Some people say it’s really privacy-giving and that you should use it as a privacy alternative. Others say it’s alao on the big tech side. What’s going on with telegram, really?
You must log in or register to comment.
last time i tried making a acc to see what its like there they wanted me to buy premium
Some people obviously do not know what they are talking about. Telegram stores clear text chat messages on their servers. That’s not even near privacy
stores clear text chat messages on their servers.
Does it really?
By default, yes. It is possible to create a so-called secret chat, which is standard for signal and similar, but that’s something you have to manually do. Furthermore, it’s not even possible to make secret chats for groups. When it was initially released, I was cautiously optimistic that it could turn into a good, secure application, but knowing it’s been this long and it hasn’t, I wouldn’t consider that likely.
It absolutely doesn’t mean they store chats in plain text. There is no reason for it at all, it’s extra work and extra stupidity. It’s encrypted when the client sends it, no reason not to store it that way.
I’m not entirely sure what you’re trying to say here. To clarify, telegram uses a store-forward architecture, meaning that it deletes messages from the server once they have been received by everyone. Until that time, the messages are stored on the server in plaintext, unless you’re using a secret chat. They do this to avoid having to exchange keys between different clients, but what that really means is that it isn’t actually private most of the time.
A lot of debate has been had about whether the CEO is trustworthy, but I guess if they’re not doing end to end encryption then there’s no point.
There’s no debate. The CEO is a compulsive liar who misleads people about how encryption works. Every one who knows how encryption works and have looked at Telegram will tell you Telegram is not encrypted
Every text you send through Telegram is stored in plaintext. Telegram and authorities can access that without your knowledge. Also it will get leaked in a breach someday.
Now you decide for yourself if it’s private.
False. If you want to tell how things works, get your facts right!
All data sent to Telegram’s servers will be encrypted once they reach the servers. With other words, the messages and media and other files, will be sent in “plain text” over HTTPS only when using Cloud Chat. In Secret Chat, MTProto is (based on how E2EE works) as safe as what Signal Protocol is.
But nothing will be stored in plain text, no matter what you use (Cloud Chat or Secret Chat).
But(!) since the source code for MTProto is closed, we don’t know how it really works, and if we can trust their FAQ or not.
I trusted Telegram at first, but I don’t trust it 100% anymore (still better than SMS). Am using my own Snikket server these days. Much safer with a lot of 😌😊😍😃 moments, even today, maybe a year later. Especially with OMEMO (Signal Protocol).
All data sent to Telegram’s servers will be encrypted once they reach the servers
Except for “secret chat” (which are only 1-on-1 chats, have flaky client support, and require both participants to be online at the same time to initiate; in other words, they are near useless) - this is just simple at-rest storage encryption. They possess the keys to decrypt your messages (again, except for secret chats), because that is necessarily what happens when they serve those messages to recepients.
I am not defending Telegram in any way by saying this, but how can you be so certain that content supposely encrypted with MTProto when using Cloud Chat is only stored in plaintext on encrypted disks? Where is the proof of this?
No one can’t prove that Telegram use MTProto to encrypt content sent using Cloud Chat, stores them encrypted, and them decrypt them upon opening because the source code for MTProto is closed. So how can you prove that what you’re saying is the way they use?
Don’t get me wrong in any of this discussion. I don’t trust Telegram anymore. I don’t trust any closed sourced softwares anymore! But one can’t say “it is like this, not like that” without any proof.
Telegram can serve you your old “Cloud” messages, in a decrypted form, on a new device, without any communication with the old device.
This means that they possess the keys to decrypt the messages, since they can send them to you in a decrypted form.
Those messages can’t even be encrypted with your cloud password (which would be a pretty weak encryption anyways), because you can reset the cloud password via your recovery email, and still retain access to your messages.
Contrast this with encrypted chats on Matrix, where you have to go through the device verification procedure, which prompts the old device to send decryption keys to the new device (it’s actually more complicated but this gets the point across). If you lose access to all your devices (and your recovery key), your encrypted messages are gone, the server admin can’t restore them because they simply don’t have the key.
No one can’t prove that Telegram use MTProto to encrypt content sent using Cloud Chat, stores them encrypted, and them decrypt them upon opening because the source code for MTProto is closed. So how can you prove that what you’re saying is the way they use?
This is a distinction without a difference.
My claim is:
They possess the keys to decrypt your messages
Whether this is implemented via MTProto encryption or disk encryption or whatever, it doesn’t matter, they can read your messages if they want to.
Telegram is actually pretty transparent that Cloud chats are not e2e encrypted in their FAQ. They also go on to babble about “MTProto client-server encryption” but if you spend 2 minutes looking at it, you can see it’s just 256-bit AES with a shared key generated via Diffie-Hellman, not too dissimilar from plain HTTPS. In that sense it’s about as secure as e-mail over encrypted IMAP/SMTP, or IRC over TLS, or DMs here on lemmy.
They also claim that their at-rest encryption keys are separate from the data they encrypt, and claim that somehow this “requires court orders from multiple jurisdictions” to force them to give over your data, which is just ridiculous from a legal standpoint and won’t stand up in court. And actually, it’s way more likely that they will just cave in and give up your message history without a lawsuit at all, just look at what happened to Durov in France.
All data sent to Telegram’s servers will be encrypted once they reach the servers.
and who generated the key?
After doing a quick scan of their FAQ, there’s nothing about who generated the key. So my wild guess is the client. I bet their source code can answer that question, but I have no clue.
That was a rhetorical qustion. It’s their servers which generates the key. So Telegram has both the lock and the key and claim they are “heavily encrypted”.
Woah, thanks.
What should I use, then? Because, from what I seen, Signal is US hosted, and this isn’t very good to privacy.
Signal or SimpleX.
Thanks.
Signal is well designed enough that Jurisdiction doesn’t matter much. The only things you’ll find that can br arguably better than signal are fully decentralized apps that go over TOR like Briar or Simplex but these have a lot less usage because they’re so slow and terrible for your battery.
So, no Whatsapp alternative? Sorry, I’m kinda slow.
If you don’t understand the cryptography enough that you have to ask about telegram, just use Signal. It’s the best designed app for the security of most people, it doesn’t have any privacy/security footgun, and has a pretty good threat model while not cutting corners on usability.
Oh, thanks.
https://www.messenger-matrix.de/messenger-matrix-en.html
Take a look at the comparison and judge for yourself.
I wouldn’t call it “big tech”. The biggest problem is that none of the chats are encrypted by default. And even if you do use “secret chats”, the encryption there doesn’t seem to be up to PAR with modern standards.
The creator previously refused to comply with warrants but since he was jailed in France, that’s pretty much over.
A good messenger is unable to comply, by design, because it simply does not store the data that these govts are after.
Telegram talks a pretty big privacy game, but consider that the feature that actually enables end-to-end encryption, called “Secret Chats” in the app, is OFF by default. Couple that with everything else said in this thread and you start to see a picture forming. And it’s not pretty.
Use Forkgram off of F-Droid. Its an open source app with extra features. You have to have the regular app to verify the login on forkgram. Then just uninstall the regular app. I only use it for news channels and mod’d app channels. I don’t use it for communications. Its not good for that.
It probably has worse privacy than e-mail or IRC, because it has the same level of encryption (transport encryption only, i.e. Telegram LLC can read your messages), but it also requires a phone number to use, linking your account to your real identity. In short, do not use it for communications if you desire them to be private.
deleted by creator
Signal is at least e2e encrypted, so they can’t read your messages. But also, I do complain and refuse to use it for important stuff. Matrix/XMPP are much better.
For messaging purpose WhatsApp (if not Signal) is better than Telegram as Telegram chats are not encrypted by default.
Wrong, we do not control WhatsApp. It fails to include a libre software license text file. Nothing secures our messages from WhatsApp.
Neither do we control Telegram. Both TG and WP are notorious. Even after Telegram client’s being open-sourced, no one stopped them from sharing user data to Indian Govt. I am not defending WP, but it at least has a mention that chats are by default E2E encrypted. That’s why I mentioned “if not Signal”.
At least Telegram might try to resist. Meta corporation offers your data to highest bidder preemptively
Wrong, ‘open source’ misses the point of libre software.
Ok, does that prove Telegram more privacy-oriented than WP? That is my point.
All I know is that every scammer under the sun uses it these days
Just another application owned by multi miliionaire
Like being poor makes it okay.
It relies on a service we do not control.
deleted by creator
It was much better in the past in years 2017 ,now don’t use it.they put many limitations to custom clients and still not published source code of server as it was promised
It depends. By default, it uses a weaker encryption than WhatsApp. You can turn on e2e encryption, but not in group chats.
On the other hand, it has multiple FOSS clients, will work on pretty much any platform, and has a great UI.
If you want a fairly secure chat app that your grandparents can use, then Telegram is perfect. If you’re sending highly confidential stuff, then no.
It’s also suitable for project groups, because of the better tools (and moderation bots) available to the mods.
Its main “security” feature is that they are uncooperative towards most governments. If a government makes a legally binding request to signal, they recieve IP, Account creation date and other unavoidable stuff and signal is transparent about that. If telegram gets that request, they probably ignore it, but maybe they don’t and there is no way to know as a user.
Also telegram is the platform of drug dealers, nazis and conspiracy theorists. So even if it had e2e by default, I would still prefer using another platform.
The alleged the connections to FSB give me pause. https://www.themoscowtimes.com/2025/06/10/investigation-uncovers-telegrams-potential-links-to-russias-fsb-a89400
