Telegram is a cross-platform, cloud-based instant messenger that is available for free. End-to-end secure video communication, VoIP, file sharing, and various other functionality are also accessible. First released for iOS on August 14, 2013, and for Android in October 2013, is a basic instant messaging app that is quick, convenient, efficient, and can sync across all user's devices. With over 500 million daily users, it is one of the top ten most downloaded applications in the world. According to the developers of telegram messenger, it is a secure and easy-to-use application. Telegram features such as media, groups, and chat are encrypted with a combination of 256-bit symmetric AES encryption algorithm, 2048-bit RSA encryption, and secure Diffie–Hellman key exchange. Telegram messenger Is Telegram Secure? Exploring the security perspective of messengers, we focus on technologies that are secure by default. Although Telegram supports , it must be by using a secret chat. As a result, Telegram's default conversations are much less secure. end-to-end encryption (E2E) enabled on a conversation-by-conversation basis Telegram explains the reason for this opt-in as "convenience"; regular messages in Telegram are encrypted in the cloud and can be synced through different devices, while the chat creator must manually back up secret chat. Moreover, Telegram group chats are not encrypted; any participant and audio files. Furthermore, in terms of security, open-source has many benefits, mainly transparency, which is the foundation of confidence. Telegram is partly open-source; the client-side programs are open source, but the server-side is closed source. can silently download video Data Storage Except for secret chats, Telegram chats are saved on the cloud by default. Telegram intends to provide data storage through distributed networks and highly encrypted cloud data. The security key is shared throughout regions to avoid information leakage by a single nation or small community of allies requesting details or a key. There are also a few issues with this technique. Because the are stored on the server, Telegram will technically decrypt communications stored on the cloud. Second, in the event that Telegram's infrastructure is compromised, an adversary may access encryption keys to decode conversations. encryption keys Telegram's prominence, especially in different states, makes it an attractive target for nation-states. As a result, the whole security model of Telegram cloud is based on trusting a centralized authority, which is a vulnerable strategy from a security perspective. Encryption Method in Telegram Cryptography researchers have criticized Telegram for using , a non-standard cryptographic protocol. Certainly, confidence cannot be gained for an algorithm until the scheme has undergone years of in-depth research, thorough testing, and extensive review, which MTProto has not achieved. Several security bugs in MTProto have been found, but the majority of them are theoretical. Despite the criticism, the Electronic Frontier Foundation's safe communications scorecard has scored  Telegram's hidden chat as 7/7. Likewise, in a whitepaper titled "Automated Symbolic Verification of Telegram's MTProto 2.0," researchers concluded that the protocol is sound and MTProto 2.0 does not present any conceptual fault, but they also addressed the probability of implementation bugs and side-channel threats. MTProto Legal Issues Telegram encompasses public networks for broadcasting messages to a large number of users. Telegram has a background of interacting with the Iranian and Russian governments. As, at the behest of the government, Telegram shut down an Iranian opposition channel in 2017 for encouraging violence; additionally, Telegram decided to ban several bots, including stickers in Iran. Similarly, Telegram was banned in Russia in April 2020 due to noncompliance with the FSB's requirement to issue encryption keys. The ban was lifted in June 2020 after Telegram agreed to engage in the investigation as required. Despite this, Telegram has stated in its that it still has to report a single instance of data disclosure at the government's behest. privacy policy Since Telegram collects and preserves a great deal of information for its service distribution, the data may be of considerable importance to a country, and Telegram may be obliged to provide information under court order. Privacy Protection According to Telegram's privacy policies, they gather information such as IP addresses, device information, history of username changes, Telegram applications you've used, and more as part of their spam and misuse protection protocol. If this data is processed, it is kept for 12 months before being discarded. Twelve months is a huge time for malicious third parties to access user's data. Besides, Telegram moderators are allowed to read regular chat messages tagged for spam and bullying to decide whether or not the statement is accurate. Although this is a fair practice, it still implies that someone will read what you've written on anyway. Furthermore, the app can save compiled metadata in order to better customize your experience. For instance, it creates a customized list of contacts by calculating a ranking based on whom you message the most often when you open the Search menu. In the digital world, none of these three ideas are novel. However, when exchanging personal data on an app, users should be mindful of how the data is treated. Telegram transfers the whole address book to the Telegram cloud to be notified if someone on the contact list signs up for Telegram service. Telegram knows from user's social graph in this manner, including people who do not utilize their service. Telegram defines two additional possible data sources in section 8 of its Privacy Policy titled Whom Your Personal Data May Be Shared With, in addition to the other users you want to connect with through the app. Telegram exchanges its user's personal details with its parent company and a community member who provides funding for its services. On the other hand, Telegram retains the freedom to reveal your IP address and phone number to the appropriate authorities. That occurs after the organization issues a legal order claiming that a customer is guilty of terrorist activity. That has not happened yet, but it'll be recorded in a transparency survey if it happens. Although Telegram is encrypted on several layers, which adds an extra layer of encryption to user details, it is not a reliable messenger in terms of privacy and protection. As the messenger collects a lot of metadata from the users, it can be exploited by attackers. Malicious third parties may also misuse the metadata of app users. For all those people whose main concern is the privacy and confidentiality of their data, Telegram messenger is not secure for them.

Funding

Target

Privacy Protection: How Secure is Telegram Messenger?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Steam Deck Overheating: What You Need to Know

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

Steam Deck Overheating: What You Need to Know

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps