adversary can access the encryption keys to decode the conversations.
The importance of Telegram, especially in different states, makes it a
target for nation states. As a result, Telegram’s entire security model
cloud is based on trust in a centralized authority, which is a
Encryption method in Telegram
Crypto researchers criticized Telegram for using MTProto, a non-standard cryptographic protocol. Certainly, trust cannot be gained in an algorithm until the scheme has undergone years of extensive research, testing, and scrutiny, which MTProto has not achieved. Several security bugs in MTProto have been found, but the majority of them are theoretical. Despite criticism, the Electronic Frontier Foundation’s secure communications dashboard rated Telegram’s hidden chat as 7/7. Likewise, in a white paper titled “Automated Symbolic Verification of Telegram’s MTProto 2.0,” the researchers concluded that the protocol is sound and that MTProto 2.0 has no conceptual flaws, but they also addressed the likelihood of implementation bugs. implementation and threats of secondary channels.
Telegram encompasses public networks for broadcasting messages to a
large number of users. Telegram is used to interacting with the
Iranian and Russian governments. As, at the request of the government, Telegram shut down an Iranian opposition channel in 2017 for encouraging violence; In addition, Telegram has decided to ban several robots, including stickers in Iran.
Since Telegram collects and maintains a large amount of information for the distribution of its services, the data can be of considerable importance to a country and Telegram may be required to provide court order information.
According to Telegram’s privacy policies, they collect information such as IP addresses, device information, history of username changes, which Telegram apps you have used and more in connection with their protocol for protection against spam and abuse. If these data are processed, they are kept for 12 months before being deleted. Twelve months is a huge amount of time for malicious third parties to gain access to user data.
Additionally, Telegram moderators are allowed to read regular chat messages marked for spam and bullying to decide whether the statement is accurate or not. While this is a fair practice, it still implies that someone will read what you have written anyway.
Additionally, the app can save compiled metadata to better personalize your experience. For example, it creates a personalized list of contacts by calculating a ranking based on who you send messages most often when you open the Find menu. In the digital world, none of these three ideas is new. However, when exchanging personal data on an app, users should be mindful of how the data is handled.
Telegram transfers the entire address book to the Telegram cloud to be
Telegram exchanges its user’s personal data with its parent company and a community member who funds its services. On the other hand, Telegram retains the freedom to reveal your IP address and phone number to the relevant authorities. This happens after the organization issues a legal order claiming that a client is guilty of terrorist activity. This has not yet happened, but it will be recorded in a transparency investigation if it does.
Although Telegram is encrypted on multiple layers, which adds a
encryption layer to user details, it is not a reliable messenger in terms of
confidentiality and protection. As the messenger collects a lot of metadata from users, it can be exploited by attackers. Malicious third parties can also
abuse the metadata of the users of the application. For all the people whose primary concern is the privacy and privacy of their data, Telegram Messenger is not secure for them.
Create your free account to unlock your personalized reading experience.