Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 287
- Reaction score
- 634
- Points
- 93
You've probably seen dozens of similar articles, but... Telegram is one of the most famous instant messengers, but should you trust it?
Let's look at its strengths, weaknesses and also look at examples from judicial practice. Is your data under lock or maybe at gunpoint?
Pros of Telegram:
- Open Source: Telegram client software is open source, which allows security experts to check it for all vulnerabilities.
- Secret Chats: Telegram offers secret chats with end-to-end encryption making your messages inaccessible to others.
- Cloud: Telegram stores messages in the cloud, allowing you to access them from multiple devices without the need for backups.
- Bots and Integrations: Telegram supports the creation of bots, which makes it a convenient tool for business and entertainment.
Disadvantages and vulnerabilities of Telegram:
- Regular Chats are not end-to-end Encrypted: Unlike secret chats, regular chats in Telegram don't use end-to-end encryption. This means that your messages can be read on Telegram servers. So all your correspondence about your "secret" adventures may become public knowledge.
- Centralized Management: Telegram uses it's own servers to transfer data. This creates a single point of failure and a potential target for hackers and government agencies. Remember that if someone wants to get to your data, they will just have to hack these servers. It's that simple.
- Linking to a Phone Number: Registration and use of Telegram requires linking to a phone number. This can be used to track and identify users, compromising anonymity. Your "anonymity" is at risk if someone decides that you are interesting.
- Closed Source Servers: Although the Telegram client software is open source, the server side remains closed. This raises questions about what actually happens to your data on the company's servers. Who knows, maybe they read your messages in their free time.
- Metadata: Telegram stores metadata, such as information about who communicated with whom and when. This data may be used to analyze and track your activity. If someone wants to know who you are discussing your "secret plans" with, metadata will help.
- Phishing and Social Engineering: Telegram isn't immune to phishing and social engineering attacks. Suspicious links and messages can lead to your account being compromised.
- API Vulnerabilities: Vulnerabilities have been discovered in the Telegram API in the past that could allow attackers to access user data. For example, in 2018 a security researcher found a vulnerability that could bypass Telegram's two-factor authentication. Did you think your two-factor authentication would protect you? Think again!
Arbitrage practice:
Telegram has more than once become the target of lawsuits and investigations. Here are some examples:
- Investigating Extremism in Germany: In 2017, German law enforcement agencies used Telegram metadata to investigate crimes related to extremist groups. This helped arrest several suspects and prevent potential terrorist attacks. Metadata doesn't lie - it knows more than you'd like.
- Navalny Case: In 2017, Russian opposition leader Alexei Navalny announced that his Telegram account had been hacked. This incident highlighted the risks associated with linking a messenger to a phone number. Even if you are not an opposition member, your account may be next.
- Russia vs. Telegram: In 2018, a Russian court ruled to block Telegram in the country due to the messenger’s refusal to provide the FSB with encryption keys. Despite the blocking, many users continued to use the service through VPNs and proxy servers. In 2020, the blocking was lifted after negotiations between the authorities and Telegram management.
- Case of Distribution of Pornography in the USA: In 2019, American law enforcement agencies uncovered a network that distributed child pornography through Telegram. Investigators gained access to the metadata and used it to identify and arrest members of the network. Do you think your secrets will remain hidden? Don't get your hopes up.
- Iranian Cyber Attacks: In 2019, Iranian hackers hacked the Telegram accounts of more than 15 million users. This attack attracted international attention and exposed the vulnerability of centralized data storage. So if you think your data is safe, think about the 15 million accounts that have been hacked.
- Italian Drug Trafficking Case: In 2020, Italian law enforcement used Telegram data to uncover a large drug trafficking network. The messenger was used by criminals to coordinate their actions and the metadata helped investigators track down the organizers. So if you think that Telegram is a safe place for your "shady dealings", you are deeply mistaken.
How to protect yourself when using Telegram?
- Use Secret Chats: Prefer secret chats for communications that require a high degree of confidentiality.
- Turn off Geolocation unless required: No one needs to know where you are at any given time.
- Be careful with Links/Attachments: Suspicious messages can be a trap. Think twice than regret later.
- Keep your Apps Updated: Regular updates can help protect you from known vulnerabilities.
- Two-factor Authentication (2FA): Enable two-factor authentication for an added layer of security.
- Use Pseudonyms: Instead of using your real first and last name use pseudonyms for greater anonymity.
- Check your Privacy Settings: Make sure your privacy settings are set to maximum security.
Last edited: