Today we're going to talk about Telegram. You can find lots of free messaging apps out there. However, finding a free messaging app that is also secure, and has enough users to make it worth using, is a lot harder.
This Telegram review is not going to cut any corners and we will review the good and the bad aspects of this service. While it may have some good privacy options, an investigation out of Germany concluded that Telegram shares data with governments.
While Telegram is totally free and growing like crazy, we'd recommend considering all your other options before signing up. In this new and updated Telegram review, we'll look at the privacy and security offered by the service to help you to decide if this is going to be a secure messaging app you should consider using.
Telegram pros & cons
+ Pros
- End-to-end (E2E) encryption
- Encryption algorithms: MTProto, a custom protocol
- Open source apps and Telegram Database Library
- Self-destructing messages
- Users can be logged in on multiple devices simultaneously
- Supports Two-Step Verification
- GDPR compliant
– Cons
- Registration requires a phone number
- E2E encryption only for Secret Chats
- Servers are not open source
- Logs IP Address and other user data (use a good VPN service)
- May be sharing data with government agencies
Now we'll briefly touch on the main features of Telegram messenger.
Telegram messenger features
Here are some key features to consider when deciding whether Telegram is right for you:
- Code for the open source parts is available on GitHub
- Telegram apps for Android, iOS, Windows Phone, Mac OS, Windows, Linux, popular browsers
- In excess of 500,000 active users
For this review, we downloaded and tested Telegram desktop and mobile apps.
Telegram company background information
Telegram Messenger was created by brothers Nikolai and Pavel Durov in 2013. With over 500 million active users, it is one of the most popular messaging apps in the world. The company is headquartered in London, with the development team based in Dubai. The company is funded through a donation by Pavel.
Where is your Telegram data stored?
Telegram has a hybrid system for storing your data. By default, all your message data is stored on your devices. However, you can remove data from this local cache, and store it on Telegram's servers. This allows you to balance your desire for privacy against the need for data storage space.
Those Telegram servers are located throughout the world as part of a distributed network.
Telegram third-party testing and audits
Telegram told us in an email that, “Multiple researchers and security experts have analyzed Telegram's encryption.” As an example, the provided a paper from two researchers in Italy who examined the MTProto 2.0, as you can see here.
Nonetheless, we were not able to find any formal security audit or analysis that was conducted by a cybersecurity firm. This is in contrast to some of the other popular secure messenger services.
As we noted in both the Wire review and the Signal review, these encrypted messaging apps have undergone formal third-party audits.
Telegram messenger hands-on testing
For purposes of this Telegram review, I used the Telegram mobile app for Android, along with the Windows Desktop app. Since Telegram focuses on the mobile experience and requires you to join the service using a mobile device before you can use a browser or Desktop app, we'll concentrate on the mobile side of things first.
Telegram Android app
Installing Telegram on an Android phone involves downloading the app and registering your phone number. This is similar to Signal messenger, which also requires a phone number to use the service. You can either download the app from the Google Play store, or download the Android APK directly from the Telegram website.
Once you finish installing and registering your account, you will be able to use the Telegram app to communicate with other Telegram users by text, voice, photos, video, group messaging, and channels (subscription broadcasts). File sharing is also supported.
Working with Telegram apps
Opening the Telegram app shows you a list of your Telegram contacts. If you've used any of the popular instant messaging apps, the interface should look familiar to you:
Tap a contact to see the full chat thread containing your conversation with that person, group, or channel. This is all pretty standard stuff; the kind of stuff you would expect to find on any of the best messaging apps. However, Telegram offers several other features that help explain why this is one of the most popular secure messaging apps.
Additional Telegram app features
Going beyond basic messages, Telegram has interesting and useful features like these:
- Groups – Supporting up to 200,000 members per group, Telegram group chats helped protesters get organized during the mega-protests of 2019. Apparently, both groups and channels were used by the protesters, resulting in a large DDOS (Distributed Denial of Service) attack against the service. Telegram stated that the IP addresses of the computers involved in the attack were mostly Chinese.
- Channels – Channels allow you to broadcast messages to an unlimited number of Telegram users. This feature was also apparently used during the Hong Kong protests. A recent addition to Channels is a way to view detailed statistics about channel viewership.
- Instant View – Instant View is a system to, “…view articles from around the Web in a consistent way, with zero loading time.” If you receive a link via Telegram, you can tap the Instant View button to instantly see a version of the page that has been optimized for viewing in Telegram. Because the page is cached in Telegram's servers, it downloads in a split second. Instant View isn't available in the desktop versions of Telegram.
- Bots – Bots are computer programs that run in Telegram. They have a wide range of capabilities, and anyone with a reasonable level of programming skills can write and publish their own.
- Live Locations – Share your location live in a chat for 15 minutes, one hour, or eight hours. If multiple users share their live location within a group, they are shown on an interactive map.
- Telegram Passport – Telegram Passport is an encrypted way to store your identity documents on Telegram servers. Once stored here, you can easily share them with services that require real-world IDs.
- Persistent Conference Calls – In their final update of 2020, Telegram revamped their voice chat system to allow for persistent conference calls that individuals can leave and rejoin at will. While they joke that the update was delivered in time for remote Christmas carols, this update could become a major selling point in the age of COVID lockdowns.
Now we will take a close look at using Telegram on your desktop.
Telegram Desktop clients
Installing Telegram Desktop on your desktop is just like installing any other app. It only takes a moment to download, and seconds to install. Once you do, Telegram opens and asks you to enter the telephone number you used to register your mobile app. Alternately, you can click the Quick log in using QR code link and follow those directions. Either way, you'll soon see the familiar Telegram user interface translated onto your desktop.
Telegram officially supports the following desktop platforms:
- Windows
- Mac OS
- Linux (64 bit and 32 bit)
Here is a screenshot of the Telegram desktop app I tested out on Mac OS.
One drawback with the Telegram desktop app is that you won't have access to all the same features and capabilities that you do on your phone. However, if nothing else, the Desktop app will be a lifesaver in those times when you need to send long text messages.
Aside from using the Telegram desktop app, there is also a Telegram web client here. (Be sure to use a secure browser that respects your privacy when using web clients.)
Support
Telegram's support site takes the form of a huge FAQ page. This page (seen below) links to an immense amount of helpful information about Telegram. While working on this Telegram review, I was able to find the answers to any questions that came up by searching the FAQ.
Of course, I can't guarantee that you will never need support from a live person. That shouldn't be a problem, as Telegram offers you several ways to get in touch with their support team. Instead of listing out all the options here, just go to the Support section of that huge Telegram FAQ page.
How secure and private is Telegram?
Telegram has taken a beating over the years due to doubts about its security model. The concerns target two main areas: E2E encryption, and MTProto security. Let's examine each of these areas.
E2E encryption
The concern about Telegram's E2E encryption is that it is not applied by default. Most chats (Cloud chats) on Telegram are securely encrypted while in transit between your devices and Telegram's servers. Once chat messages arrive at the Telegram servers, they are encrypted using MTProto while at rest on the servers. However, Telegram can read chat data since it handles the encryption/decryption of messages at the servers.
Other secure messaging services such as Signal, apply E2E encryption on all communications by default. The service cannot read those messages. Only the sender and the recipient can read E2E encrypted messages. In other words, any service that uses E2E encryption for all their messages will be more secure than Telegram.
Telegram does support E2E encryption for two types of communications: Secret Chats, and voice calls. Secret Chats are chats that are not stored on Telegram servers, and are only accessible to the devices involved in the chat. Secret Chats should be as secure as MTProto, but users need to remember to turn them on.
Voice calls are automatically E2E encrypted, likewise making them as secure as MTProto allows.
MTProto security
MTProto is the custom mobile protocol designed by the Telegram team. While I am not qualified to comment on the security of the protocol, it has been criticized by numerous cryptography experts. Check out this Wikipedia link to get a better sense of the flak this protocol has taken over the years.
Telegram logs IP address and metadata
On the privacy front, Telegram can collect a decent amount of personal information, which it can keep for up to 12 months. According to their Privacy Policy, they,
may collect metadata such as your IP address, devices and Telegram apps you've used, history of username changes, etc.
They may use aggregated metadata from you to help them create new features for the service.
Finally, the company has the ability to read any of your Cloud Chat messages to investigate spam and other violations of their Terms of Service. They may share some of your personal data with other Telegram users you choose to communicate with and companies within the Telegram Group. If forced by a court order, they may provide your IP address and mobile number to the appropriate authorities. (We also discovered this in our ProtonVPN review.)
It would be wise to use Secret Chats and voice calls whenever you wish to share private information on Telegram.
There is also a section of the Privacy Policy titled, “Law Enforcement Authorities” that reads as follows:
If Telegram receives a court order that confirms you're a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency.
This is important to keep in mind when using Telegram.
Does Telegram share data with governments?
We have an entire article dedicated to the question of whether Telegram shares data with governments. But to summarize the situation, here are a few key points:
- Telegram claims on its Privacy Policy page that a mandatory disclosure of user data “has never happened.”
- However, a report from Germany's Der Spiegel claims that Telegram is actively sharing user data with the German government. Additionally, Telegram is censoring content at the request of the German government (according to Der Spiegel).
- Telegrams Transparency Report channel does not include any information.
You can make of this situation what you will, but it does not look good for Telegram and privacy.
Using a VPN with Telegram
As noted above, Telegram will record your IP address and keep it for up to 12 months. This links your identity up with your Telegram activity, chats, etc. Therefore you should take this into consideration based on your threat model and unique needs.
To hide your IP address when using Telegram, you can use a VPN (virtual private network). A VPN with Telegram will hide your IP address and location, while also encrypting your internet traffic. Some of our top-recommended VPNs include NordVPN, which is based in Panama, as well as Surfshark and ExpressVPN.
Note: A VPN is not a silver bullet that hides all your metadata. However, it will securely encrypt traffic between your device and a VPN server, while also concealing your true location and IP address. See these best VPN services for more options and info.
Using Telegram without your real phone number
While we're on the topic of privacy, it's also important to note that Telegram requires a phone number to create an account. This is a verification step to prevent bots and spammers from mass-registering.
Verification happens via a text message or phone call, and then you enter the verification code to begin using the service. But here's the important privacy tip: you don't have to use your phone number.
There are many anonymous SMS services you can find online that allow you to receive text messages to digital numbers. There are both free and paid SMS services available that you can find with a little bit of research (enter a search term like disposable SMS into your browser). You may have to try with a few different services and numbers before you can get a Telegram verification code to come through and work, but it will ensure your real phone number stays safe.
Registering with a disposable SMS number, and using a good VPN when you use Telegram will significantly increase your privacy.
Telegram business features
Like its main competitor for WhatsApp escapees, Signal, Telegram Messenger is only available as a single, free version. There are no pricing tiers, no extra-cost features, and no business-specific features.
Telegram prices = free
As mentioned above, Telegram is 100% free of charge. The company has stated that if they run low on money, they might add some non-essential premium features, but as of now, there is only the one, free version.
Telegram review conclusion
Telegram is one of the most popular messaging apps in the world with over 500 million active users. At the moment, it appears to be the primary destination for people who want an alternative to WhatsApp. Add in the fact that it is free, fast, and has tons of useful and fun features beyond basic messaging, and it's easy to see why Telegram is so popular.
But popularity does not necessarily mean it is secure or a good option for privacy-conscious users. As I showed above, there are many experts in the cryptography community that have raised doubts about Telegram's security. At the same time, the fact that end-to-end encryption is only available for Secret Chats and voice calls worries many of us.
Nonetheless, we have still given Telegram a mention in our roundup of the best secure messaging apps.
Is Telegram right for you?
The answer to this question all comes down to your threat model and unique needs. If your biggest concerns are getting away from WhatsApp while having access to the largest number of users, Telegram could be a good choice.
But if privacy and security are at the top of your list, there are other secure messaging services to consider that we have reviewed:
This Telegram review was last updated on April 27, 2024.
Leave a Reply