TLDR: I finally stopped using Telegram because of bad security and suspected potential mass surveillance from Russian government. Keep reading for more details if you're interested. For most users, I recommend using Signal instead.
I have been a long time user of Telegram and I've been thinking of leaving Telegram for years.
It has definitely one of the best User Interfaces of Instant Messaging apps. It has great APIs for implementing bots. In fact, I did implement one, for camera surveillance notifications.
How about Security?
Many people seem to think Telegram is secure. For some reason, even many technical people seem to think it somehow has superior encryption compared to for example WhatsApp.
I never thought Telegram was particularly secure. I did use telegram to an extent because some friends were on Telegram. I laughed it off when Telegram did their so called cryptography contest. Their take on security overall seemed a little odd. Instead of using known and proven technologies, they decide to implement their own protocol using obscure technologies that nobody else uses. They say it was designed by Six ACM champions, proving their arrogant attitude.
They really market themselves as a secure messenger. This is what annoys me the most.
From telegram.org website
When does encryption mean anyway?
Does it mean that when I send a message to my friend, nobody else can read it? At least Telegram's definition of security does not mean that.
Telegram does not use End to End Encryption by default
This is the biggest misconception. Many technical people know it, but I don't think majority of Telegram users understand how it actually works. Telegram uses encryption by default only for the data channel between your Client and Telegram Servers. Data is not end to end encrypted by default, meaning the party that is hosting the Telegram servers can read them. Yeah, sure, they will explain you that they have encryption for the hard drives, and blah blah, but they can still read your messages if they want to.
Telegram Secret Chats are very tricky to use right
1. You need to create a secret chat with the party you wish to talk to. Secret chat will be available only if the party is online. Only private messages are supported, not groups.
2. This is the part that nobody actually does: you should verify identity of the participant. This is done per chat, because the encryption keys change for every secret chat you start.
Telegram secret chats leak your secret links by default
Remember to check this option from telegram settings, otherwise your secret URLs are not so secret, and area instead leaked to Telegram servers.
Let's say you send a link to a Google Cloud photo. Congracts, you've leaked the image's encryption key (in the URL) to Telegram servers.
Telegram Secret Chats are per-device
So, you started a chat on your Phone and want to continue on Desktop? Create another secret chat.
Yes, you need to re-verify the keys, if you want to do it correctly.
Telegram groups are not End to End encrypted
Telegram groups cannot be end to end encrypted. Only direct messages can be end to end encrypted by using the Secret Chat feature.
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Telegram encryption has a history of bad security issues
See this blog post The Most Backdoor-Looking Bug I’ve Ever Seen for example.
Option one is that was a silly mistake due to implementing crypto yourself. Old joke on encryption is that there are approximately five people in the world who are competent in implementing encryption on the level Telegram is doing it. All security exports know this: don't do it unless you know you're one of those five.
Option two is that was a planted backdoor to allow Telegram's parties to gain access to your Secret Chats. Either way, it doesn't look good if you want to have privacy.
Telegram is probably co-operating with FSB or other Russian authorities
Telegram used to be blocked in Russia, due to them not co-operating with authorities.
However, Telegram started co-operating, and the ban was lifted.
Telegram is also probably being funded by people that have connections to Kremlin.
In my opinion, it very likely that Russian authorities will at least have targeted access to Telegram data.
It would also be safe to assume that they are doing mass surveillance with the data. Because, why wouldn't they? It's a great source for information, and this kind of operation would definitely be something Russia could do. Telegram also wouldn't be the first backdoored IM app, FBI did this with their AN0M app that was targeted for drug criminals (Operation Trojan Shield).
Messages, telemetry information, images, videos, IP addresses, names, contacts, locations. It has everything an intelligence agency would want. USA and it's allies did something similar with XKeyscore.
Truth is that we cannot know for sure what they do with the data. We know for sure that they have access to the data, because Telegram is not really encrypted, in the meaning that people understand encryption. Secret chats are partially encrypted, but that doesn't help much because most of the data is outside secret chats anyway.
But I'm not a target of Russia anyway!
The worst case assumption is Telegram is allowing Russia perform a mass surveillance on the messenger app. The idea of mass surveillance is to collect data on
Voting behavior?
Potential vulnerability to disinformation campaigns?
Tracking how misinformation campaigns spread?
Private photos and videos. Are you sure that is something you want to share with Russian government?
With a bit of imagination, there are many potential use cases for this kind of mass information.
So what IM app should you use instead?
My recommendations for a Telegram replacement below.
For everyday messaging my recommendation would be Signal. It uses great and proven encryption, is not suspected to be backdoor by intelligence agencies, and you don't need to tap a checkbox to make it secure (encrypted by default). It works reliably and is easy to use. Signal works as a direct WhatsApp or Telegram replacement for most use cases in my opinion.
For bot developers, maybe Matrix would be worth a try? At least it has an SDK and good bridging capabilities to other IM apps. I fully agree that Telegram has superior APIs and SDKs for implementing bots, but that's not something 99,999% of IM users are ever going to do.
Even WhatsApp is much better that Telegram in terms of security and privacy. Maybe the USA authorities have a targeted backdoor access, and Meta/facebook collects a shit ton of metadata (pun intended) but at least mass surveillance is not feasible due to the use of End to End encryption by default. I personally try to avoid WhatsApp as well, but at least whatsapp is encrypted by default. WhatsApp uses Signal's encryption protocol by default for private and group chats. WhatsApp's Security did have a very bad reputation back in the days when connections were unencrypted HTTP, but they paid Signal's developer Marlinspike to help them implement a real encryption. The bad reputation might have stuck although that is not the case anymore.
See Instant Messaging app comparison by Mike Kuketz. I have not personally verified the information in this table, but it seems about right.
