Is Telegram safe? Mistakes not to make on Telegram.
What is Telegram?
Launched in 2013, Telegram is a messaging application of Russian origin, which allows you to send messages, photos, videos, documents and to make voice and video calls. The application, whose code is open source, bases its communication on the encryption and security of exchanges on its platform.
Its co-founder, Pavel Durov, is at the origin of the social network VKontakte. He co-created Telegram in particular to escape the surveillance of the Russian government.
Russia banned Telegram
On April 16, 2020, it was announced that the popular encrypted online messaging app Telegram was going to be blocked in Russia. Under draconian new legislation, courier services must now comply with court orders to hand over their encryption keys to the Russian government. Telegram not only refused to do so, but was unable to because its privacy protocols do not allow access to these keys.
Since that day, the Russian internet has collapsed into chaos. Russian media regulator Roskomnadzor has blocked access to millions of IP addresses in an attempt to stop Russians from accessing Telegram. The domino effect of this measure resulted in thousands of innocent websites becoming unavailable in Russia.
The best solution to the restrictions on Telegram and the broader internet censorship that’s happening is using a VPN.
Using the Best VPN for Telegram in Russia
The list of websites currently unavailable in Russia is extremely varied. Everything from online retailers and social networking sites to online games and video streaming sites are currently offline. To access all of these sites, Russians need a VPN that can meet a few basic criteria. These criteria are as follows:
- Fast connection speeds – Some VPNs can slow connections, which is not good for any user, but especially bad for online gaming and streaming videos and other content.
- Encryption strength and security – To keep your online activity hidden from Russian authorities and your own ISP, Russian users should look for a provider that can offer the highest levels of encryption possible.
- Effective privacy policies – To protect your online activity from prying eyes and Russian authorities, users will also want to choose a VPN with strong privacy policies, including a no logs policy.
- Server network size – Russia is a big country and choosing the best server to connect to will depend on where you are. Therefore, the more servers available to users, the better.
- Simultaneous Connections – Russian online censorship affects all Internet connections. Users should therefore look for a provider that allows them to use a VPN on all their internet-connected devices at the same time.
- No bandwidth restrictions – Some VPNs have data limits that can severely restrict what you can do online. Most users these days want Unlimited VPN access, and that’s especially true for those who use the web for data-intensive activities, like streaming and online gaming.
Why is end-to-end encryption important?
End-to-end encryption is a computer method that uses mathematical calculations to make conversations and files unreadable if you do not have the key to decrypt them.
Therefore, even the internet service provider cannot see what is circulating in such a chat channel, nor can any other third party – including law enforcement.
This does not mean that end-to-end encryption is absolutely inviolable, under all circumstances. Clearly, end-to-end encryption already makes it possible to avoid mass surveillance. Of course, it is not the absolute weapon in computer security (but does this even exist?), but it still raises the level of the game, by forcing opponents to target (by attacking one person, before moving on to the next), instead of leaving them able to attack several of them at a time. Put simply, end-to-end encryption increases the “cost” of adversaries, forcing them to make choices.
Why doesn’t Telegram offer end-to-end encryption by default?
In the case of Telegram, end-to-end encryption is not enabled by default. It’s only available as an option, and it’s up to the user to know it exists and enable it, chat by chat.
But why does the mobile application choose to make this protection optional, instead of integrating it as standard? The answer came from Pavel Durov, one of the founders. He argued that Telegram is a feature-rich app. If Telegram were to switch to such a demanding approach in terms of IT security, it would have to give up on certain developments that cannot work when the messages are very heavily protected.
Moreover, Pavel Durov judges that end-to-end encryption is not what Internet users want the most, indirectly supporting the thesis that this argument may not be the right one to convince the general public to switch to secure messaging.
So, is there no security on Telegram?
It should not be left to think that Telegram does not offer any security. There is certainly a fundamental and sizeable difference with Telegram, due to the absence of end-to-end encryption by default – which, remember, is still offered as an option in the instant messaging options. Nevertheless, Telegram implements other security options.
Telegram recalls that it also offers to consult its source code, at the API, protocol, and application level, but the criticism made of it is that it does not allow you to see what is happening on the server side. However, Telegram accepts security audits of its systems and makes it possible to verify that the source code that is shared publicly is indeed the one that is executed in the applications.
The fact of having cloud-level storage of discussions without end-to-end encryption means that Telegram is in fact exposed to legal or administrative requests to produce information on conversations, since they are in theory accessible. But the company assures that “to date, we have disclosed 0 bytes of user data to third parties, including governments”.
Mistakes you should not make on Telegram
Writing in unencrypted chats
With the possibilities offered by temporary conversations and secret messages, using the traditional message exchange channel does not make sense. Better to start a secret chat, which allows you to activate end-to-end cryptography and thus have the assurance that the other person will not be able to take a screenshot in the conversation.
Not mastering bots
Bots are the tools that most differentiate Telegram from WhatsApp. These are automated programs that provide a variety of services: searching for gifs, sending notifications, formatting the text at the user’s discretion… A search in the list of commands reveals all the possibilities and best exploit in Telegram conversations.
Not limiting the lifetime of the account
It is better to choose a period of time, between a month and a year, after which the Telegram account will self-destruct if not used, which protects the user in case the phone is stolen.
Joining illegal groups
The app is evolving into a kind of deep web that is more accessible because it is easier to use, where the user’s identity remains completely secret thanks to end-to-end encryption of public and private chats. Over the years, groups have been discovered with illegal job offers classified according to a color code: black if the task is legally risky, gray or white when the danger is less. On the channels, we can also witness the sale of hacking tools, stolen identity papers or offers to obtain false papers. Better to stay away from it.
Best Alternatives to Telegram
In the jungle of applications and messaging software, most offer security options, some very effective like Telegram, Signal or Wickr Me, others a little less like WhatsApp or Facebook Messenger.
In terms of ultra-secure messaging, you could also rely on newcomers like Olvid, Skred or Threema. These offers are even more secure than Signal and Telegram can be.
Signal is the second reference in terms of private and secure messaging. Open Source and free, it is also cross-platform desktop and mobile (Windows, Mac, Linux, iOS, Android). In order to best secure the information, it uses its own infrastructure. Instant messages (chats), voice and video calls are end-to-end encrypted. Signal also allows you to send ephemeral messages, i.e. they disappear after a set time. Also, the application can be secured by a password, in addition to the verification of the telephone number.
Wickr Me is the free and personal version of the secure application Wickr, also very well known for its high security. Messages are end-to-end encrypted for instant messaging. In addition, a screenshot detector is integrated, allowing you to be warned if one of your contacts takes a screenshot during a video. And to finish in data security, it includes a file shredder which allows any deleted file to disappear permanently via its deletion tool.
At WhatsApp, and despite being part of Facebook, the instant messaging system (chats) and audio and video calls are end-to-end encrypted. WhatsApp therefore protects the data of your communications (but shares some user metadata with Facebook). In addition, WhatsApp does not store your messages on its servers, except when they are sent, and they are deleted upon receipt.
On the other hand, if you have opted for an external cloud backup (to recover your messages in the event of a possible reinstallation for example), the security of this stored data depends solely on the storage mode. These backups are encrypted if made on iCloud (for iOS users), but not on Google Drive (for Android users). WhatsApp can also be used on PC (desktop) as well as on mobile, your username will also be your phone number.
Facebook Messenger is certainly not the first application that would come to mind when talking about secure messaging. However, it is possible to configure end-to-end encryption of messages (no, this is not set by default) and you can even configure the self-destruction of messages (yes, between 5 seconds and 24 hours!). Let’s admit, however, that it is still far from being the recommended application if you want to protect your privacy, Facebook having a bad habit of using your data at all costs.
Skype is Microsoft’s consumer and cross-platform messaging solution, also widely used by professionals (thanks to screen sharing). It is cross-platform and full of features. Skype is instant messaging (chat), voice and video calls. But also the possibility of making calls to fixed or mobile phones, or of sending SMS (with a subscription). Other users can find you either by your Skype ID, by your name or by your e-mail address. Skype promises end-to-end encryption of conversations.