Some people say it’s really privacy-giving and that you should use it as a privacy alternative. Others say it’s alao on the big tech side. What’s going on with telegram, really?
You must log in or register to comment.
Every text you send through Telegram is stored in plaintext. Telegram and authorities can access that without your knowledge. Also it will get leaked in a breach someday.
Now you decide for yourself if it’s private.
Woah, thanks.
What should I use, then? Because, from what I seen, Signal is US hosted, and this isn’t very good to privacy.
Signal or SimpleX.
Signal is well designed enough that Jurisdiction doesn’t matter much. The only things you’ll find that can br arguably better than signal are fully decentralized apps that go over TOR like Briar or Simplex but these have a lot less usage because they’re so slow and terrible for your battery.
So, no Whatsapp alternative? Sorry, I’m kinda slow.
If you don’t understand the cryptography enough that you have to ask about telegram, just use Signal. It’s the best designed app for the security of most people, it doesn’t have any privacy/security footgun, and has a pretty good threat model while not cutting corners on usability.
False. If you want to tell how things works, get your facts right!
All data sent to Telegram’s servers will be encrypted once they reach the servers. With other words, the messages and media and other files, will be sent in “plain text” over HTTPS only when using Cloud Chat. In Secret Chat, MTProto is (based on how E2EE works) as safe as what Signal Protocol is.
But nothing will be stored in plain text, no matter what you use (Cloud Chat or Secret Chat).
But(!) since the source code for MTProto is closed, we don’t know how it really works, and if we can trust their FAQ or not.
I trusted Telegram at first, but I don’t trust it 100% anymore (still better than SMS). Am using my own Snikket server these days. Much safer with a lot of 😌😊😍😃 moments, even today, maybe a year later. Especially with OMEMO (Signal Protocol).
All data sent to Telegram’s servers will be encrypted once they reach the servers
Except for “secret chat” (which are only 1-on-1 chats, have flaky client support, and require both participants to be online at the same time to initiate; in other words, they are near useless) - this is just simple at-rest storage encryption. They possess the keys to decrypt your messages (again, except for secret chats), because that is necessarily what happens when they serve those messages to recepients.
I am not defending Telegram in any way by saying this, but how can you be so certain that content supposely encrypted with MTProto when using Cloud Chat is only stored in plaintext on encrypted disks? Where is the proof of this?
No one can’t prove that Telegram use MTProto to encrypt content sent using Cloud Chat, stores them encrypted, and them decrypt them upon opening because the source code for MTProto is closed. So how can you prove that what you’re saying is the way they use?
Don’t get me wrong in any of this discussion. I don’t trust Telegram anymore. I don’t trust any closed sourced softwares anymore! But one can’t say “it is like this, not like that” without any proof.
All data sent to Telegram’s servers will be encrypted once they reach the servers.
and who generated the key?
After doing a quick scan of their FAQ, there’s nothing about who generated the key. So my wild guess is the client. I bet their source code can answer that question, but I have no clue.
Telegram allegedly complied with a government to give them user data, and their e2e encryption was switched to be off by default. I know because when I started the chat with someone we raved about how it says ‘end to end encrypted’ before sending a message. Well, between then and when I decided to migrate off it, that private one-to-one chat’s encryption was switched off.
I say it’s okay, but only ensure that e2ee is on
Even with e2ee, I wouldn’t trust it since they use a closed-source, proprietary encryption protocol.
How far they have fallen… Which would you recommend, sans self-hosting a service? Signal?
Signal is easy to on board folks to. Not a huge fan of the phone number requirement, but it’s worth the trade off for me. I used Session for a while, but media sharing was buggy. I’ve heard good things about Simplex, but the inability to have a desktop client was deal breaker for me.
I wouldn’t call it “big tech”. The biggest problem is that none of the chats are encrypted by default. And even if you do use “secret chats”, the encryption there doesn’t seem to be up to PAR with modern standards.
The creator previously refused to comply with warrants but since he was jailed in France, that’s pretty much over.
A good messenger is unable to comply, by design, because it simply does not store the data that these govts are after.
It probably has worse privacy than e-mail or IRC, because it has the same level of encryption (transport encryption only, i.e. Telegram LLC can read your messages), but it also requires a phone number to use, linking your account to your real identity. In short, do not use it for communications if you desire them to be private.
Signal also requires a phone number and nobody complains.
Signal is at least e2e encrypted, so they can’t read your messages. But also, I do complain and refuse to use it for important stuff. Matrix/XMPP are much better.
Some people obviously do not know what they are talking about. Telegram stores clear text chat messages on their servers. That’s not even near privacy
A lot of debate has been had about whether the CEO is trustworthy, but I guess if they’re not doing end to end encryption then there’s no point.
There’s no debate. The CEO is a compulsive liar who misleads people about how encryption works. Every one who knows how encryption works and have looked at Telegram will tell you Telegram is not encrypted
stores clear text chat messages on their servers.
Does it really?
By default, yes. It is possible to create a so-called secret chat, which is standard for signal and similar, but that’s something you have to manually do. Furthermore, it’s not even possible to make secret chats for groups. When it was initially released, I was cautiously optimistic that it could turn into a good, secure application, but knowing it’s been this long and it hasn’t, I wouldn’t consider that likely.
It absolutely doesn’t mean they store chats in plain text. There is no reason for it at all, it’s extra work and extra stupidity. It’s encrypted when the client sends it, no reason not to store it that way.
I’m not entirely sure what you’re trying to say here. To clarify, telegram uses a store-forward architecture, meaning that it deletes messages from the server once they have been received by everyone. Until that time, the messages are stored on the server in plaintext, unless you’re using a secret chat. They do this to avoid having to exchange keys between different clients, but what that really means is that it isn’t actually private most of the time.
All I know is that every scammer under the sun uses it these days
https://www.messenger-matrix.de/messenger-matrix-en.html
Take a look at the comparison and judge for yourself.
The alleged the connections to FSB give me pause. https://www.themoscowtimes.com/2025/06/10/investigation-uncovers-telegrams-potential-links-to-russias-fsb-a89400
It depends. By default, it uses a weaker encryption than WhatsApp. You can turn on e2e encryption, but not in group chats.
On the other hand, it has multiple FOSS clients, will work on pretty much any platform, and has a great UI.
If you want a fairly secure chat app that your grandparents can use, then Telegram is perfect. If you’re sending highly confidential stuff, then no.
It’s also suitable for project groups, because of the better tools (and moderation bots) available to the mods.
It was much better in the past in years 2017 ,now don’t use it.they put many limitations to custom clients and still not published source code of server as it was promised
Libre Software app, we control it, good.
Relies on a service we do not control, BAD!
For messaging purpose WhatsApp (if not Signal) is better than Telegram as Telegram chats are not encrypted by default.
Wrong, we do not control WhatsApp. It fails to include a libre software license text file. Nothing secures our messages from WhatsApp.
Neither do we control Telegram. Both TG and WP are notorious. Even if Telegram client’s being open-sourced, no one stopped them from sharing user data to Indian Govt. I am not defending WP, but it at least has a mention that chats are by default E2E encrypted. That’s why I mentioned “if not Signal”.
At least Telegram might try to resist. Meta corporation offers your data to highest bidder preemptively
Wrong, ‘open source’ misses the point of libre software.
Ok, does that prove Telegram more privacy-oriented than WP? That is my point.
Telegram talks a pretty big privacy game, but consider that the feature that actually enables end-to-end encryption, called “Secret Chats” in the app, is OFF by default. Couple that with everything else said in this thread and you start to see a picture forming. And it’s not pretty.
Use Forkgram off of F-Droid. Its an open source app with extra features. You have to have the regular app to verify the login on forkgram. Then just uninstall the regular app. I only use it for news channels and mod’d app channels. I don’t use it for communications. Its not good for that.
its not private, but its FOSS, it has great mobile&desktop client
Telegram is not FOSS. The client is, but the server-side implementation is not, which is important if you consider the fact that encryption is turned off by default.
I don’t think that is disqualifying, because you can’t control what is running on someone’s else machine anyway. It’s centralization that is the problem.
If it was impossible for the other side to read the content of the messages, I’d agree. Hence, why it is less problematic that Signals server software is closed source.
There’s a FOSS version of signal called molly that’s opensource.
That’s a signal client, not server. While I think there are reimplementations of the signal server that you can theoretically nude, you’ll be bound to only communicating with people also connecting through that server (ie no federation)
You are 100% correct.
