[SOLVED] : Telegram: security and privacy tips

We explain why conversations must be secret on Telegram and how to configure security and privacy settings.

[SOLVED] : Telegram: security and privacy tips

Facebook recently updated WhatsApp’s privacy policy, which has prompted many unhappy users to turn to other instant messaging apps including Telegram. It is mainly thanks to this exodus that the Telegram app has been installed 25 million times in just a few days, now with a user base exceeding 500 million.

Now is the perfect time to tell you about Telegram’s security and privacy settings.

End-to-end encryption is not the default option on Telegram

The first thing to know about Telegram is that conversations hosted in the cloud, as Telegram calls its standard exchanges, are not end-to-end encrypted. This article explains why end-to-end encryption is so important when it comes to privacy.

In a nutshell, the lack of end-to-end encryption means that Telegram has access not only to metadata (who you write to, when, how often, etc.), just like WhatsApp, but also to the content of standard conversations that are not end-to-end encrypted. According to Telegram’s privacy policy at the time of this writing, the data is not used for advertising purposes, but we know from experience that policies can change.

How to enable end-to-end encryption to keep Telegram conversations secret

Telegram instant messaging is well and truly equipped with end-to-end encryption; you just need to activate it. These conversations protected by end-to-end encryption are known as Secret Exchanges.

During a secret exchange, all sent messages, images, videos and other files are end-to-end encrypted. This means that only you and the recipient have the decryption key and Telegram cannot access the data.

In addition, the content of secret exchanges is not stored in Telegram’s servers. Since secret exchanges are only saved on the device, they cannot be accessed from any other device, and they disappear as soon as you log out of Telegram or delete the app.

Secret Exchanges are available with Telegram versions of iOS, Android, and macOS. The Web version and the Windows application are incompatible with secret exchanges. These systems cannot guarantee that conversations are stored securely on the device.

How to create a secret exchange on Telegram

With the current versions of the Telegram app, it is quite difficult to find the secret exchange option.

To create a secret exchange, you must open the profile of the person with whom you exchange, tap or click on the three buttons (or More in some cases) and then select Start a secret exchange.

[SOLVED] : Telegram: security and privacy tips

How to enable end-to-end encryption on Telegram: start a secret exchange

This option opens a conversation where messages are end-to-end encrypted (a notification appears at the start of the conversation). You can also indicate when messages will be deleted by tapping or clicking the stopwatch icon in the received messages section.

[SOLVED] : Telegram: security and privacy tips

Configure a timer to automatically delete messages from secret exchanges on Telegram

Obviously, self-destruction of messages does not prevent your correspondent from taking a screenshot but, if he does, will be notified in the conversation. There is only one exception: if the other person is using the macOS app. You will not receive a notification in this case.

Here’s another helpful tip: Telegram allows multiple secret exchanges with the same person. Group chats cannot be secret unlike WhatsApp which by default applies end-to-end encryption to all conversations.

How to tell if a conversation is end-to-end encrypted: the padlock icon

Since conversations on Telegram are either stored in the cloud or secret, in some cases it is important to know what you are using. If an exchange contains sensitive information, it should be secret, right?

Yes of course. End-to-end encrypted conversations are almost identical to the usual ones. To confirm your situation, look for the padlock icon next to the name or phone number of your contact. If there is one, the exchanges are secret. Otherwise, end-to-end encryption is disabled and you should create a new conversation.

[SOLVED] : Telegram: security and privacy tips

Configure a timer to automatically delete messages from secret exchanges on Telegram

You can also touch or click on the corresponding conversation icon to check if the exchanges are end-to-end encrypted. If so, the Encryption Keywords appear at the bottom of the open window.

How to configure Telegram’s security and privacy settings

While we’re at it, let’s take the time to configure the app’s security and privacy settings. Click Settings at the bottom right and select Privacy & Security.

Security settings on Telegram

The first step is to make sure that no one can read your conversations if you accidentally leave your device unlocked or unattended. To do this, select Passcode and Face ID, activate the function and think of a PIN code that you will not forget. Enter it and confirm.

Then enter Auto-lock and enter the time frame, between 1 and 5 minutes. If your device supports fingerprints or facial recognition, you can enable this option here.

[SOLVED] : Telegram: security and privacy tips

How to configure security settings on Telegram

Next, you need to accept two-factor authentication to protect your account from cybercriminals. With each new connection, you will receive a one-time code by SMS but Telegram invites you to choose a password as the second factor.

So, go to the Confidentiality and security section, select Double authentication (a term chosen by Telegram to designate 2FA) and then choose a complex password. It should be noted that you will rarely enter this password and could easily forget it, so keep it in a safe place such as a password manager.

What will happen if you forget this additional password? You will need to reset your account. In other words, you have to make a request to completely delete your account and then you have to wait seven days. The account will disappear after a week (associated contacts, cloud conversations and channel subscriptions) and you can create a new, completely empty one using the same phone number.

[SOLVED] : Telegram: security and privacy tips

Privacy settings on Telegram

You need to properly set up your profile to share only the bare essentials with Telegram’s 500+ million users. So, see all of Telegram’s Privacy settings and then change the values. By default, anyone can access all options and data. We recommend that you configure your account this way:

  • Phone number → Who can see my number? – Nobody.
  • Phone number → Who can find me by my number? – My contacts.
  • Presence → Who can see your last presence? – Nobody.
  • Profile picture → Who can see my profile picture / video? – My contacts.
  • Calls → Who can call me? – My contacts (or Person, if you prefer).
  • Calls → Peer-to-peer – My contacts (or Person, if you do not want to share your IP address with your contacts).
  • Forwarded messages → Who can add a link to my account when forwarding my messages? – My contacts.
  • Groups and Channels → Who can add me to Groups and Channels? – My contacts.

[SOLVED] : Telegram: security and privacy tips

How to configure privacy settings on Telegram

This is also a perfect time to check the Privacy & Security → Data Settings section and delete from Telegram’s memory any information you don’t want the app to have.

Telegram security for the more careful

The above tips should be enough for most users, but here are some more for the more thorough:

  • Choose another phone number to create a Telegram account, or a virtual phone number instead of a real number. However, be careful not to use a one-time number or something similar otherwise anyone will be able to access your account.
  • Use a VPN to hide your IP address (which Telegram can disclose at the request of law enforcement, for example).
  • Consider using another application (one more suited to secure and confidential communications) such as Signal or Threema. Unlike Telegram, they encrypt all conversations by default and offer several additional privacy options. On the other hand, they are less well known and lack certain features that encourage users to choose Telegram.

Remember that even the most secure instant messengers are helpless if someone has access to your device, either physically or remotely. Thus, we advise you to always lock all your devices with a password or a PIN code, to regularly install updates to installed applications and the operating system and to have a trusted antivirus to protect you from malware.

Tagged in :

, , , ,