Fact check: Telegram is less private than other messengers
The assumption that Telegram is particularly secure seems to persist. The fact is: Telegram is inferior to the competition when it comes to encryption.
Telegram co-founder Pavel Durov was arrested in Paris on August 24. The French judiciary accuses him of taking too little action against the use of the messaging service for criminal activities and of cooperating too little with the authorities. He has since been released – on bail of five million US dollars and assuming he reports regularly to the French police.
Durov's imprisonment appears to reinforce both the anti-establishment image of the Russian entrepreneur and the public perception that Telegram is particularly secure and that communication there is particularly private. This is not least due to the operators' marketing. The Russian messenger, which has been on the market since 2013, was developed by Pavel and his brother Nikolai Durov. Since the takeover of WhatsApp by Facebook in 2014 at the latest, it has also enjoyed a large user base in Germany, not least because it has positioned itself as a safe alternative to the competition since its inception. On the product website, the creators write that Telegram is secure, the API is open and, unlike the founders of WhatsApp, – promises never to sell – to a corporation.
The fact that the messenger is generally considered to be particularly secure and private may also be since Telegram is seen as a kind of darknet for your pocket. The software is not only used like a classic messenger, i.e. for sending messages, videos and audio messages. It also offers group and channel functions, which are used relatively openly to spread extremist messages, distribute illegal goods such as drugs and for other criminal activities. According to the latest reports, the operator now wants to take stronger action against this.
According to Spiegel Online, Telegram's website has also stated in the past that Telegram does not pass on any user data to third parties, "including all governments". However, Telegram abandoned this policy years ago, at least in part: according to information published by Spiegel Online in 2022, the operators apparently gave chat content to the BKA. Today, the sentence can no longer be found on the website. The point: If Telegram were to encrypt chats end-to-end by default, the operator would not be able to access the content or share it with anyone.
E2E encryption is not the default
– It is true that Telegram allows you to optionally encrypt so-called secret chats between two people end-to-end, but unlike Matrix, WhatsApp or Signal – E2E encryption is not active by default for all chats. All messages sent in channels, groups and also in regular, not explicitly "secret" chats between two participants end up on Telegram's servers. They are therefore not sent directly encrypted between the devices and apps of the chat participants, but take a detour via the provider's servers.
In other words, they are no better protected against access by third parties than an email. Like sending an email, Telegram messages are also sent using transport encryption. This means that content is sent via an encrypted channel between the messenger and the server so that third parties cannot easily read it during transportation over the network. However, Telegram can decrypt the messages on the servers if required. Anyone sitting at the endpoints – i.e. users involved in a chat on the one hand and the server operators on the other – can read them and share them with third parties if necessary. In the case of public groups and channels, even uninvolved third parties can view the chats if they have the group or channel link.
Homemade encryption protocol
In addition, the end-to-end encryption used by Telegram, which can be optionally set for private chats, is obviously technically inferior to that of the competition. Signal and WhatsApp rely on established double-ratchet encryption. Telegram, on the other hand, uses a self-developed protocol called MTProto, which has been widely criticized in the past, not least because of the old security adage "never roll your own crypto".
If you want to be sure that nobody can read your digital communication, it is better to use a service with end-to-end encryption activated by default, which is based on a tried-and-tested encryption protocol. Telegram, which scores highly with features such as adorable stickers, a great export function thanks to cloud backup and practical bots, is unfortunately inferior to the competition when it comes to security and privacy.
(kst)