The founder of Signal said that even Facebook Messenger is more secure than Telegram.
Moxie Marlinspike, founder of Signal, one of the most secure messaging apps in the world, tweeted that he doesn't understand why people still call Telegram "encrypted messenger" even though it's no better than Facebook Messenger.
“Telegram saves all of your contacts, groups, media, and every message you've ever sent or received in clear text on its servers. The app on your phone is just a "look" at their servers where the data actually resides. Telegram also sees almost everything you see on the app,” writes Marlinspike.
To prove that Telegram is not an encrypted messenger, it is enough to delete the application and install it again. The user will immediately see the entire history of his conversations, all his contacts, all the media that he has shared. This is possible due to the fact that all this information is located on the Telegram servers, and not just on users' devices.
“The confusion is that Telegram allows very limited “secret chats” (no groups and no sync) that nominally use e2ee (end-to-end encryption - ed.), even if the security of the e2ee protocol they use is questionable. By default, there is no end-to-end encryption in Telegram, but everyone talks about this messenger as being secure.”
According to Marlinspike, privacy technology is not about trusting someone else with your data, it's just not needed in truly secure messengers. The message you send should be visible only to you and the recipient. Group information should only be available to other members.
"FB Messenger also has an e2ee 'secret chat' mode which is actually much less restrictive than Telegram's (and also uses a better e2ee protocol), but no one would consider Messenger an 'encrypted messenger' even though FB Messenger and Telegram are built almost the same,” notes the founder of Signal.
Can Telegram be considered private?
The end-to-end encryption that Marlinspike wrote about ensures that only the sender and receiver of a message can read it, while other people intercepting the data see it as a string of ridiculous characters. Signal offers this type of encryption automatically for all messages, while Telegram does not.
However, Telegram has a “secret chat” feature that guarantees the same level of security as other messengers. Yes, it needs to be activated separately, and each new chat will not be safe by default, but in general there is such an opportunity.
In addition, comparing Telegram with Facebook Messenger in terms of privacy is not very correct, given the amount of information that the application collects about the user.
Telegram only collects name, phone number, contacts and user ID
Collected by Facebook Messenger: third-party advertising, purchase history, financial information, exact location, approximate location, physical address, email address, name, phone number, other user's contact information, contacts, photos or videos, gaming content, other user content, history search history, browsing history, user ID, device ID, product interaction, advertising data, other usage data, crash data, performance data, other diagnostic data, other types of data, fitness advertising or marketing, billing information, confidential information, product personalization, credit information, other financial information, email or text messages.