All of Telegram's Lies About Privacy
Telegram is known as a privacy-focused secure messaging app because it markets itself that way. However, it is often criticized by security experts, privacy advocates, and people with common sense who can understand why its claims about being privacy-friendly don't make sense. In this brief article, I'll show you all the things wrong with Telegram's privacy claims and why people actually use this app.
People Use Telegram for Its Good User Experience, Not for Privacy
Telegram has a good UX design. It is fast and works smoothly on any device because its apps are written in native code instead of relying on cross-platform frameworks like React Native or Electron, which makes it faster than many other apps, including Signal. Also, it has many features that people enjoy.
This app gained its popularity among people in developing countries, where people tend to spend more time on their phones. Most of these people are not privacy-conscious and use Telegram for convenience, not for privacy. It is also more like a social media platform because of its channels, but we're not going to focus on that side of this messaging service.
Telegram Isn’t End-to-End Encrypted by Default, and It Doesn’t Want You to Use This Feature
End-to-end encryption (E2EE) is a type of encryption where data is encrypted in such a way that it can only be accessed by the sender and the receiver. The server hosting the messaging app cannot access user messages, photos, videos, and files because they are encrypted using a pair of keys on users' devices. Messaging apps like Signal and WhatsApp have end-to-end encryption enabled by default, making it impossible for those companies to see your messages. However, it is possible that WhatsApp collects some metadata from your messages. This is because WhatsApp is not open source and is owned by META, a company often criticized for selling user data.
Although this discussion isn't focused on WhatsApp, it highlights that even a big tech-owned messaging app, whose parent company has been accused of mishandling user data, can be more privacy-friendly than apps like Telegram, which claims to be privacy-focused and secure. The whole point of an "encrypted messenger" should be that users don’t have to trust anyone other than the people they’re communicating with. However, Telegram falls short of this standard.
Telegram has its E2EE feature called "secret chat," but it is not enabled by default and is not available on all platforms. For example, end-to-end encryption is not supported on the Windows, Linux, or web versions. The maintainer of Telegram's repository on GitHub stated, "Telegram is a mobile messaging app in the first place....So the desktop app is more about work."(source) This raises the question: why is this app marketed as an "encrypted messenger"? What sets it apart from platforms like Discord when it comes to privacy?
Everything is Stored in 'Cloud'
Telegram is a cloud-based messaging app. Every message, picture, video, and other content you share or receive on this platform is stored on its servers. While this is convenient because you don’t lose your chats when switching devices, it is terrible for privacy since your chats are stored on their servers. Telegram claims that the data is encrypted on their servers so hackers cannot access it if the servers are breached, but this also means Telegram can view everything in your chat history. When you use the "secret chat" feature, however, your encrypted messages are not saved on their servers. Telegram seems to prefer storing only your unencrypted data on their server.