Why You Should Stop Using Telegram Right Now 

Telegram, the supposedly secure messaging app, has over 100 million users. You might even be one of them. If you are, you should probably stop using it right now. Here's the unfortunate truth about Telegram: It's not as secure as the company's marketing campaigns might lead you to believe. According to interviews with leading encryption and security experts, Telegram has a wide range of security issues and doesn't live up to its proclamations as a safe and secure messaging application.

One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realise that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if its not turned on by default, it doesn't matter."

There's no reason to not encrypt your messages by default, especially as an application that brands itself one that makes security a high priority. Contrary to the opinions of almost every encryption and security expert, Telegram's FAQ touts itself as more secure as WhatsApp. But in reality, WhatsApp uses the most highly praised encryption protocol on the market and encrypts every text message and call by default.

Besides making flawed product choices like offering non-encrypted chatting, a boon to would-be hackers or government surveillance programs, experts also indicate that the actual encryption technology is flawed. Telegram did what's known as "rolling their own encryption", which is widely considered to be a fatal flaw when developing encrypted messaging apps.

"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticised Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."

"When experts universally praise the Signal protocol that Open Whisper Systems uses and that WhatsApp uses, there is no reason to roll your own encryption," Soghoian said. "This is computer security 101. There's no reason to roll your own when something perfectly good already exists that has been audited extensively."

"They basically made up a protocol," Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot last year. "According to their blog post, they have a couple of really brilliant mathematicians who aren't really cryptographers but were smart, so they came up with their own protocol. It's pretty crazy. It's not something that a cryptographer would use. That said, I don't know if it's broken. But it's just weird."

The app also leaks metadata "like a champion," Woodward said. Earlier this year a security researcher discovered that an attacker could figure out when a user was online and offline, which could help determine who you are talking to and when you use the app.

Leaking Telegram metadata

So the point is, if you're looking to communicate securely, just use Signal, iMessage or WhatsApp. Telegram has too many potential flaws and hiccups that may compromise its integrity as a secure messaging application.

WATCH MORE: Tech News


Comments

    Meh, I just use it for the stickers.

      Same. I'm not really having any discussions that give me cause to worry they might be snooped on. It'd suck if that happened, of course, but I'm more interested in Telegram's excellent cross-platform interface (its desktop app is much better than WhatsApp's) and fun features than I am the security aspects. #ConvenienceOrDeath I suppose. But I can live with it. If I needed to have a top-secret convo, I guess I'd try one of the other options out.

      I'm on the same boat, I actually really want to move over to Signal but unfortunately, Signal is very barebones and Stickers are awesome.

      I know that a lot of my friends also want to move but wont because Signal doesnt support things such as Stickers

    Also, "Why You Should Stop Using Telegram Right Now". Wow, props on the alarmist clickbait headline. There are plenty of ways to communicate the safety-focused thrust of your story without motivating people to click through in a panic.

    Facebook and Signal are USA companies, and as such are required by law to let the government and its agencies access any data they desire. Any non-US app with half baked encryption can't be any worse than this.

    This article give users the impression Telegram is not encrypted by default which is factually incorrect. Please correct the article.

    Last edited 13/07/16 4:15 pm

Join the discussion!

Trending Stories Right Now