Now that WhatsApp has new terms of use, there are a lot of people who are switching to another service. Of course, in the hope of being able to use a platform that is a lot safer in terms of privacy. But is Telegram really that WhatsApp alternative?
In this article, we look at what Telegram does to keep your data safe and we make the comparison with WhatsApp. Is Telegram really as safe as the company makes us think or is it not too bad in practice?
What exactly is Telegram?
There may be people who have no idea what Telegram is exactly. Therefore, a very short explanation:
Telegram is a so-called cloud-based instant messaging app developed by the Russian brothers Pavel and Nikolai Durov. Before the brothers founded Telegram in 2013, they were mainly known as the owners of the social platform VKontakte, which later became known as VK. Telegram is maintained, updated, and provided with new functionalities from the head office in Dubai.
Since 2013 there has been a large group of people who use Telegram fanatically. This is mainly due to the fact that the WhatsApp alternative is known for security. For example, users of the app (available for iOS, macOS, Android, Windows, and Linux) have the guarantee that conversations with other people are encrypted. Those who also want extra security can use the Secret Chat option. In addition, the fact that Facebook has nothing to do with the platform at all is one of the biggest reasons why Telegram is so popular. Especially now that WhatsApp’s terms of use are changing.
How are you protected on the platform?
Most people switch from WhatsApp to Telegram, because the service would be more secure. But how are you as a user actually protected? You can find that answer on the FAQ page on the Telegram website.
Just like WhatsApp, Telegram encrypts your messages. Only the service takes a slightly different approach. Where the conversations via the Secret Chat function are end-to-end encrypted, the private conversations and group conversations have server-client encryption. This encryption not only applies to text messages, but also to media and files. For the techies among us: the encryption is based on the 256-bit symmetric AES encryption, 2048-bit RSA encryption, and the Diffie-Hellman secure key exchange.
Telegram is an open platform, so people always have insight into the source code. That way you can see how everything works at all times and, thanks to the code that is published on GitHub, you know exactly what is going on. The company guarantees on the website that the code that you can view is always the code used in the apps. Telegram even asks for feedback from security experts, so that they can work together to keep the service as safe as possible. So that is the mission of the company, but does it also ensure more safety?
Telegram less secure than you think
As mentioned, there are many people who use Telegram as it is more secure than WhatsApp. But that is not necessarily the case. In fact, the company is often criticized for that statement. One of the biggest problems for experts is the fact that not all Telegram conversations are end-to-end encrypted. As mentioned, this only applies to the conversations that are conducted via the Secret Chat function. If we look at that very black and white, you have to use a special functionality to get exactly the same result as with WhatsApp, where all conversations are encrypted end-to-end.
But there are more reasons why Telegram is actually a lot less secure than the company itself makes appear.
Striking Privacy Policy
Telegram itself mainly calls out the loudest that it has matters in the field of privacy much better organized than the competition. We certainly cannot deny that the application, for what is the standard today, is doing well. But you don’t have to expect a world of difference. Certainly not when you look at Telegram’s Privacy Policy. In general, it does not differ very much from competitors such as WhatsApp.
Telegram’s Privacy Policy has been a topic of discussion before. For an application known for security, section 5 is particularly striking. That is the part that focuses on the collection of personal data. When you accept this, as with all applications you almost do, there are a number of things that you give the company permission for.
One of the things you allow when using Telegram is the fact that the platform protects you from scams and abuse. That does not sound bad at all, of course, but it does ensure that the company receives certain information. Think of your IP address, which device you use, all usernames you have used on the platform, and much more. That data is eventually stored and deleted after 12 months. This ensures that this data remains open and exposed in the Telegram database for a year. Malicious people, therefore, have the opportunity to steal that data. As an extension of this, it is also possible for Telegram moderators to view conversations with marked messages. This is very important for the detection of spam and abuse,
Services like these always try to improve the user experience. Something that Telegram also does by collecting data about your usage. For example, they keep track of who you contact most in order to make these contacts easier to find. Data that is also stored again. It is of course not a disaster that the company collects this data from you. In fact, it makes the platform a lot safer. However, it is important to know what happens with that data next. In addition to the contacts you talk to, there are two more places where the Telegram data goes.
Logically, the personal data first goes to all parties involved. For example, the parent company will be able to view the information, but the data will also go to the parties that ensure that Telegram can continue to run. In addition, the company stores your IP address and telephone number for the authorities at all times. For example, if someone is suspected of a crime, the company has the right to disclose that person’s data.
Sensitive to cyberattacks
That sounds very logical so far and it will not hurt you as a user quickly. However, this makes Telegram an interesting platform for cyberattacks. Companies can protect themselves against this, but it seems that the platform still needs to take some steps in that area. In the past eighteen months, for example, a fair amount of data has already become public.
In June 2020, a report that Telegram had been the victim of a cyber-attack using a leak to steal users’ data. The perpetrators were given access to telephone numbers, usernames, and other sensitive information. Reportedly it involved 900MB of data that subsequently surfaced on the darknet. After investigation, it turned out that the hackers got access via the built-in function that allows you to share contacts. Unfortunately, these kinds of things happened more often between 2019 and 2020.
Use on desktop
As many of you know, Telegram can not only be used on a smartphone or tablet, but also on the desktop. Only where the company does its utmost to properly protect the first two platforms, it is rather disappointing with the latter. Telegram for mobile devices uses the MTProto Mobile Protocol for end-to-end encryption. The name says it all: it is a protocol aimed at mobile devices. It is therefore not available for desktop users and therefore the company must come up with an alternative. Only that alternative is not used.
So, when you use Telegram on your desktop you will see that the Secret Chat option is not available. This also applies to end-to-end encryption. In 2018, it was even announced that messages sent via Telegram for Desktop are not encrypted at all. The conversations are, according to a study by Bleeping Computer, simply stored in plain text. Quite a bad thing for a platform that claims to be more secure than anyone else.
Is Telegram more secure than WhatsApp?
Telegram is indeed more secure than WhatsApp in terms of privacy, but not as secure as it presents itself. As you can read above, a lot of data is still being collected and the platform has to deal with cyber-attacks a number of times a year. People who are used to WhatsApp will not notice much difference with Telegram, other than the fact that your data does not end with Facebook. And in that respect, the question may not be which platform is safer, but what you prefer.
Would you like to send your data to Telegram’s headquarters in Dubai or would you rather give it to Mark Zuckerberg’s Facebook? We leave that choice to you.
