Telegram

Telegram

Review date: Sept. 8, 2021

|
|

Mozilla says

|
People voted: Somewhat creepy

Telegram became one of the most downloaded apps in the world in 2021 and now has over 500 million active users. We skipped reviewing Telegram when the pandemic hit in 2020 because it didn't offer group video calls at the time. Telegram added the group video call feature in August 2020, so here we are. With features like secret chats that can self-destruct, the ability to message up to 200,000 people in a group (what in the group chat hell!?), and channels with one-way messaging, Telegram became a favorite for people looking to jump ship from WhatsApp when they changed their privacy policy early in 2021. Unfortunately, Telegram has also has become a favorite for people sharing misinformation, hate speech, child porn, and stolen personal data. Boo! Telegram likes to bill itself as one of the most private and secure chat apps out there. We're not so sure.

What could happen if something goes wrong?

There is good news and bad news when it comes to Telegram. The good news: Video calls (and voice calls) are encrypted end-to-end which makes them private and secure from start to finish. Yay! The bad news: Text messages and files are not encrypted end-to-end by default. This means unless users chose to use Telegram’s “secret chat” feature which does use end-to-end encryption, this information could be vulnerable to eavesdroppers. For a messaging app that says it focuses on security, it might not be as quite as secure as users hope, unless extra steps are taken. Telegram also seems to have a third-party AI-bot problem. These AI-bots can do cool things like respond to messages and schedule reminders. They also can and have been abused and used for some pretty terrible things. Like last year when an AI-bot created abusive deepfake naked images of women and girls. Ick! And worse, researchers claim Telegram was initially not very responsive at taking this disgusting bot down. Double ick! More bad news: Telegram has had some pretty serious hacks and security flaws. In 2019, it was reported protesters in Hong Kong had their telephone numbers exposed and monitored by Chinese authorities. And there was a voicemail hack that reportedly exposed some Brazilian politicians' data. In 2020, Iranian hackers reportedly were able to get past Telegram’s security to spy on opponents. All in all, it seems a fair amount can and has gone wrong on Telegram. Couple that with instances of the spread of hate speech, violence, and abuse on the platform and we think there are better privacy and security focused apps out there like Signal and Threema.

mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

The company claims to not sell data, and to use data only for the purpose of providing the essential service and associated user experience.

How can you control your data?

According to Telegram, the personal data that you provide them will only be stored for as long as it is necessary to fulfill their obligations in respect of the provision of the Services. Deleting your account removes all messages, media, contacts and every other piece of data you store in the Telegram cloud. This action must be confirmed via your Telegram account. Any party can choose to delete any messages in one-on-one chats, both sent and received, for both sides and without time limit.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In April 2020, it was reported leaked personal data of 42 million users, mainly from Iran, were discovered on the darknet. The data included usernames and phone numbers, among others. In August 2019, Telegram was at the center of controversy for exposing phone numbers of Hong Kong campaigners. One week later Telegram agreed to solve the issue but only in the single region.

Can this product be used offline?

N/A

The app can be used offline to access already downloaded files and messages. To exchange data, internet connection is needed.

User-friendly privacy information?

No

Though privacy information can appear as if it is formulated in a user-friendly language, it lacks transparency on numerous crucial points, such as storage of metadata, data deletion and access rights, and encryption details, to name a few.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Calls and video calls are end-to-end encrypted by default. Messages and files on Telegram are not end-to-end encrypted by default, thus can be deciphered at the server by anyone with the keys (for example, by Telegram itself). Telegram Users can turn on end-to-end encrypted self-disappearing chats.

Strong password

N/A

An authorisation per SMS is used instead. For chats, a passcode can be added as an extra security layer.

Security updates

Yes

The service regularly provides updates.

Manages vulnerabilities

Yes

Telegram has a dedicated team that have fixed some of known security vulnerabilities in the app, often promptly.

Privacy policy

Yes

Does the product use AI? information

Yes

In October 2020, data protection regulators in Italy opened an investigation into the deepfake bot on Telegram that was believed to have created more than 100,000 abusive images of women, incl. underage women. Access to the bot has been restricted on Apple’s iOS. Reports from America, South Korea, and Israel have also detailed how Telegram has been used to share abusive images over the year 2020. Telegram has never publicly commented about the harm caused by the Telegram bot or its continued position to allow it to operate.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

No

Does the user have control over the AI features?

Can’t Determine


News

Iranian Hackers Found Way Into Encrypted Apps, Researchers Say
New York Times
Reports reveal that hackers have been secretly gathering intelligence on opponents of the Iranian regime, breaking into cellphones and computers and outsmarting apps like Telegram.
Telegram Bug ‘Exploited’ By Chinese Agencies, Hong Kong Activists Claim
Forbes
A dangerous new technical issue has arisen with group messaging which could be leaking phone numbers. Protesters claim this has already enabled government agencies to identify and target individuals.
Telegram rolls out fix for voicemail hack used against Brazilian politicians
ZDNet
Telegram reacts after hackers have hijacked more than 1,000 accounts in Brazil.
Telegram had some major security vulnerabilities
TechRadar
The bugs were found in a new animated sticker feature
Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women
Wired
A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored.
Signal Vs Telegram—3 Things You Need To Know Before You Quit WhatsApp
Forbes
As the self-inflicted WhatsApp backlash continues, millions have turned to Signal and Telegram instead. But how much do you know about these rival messengers? Given the headlines, you’d assume they’re both more secure than WhatsApp, right? Actually, wrong. So, if you’re considering a switch, here are three things you need to know.
Scheduled Messages, Reminders, Custom Cloud Themes and More Privacy
Telegram
We believe that all people have a right to express their opinions and communicate privately. To further protect these rights, we‘re expanding Telegram’s arsenal of Privacy Settings today.
WhatsApp, Signal & Co: Billions of Users Vulnerable to Privacy Attacks
University of Würzburg
Researchers from the Technical University of Darmstadt and the University of Würzburg show that popular mobile messengers expose personal data via discovery services that allow users to find contacts based on phone numbers from their address book.

Comments

Got a comment? Let us hear it.