Telegram

Telegram

Review date: 09/08/2021

Telegram became one of the most downloaded apps in the world in 2021 and now has over 500 million active users. We skipped reviewing Telegram when the pandemic hit in 2020 because it didn't offer group video calls at the time. Telegram added the group video call feature in August 2020, so here we are. With features like secret chats that can self-destruct, the ability to message up to 200,000 people in a group (what in the group chat hell!?), and channels with one-way messaging, Telegram became a favorite for people looking to jump ship from WhatsApp when they changed their privacy policy early in 2021. Unfortunately, Telegram has also has become a favorite for people sharing misinformation, hate speech, child porn, and stolen personal data. Boo! Telegram likes to bill itself as one of the most private and secure chat apps out there. We're not so sure.

What could happen if something goes wrong

There is good news and bad news when it comes to Telegram. The good news: Video calls (and voice calls) are encrypted end-to-end which makes them private and secure from start to finish. Yay! The bad news: Text messages and files are not encrypted end-to-end by default. This means unless users chose to use Telegram’s “secret chat” feature which does use end-to-end encryption, this information could be vulnerable to eavesdroppers. For a messaging app that says it focuses on security, it might not be as quite as secure as users hope, unless extra steps are taken. Telegram also seems to have a third-party AI-bot problem. These AI-bots can do cool things like respond to messages and schedule reminders. They also can and have been abused and used for some pretty terrible things. Like last year when an AI-bot created abusive deepfake naked images of women and girls. Ick! And worse, researchers claim Telegram was initially not very responsive at taking this disgusting bot down. Double ick! More bad news: Telegram has had some pretty serious hacks and security flaws. In 2019, it was reported protesters in Hong Kong had their telephone numbers exposed and monitored by Chinese authorities. And there was a voicemail hack that reportedly exposed some Brazilian politicians' data. In 2020, Iranian hackers reportedly were able to get past Telegram’s security to spy on opponents. All in all, it seems a fair amount can and has gone wrong on Telegram. Couple that with instances of the spread of hate speech, violence, and abuse on the platform and we think there are better privacy and security focused apps out there like Signal and Threema.

Privacy

Can it snoop on me?

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks Location

Device: N/A

App: Yes

What is required to sign up?

What data does it collect?

How does it use this data?

The company claims to not sell data, and to use data only for the purpose of providing the essential service and associated user experience.

What is the company’s known track record for protecting users’ data?

Needs Improvement

In April 2020, it was reported leaked personal data of 42 million users, mainly from Iran, were discovered on the darknet. The data included usernames and phone numbers, among others. In August 2019, Telegram was at the center of controversy for exposing phone numbers of Hong Kong campaigners. One week later Telegram agreed to solve the issue but only in the single region.

Can this product be used offline?

Not applicable

The app can be used offline to access already downloaded files and messages. To exchange data, internet connection is needed.

User friendly privacy information?

No

Though privacy information can appear as if it is formulated in a user-friendly language, it lacks transparency on numerous crucial points, such as storage of metadata, data deletion and access rights, and encryption details, to name a few.

Links to privacy information

Security

Does this product meet our Minimum Security Standards?

Yes

Encryption

Yes

Calls and video calls are end-to-end encrypted by default. Messages and files on Telegram are not end-to-end encrypted by default, thus can be deciphered at the server by anyone with the keys (for example, by Telegram itself). Telegram Users can turn on end-to-end encrypted self-disappearing chats.

Strong password

Not applicable

An authorisation per SMS is used instead. For chats, a passcode can be added as an extra security layer.

Security updates

Yes

The service regularly provides updates.

Manages vulnerabilities

Yes

Telegram has a dedicated team that have fixed some of known security vulnerabilities in the app, often promptly.

Privacy policy

Yes

Artificial Intelligence

Does the product use AI?

Yes

Does the AI use your personal data to make decisions about you?

Yes

Does the company allow users to see how the AI works?

No

In October 2020, data protection regulators in Italy opened an investigation into the deepfake bot on Telegram that was believed to have created more than 100,000 abusive images of women, incl. underage women. Access to the bot has been restricted on Apple’s iOS. Reports from America, South Korea, and Israel have also detailed how Telegram has been used to share abusive images over the year 2020. Telegram has never publicly commented about the harm caused by the Telegram bot or its continued position to allow it to operate.

Updates

Iranian Hackers Found Way Into Encrypted Apps, Researchers Say
New York Times
Reports reveal that hackers have been secretly gathering intelligence on opponents of the Iranian regime, breaking into cellphones and computers and outsmarting apps like Telegram.
Telegram Bug ‘Exploited’ By Chinese Agencies, Hong Kong Activists Claim
Forbes
A dangerous new technical issue has arisen with group messaging which could be leaking phone numbers. Protesters claim this has already enabled government agencies to identify and target individuals.
Telegram rolls out fix for voicemail hack used against Brazilian politicians
ZDNet
Telegram reacts after hackers have hijacked more than 1,000 accounts in Brazil.
Telegram had some major security vulnerabilities
TechRadar
The bugs were found in a new animated sticker feature
Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women
Wired
A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored.
Signal Vs Telegram—3 Things You Need To Know Before You Quit WhatsApp
Forbes
As the self-inflicted WhatsApp backlash continues, millions have turned to Signal and Telegram instead. But how much do you know about these rival messengers? Given the headlines, you’d assume they’re both more secure than WhatsApp, right? Actually, wrong. So, if you’re considering a switch, here are three things you need to know.
Scheduled Messages, Reminders, Custom Cloud Themes and More Privacy
Telegram
We believe that all people have a right to express their opinions and communicate privately. To further protect these rights, we‘re expanding Telegram’s arsenal of Privacy Settings today.
WhatsApp, Signal & Co: Billions of Users Vulnerable to Privacy Attacks
University of Würzburg
Researchers from the Technical University of Darmstadt and the University of Würzburg show that popular mobile messengers expose personal data via discovery services that allow users to find contacts based on phone numbers from their address book.

Comments

Related products