I feel like repeating myself when discussing encrypted communication apps but, with Russia’s invasion of Ukraine, this does need repeating. As of 26 February, Telegram is the most downloaded social networking app in Ukraine and is incredibly popular in Eastern Europe in general. If you don’t want Russian government to find out who you are communicating with or what the contents of your messages are, it’s dangerous to use Telegram. I’m tired of newspapers still referring to this app as “encrypted”. It’s mostly not, at least not in the way that matters.
- end-to-end encryption (E2EE) is not enabled by default in individual (one-to-one) chats
- E2EE is not available in group chats
- E2EE is not available in channels
Sure, Telegram communications are encrypted between the users and the servers. This kind of encryption is used by all modern websites, including this one, so this a really low bar. Because Telegram mostly doesn’t use end-to-end encryption, it holds massive amounts of unencrypted (or easily decryptable) user data and communications on those servers.
In fairness to Telegram, its founder has stood up to Putin in the past. However, this is more of a technological problem than a moral or political one. If servers hold sensitive data, governments could, in theory, access them either through court orders (of questionable legality) or through explicitly illegal means, like hacking. A better way is to simply not store such data on the servers in the first place.
Alternatives1 to Telegram include Signal and WhatsApp. I have criticized the latter for its closed-source nature in the past, but, frankly, I believe it’s still better than Telegram in terms of security. Of course, Telegram has popular features like channels and there might not be great alternatives to that at the moment2. But that doesn’t mean you should use this app for all communications, especially ones containing sensitive information.