Key points:
Privacy Features and Data Handling
Telegram, while not as fortified in privacy features as its competitor Signal, presents a unique blend of functionalities that may attract a diverse user base. As a cloud-based messaging service, Telegram inherently requires data storage to operate effectively. Notably, the platform collects and retains certain metadata, including IP addresses, which has raised eyebrows among privacy advocates.
In a significant shift, Telegram updated its privacy policy in 2024, stating that it would share user data with law enforcement upon valid requests. Pavel Durov, the CEO of Telegram, emphasized this change in a September post, clarifying that the IP addresses and phone numbers of users who breach the platform’s rules could be disclosed to authorities. This policy adjustment led to Telegram responding to 900 information requests from U.S. authorities in 2024, affecting a total of 2,253 individuals, as detailed in the company’s in-app transparency report.
Data Breaches and Security Concerns
Despite its appeal, Telegram’s history is marred by data breaches that have compromised user information. A notable incident in 2020 saw the data of approximately 42 million Iranian users leaked online. Additionally, a vulnerability in 2019 was exploited by Chinese agencies, revealing the identities of protestors in Hong Kong. Such incidents underscore the importance of vigilance when considering the platform.
Messaging Features and Public Channels
For those still intrigued by Telegram, a defining feature is its capability to function as a messaging board for large groups, akin to Discord. The platform hosts public channels that disseminate a variety of content, from video game updates to sports news. For instance, the @entertainment channel serves as a hub for trailers and promotional materials for upcoming films and television shows.
However, it is crucial to note that these public channels lack end-to-end encryption. While Telegram assures that all content is encrypted during transit to its servers and while stored, the accessibility of public channels means that anyone on the platform can view the content without requiring an encryption key. Consequently, posts made by channel owners or administrators are essentially public records.
Secret Chats and Message Management
Telegram does offer a layer of security through its secret chats, which are protected by end-to-end encryption. Yet, this feature comes with its own limitations; secret chats are confined to the device of origin, meaning they can only be accessed via the user’s phone. Telegram asserts that this measure ensures safety as long as the device remains secure. However, it also implies that these chats cannot be utilized on desktop or browser versions of the app, leaving them vulnerable to interception by unintended recipients.
In terms of message management, Telegram provides an automatic message deletion feature, but the minimum interval for deletion is one day, contrasting with Signal’s more flexible options that allow for message deletion within minutes or even seconds. Additionally, Telegram includes a self-destruct feature that can erase accounts, messages, and contacts after a specified period of inactivity, ranging from one to 24 months.
Transparency and Trust
Telegram’s client applications are open-source, akin to Signal, which can enhance transparency and allow users to inspect the code for vulnerabilities. However, Durov noted in 2021 that the server-side code remains closed-source, stating, “You don’t even need the server-side code to check the integrity of Secret Chats.” The company’s privacy policy further mentions that its cloud servers are encrypted, with encryption keys stored across various data centers in different jurisdictions, thereby limiting access to sensitive information.
While it is not unusual for companies to maintain closed-source server code to safeguard intellectual property and security, users must place their trust in Telegram to protect their data. A third-party audit could serve to reinforce this trust by verifying that the data centers operate as intended, although audits only provide a snapshot of security at a given moment.
Subscription Model and User Experience
Telegram operates on a freemium model, offering a paid tier at per month or annually, which unlocks additional features such as unlimited cloud storage, animated emojis, and an ad-free experience in public channels. It is worth noting that advertisements do appear in public channels with over 1,000 subscribers.
With its selective encrypted messaging and the capacity for larger group chats, Telegram presents itself as a viable alternative to services like Discord, which only provides end-to-end encryption for audio and video calls. However, users should remain cautious, as some data is still collected when not utilizing secret chats.
For those interested, Telegram is readily available for download from both the Apple App Store and the Google Play Store at no cost.
