Is Telegram Safe To Use in 2024? Privacy Analysis
Telegram is a popular messaging app that’s supposed to support private communication. But, according to its recent policy updates, the platform can now share users' phone numbers and IP addresses with authorities in some situations.
Aside from this worrying development, there are several other potential safety issues with Telegram too. That’s why it’s crucial to understand how to safeguard your data when using the platform.
One thing Telegram brags about is that its robust encryption can protect you from hackers and cyber threats while using the app. This is a very bold claim so I decided to perform my own tests on the security and privacy features the app uses to keep your messages safe. Read on to find out whether Telegram is trustworthy and what you can do to enhance security while using it.
Short on Time? Here’s How to Safely Use Telegram in 2024
- Use a VPN — VPN encryption and IP masking prevent monitoring and tracking on Telegram.
- Enable 2FA — Two-step verification requires a password and SMS to log in to your Telegram account.
- Use Secret Chats — Self-destructing messages on Telegram use end-to-end encryption for improved safety.
- Hide your phone number — Limit your Telegram phone number visibility to only people in your contacts.
- Set up a local passcode — Enhance security on Telegram by enabling passcode and fingerprint sign-in.
Pro Tip: Use a No-Logs VPN to Keep Your Telegram Activity Private
Choosing a privacy-friendly VPN to use with Telegram is highly recommended because some VPN services actually collect, store, and share your activity data. ExpressVPN is a great example of a VPN that takes data protection seriously — it adheres to a strict no-logs policy. This policy has even been independently audited by independent firms (like KPMG), where it has been found to be accurate to ExpressVPN's actual practices.
Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.
Telegram’s Security Features
Telegram is known for its various security measures and it’s important to look at every distinct feature. This helps you make an informed decision about whether Telegram's level of protection aligns with your privacy expectations. Some of the key safety measures include:
- Secret Chats. These chats use end-to-end (E2E) encryption, ensuring that only the sender and the intended recipient can read the messages. That means even Telegram themselves can’t decipher these messages. Secret Chats aren’t stored on Telegram's servers, and your communications can be configured to be automatically deleted after a set time.
- Encrypted voice and video calls. Telegram offers encrypted calls. These calls also use E2E encryption, similar to Secret Chats. Only the caller and the recipient will have access to the call — the encryption ensures that no one else can listen in. Encryption is verified by 4 emojis; if both you and the other person on the call see the same emojis, you’ll know the call is fully encrypted.
- Encrypted cloud storage. Telegram uses client-server encryption for all data stored in its cloud storage. This means your data is encrypted when it’s in transit between your device and Telegram's servers, and it remains encrypted while stored on their servers.
- Two-step verification. By default, there is no password on your account — you just need to input a temporary code sent to your mobile device to log in. When two-step verification is enabled, it requires you to input a password in addition to the SMS code. This additional step makes it significantly more difficult for anyone to gain unauthorized access to your account.
- Passcodes and fingerprint locks. To protect your app from unauthorized physical access, you can set up a local passcode or a fingerprint lock on Telegram. This means that even if someone has access to your device, they won’t be able to compromise your Telegram account.
- Account self-destruct. If you want to stop using Telegram, the app features a self-destruct mechanism. After a certain period of inactivity (which you can set), your account will be automatically deleted — along with all data, messages, and associated media.
- Anti-phishing features. Telegram has mechanisms in place to counter phishing attempts. It uses bots and machine learning algorithms to detect and block accounts that are suspected of malicious activities such as spamming or phishing.
- MTProto protocol. Telegram uses its own encryption protocol called MTProto. While it has faced criticism due to its lack of independent audits, the company claims the protocol is continuously updated and improved to address potential security threats.
- Private read receipts. Like WhatsApp, Telegram messages have read receipts (indicated by the same double tick next to a message). However, unlike WhatsApp, Telegram doesn’t show you who read the message. That means — in a group chat — no one can see if you read or didn’t read their latest communication. Unfortunately, Telegram offers no way to turn off read receipts totally.
Taken together, these features represent a robust effort on Telegram’s part to ensure the security and privacy of its users. However, as with any digital platform, the level of security you experience ultimately depends on how you use these features and safeguards. It’s also essential to use a strong and unique password for your Telegram account.
Safety and Privacy Risks of Using Telegram
Despite the security measures, there are aspects of Telegram that pose potential risks. The major concern is that the platform has pledged to share user information with authorities if a legal request is made. Plus, Telegram’s regular chats aren’t E2E encrypted by default. The encryption protocol it does use for Secret Chats hasn’t been tested as extensively as some other protocols, leaving experts skeptical of its reliability.
To ensure you're aware of these risks, let's dissect some of the key concerns:
- Data leaks. In the past, there has been an instance of a data breach affecting Telegram. In 2020, the phone numbers and unique IDs of millions of Telegram users were reportedly accessed via a vulnerability and then exposed in a darknet forum. While most of the data leaked was outdated, and passwords and messages were not compromised, this still raises concerns about the app’s data protection practices.
- Hacker target. Due to its increasing popularity and perceived security, Telegram has become a prime target for hackers. Cybercriminals often try to exploit potential vulnerabilities in the app, conduct phishing attacks, commit financial or crypto fraud, or use social engineering tactics to steal user data.
- Default encryption and access to user data. Your standard messages don’t use E2E encryption by default. Instead, these chats are client-server encrypted. While your data is encrypted both during transit and while it's stored on their servers, Telegram retains the encryption keys. This means that Telegram or any malicious actor with access to these keys could decrypt and access your messages. Other private messaging apps like Signal, WhatsApp, Wire, and Threema use E2E encryption by default.
- Privacy policy ambiguities. Telegram's privacy policy states that it stores identifying user metadata — like your IP address, phone number, location data, and any unencrypted messages and media — for "as long as it’s necessary for Telegram to function." This vague language leaves a lot of room for interpretation and also leads to questions on what they actually do with this data.
- New policy on data sharing. Unlike in the past when Telegram was adamant that it never shared its users’ sensitive information, the platform can now hand over crucial data, including IP addresses and phone numbers to authorities and governments. While currently this can only happen if a court order is issued (for example, in criminal cases), this sets a worrying precedent. Especially considering how much of your data the app logs.
- MTProto protocol controversy. Telegram uses a homegrown encryption protocol called MTProto. While the company states that it’s secure, MTProto isn’t open source, so it hasn’t been as extensively audited as other more established protocols (for example, Signal’s protocol or WhatsApp’s implementation of the Open Whisper Systems protocol). Due to this, cybersecurity experts have expressed concerns about potential hidden vulnerabilities.
- Potential exposure in group chats. If you engage in a group chat, members who aren’t on your contact list may still be able to see your phone number. This can expose your personal information to strangers or third parties, leading to potential privacy breaches. The Secret Chat option is also not available for group messages, meaning you can’t have an encrypted group chat like you can with WhatsApp.
- Contact syncing. When you install Telegram, it requests access to your phone's contacts. This is so you can connect with people you know who are also using Telegram. However, this could potentially expose your entire contact list to Telegram, a significant concern for those who value their contact privacy.
In light of these risks, it's crucial to understand that while Telegram does offer a lot of robust features for security-conscious users, it’s not safe from potential cyber threats. As with any platform, it's important to stay informed and take appropriate measures to protect your data.
How To Use Telegram Safely
While Telegram provides various security features, it's equally essential for users to know how to leverage these features effectively. Here are some practical steps you can take to ensure your use of Telegram aligns with best practices for digital safety and privacy:
1. Enhance Security on Telegram Using a VPN
A virtual private network (VPN) can protect you from privacy intrusion and cyber attacks when using Telegram. It encrypts your traffic and masks your real IP address, preventing third parties (including Telegram, WiFi administrators, and ISPs) from collecting your sensitive data while using the platform. Also, a VPN can help in the case of a data breach or hack on Telegram where user information, including IP addresses, could potentially be obtained.
Telegram doesn’t use end-to-end encryption for regular chats (only in Secret Chats), which leaves your sensitive communications exposed. Plus, the encryption it uses isn’t open source, so there isn’t any way to confirm it's trustworthy or reliable against sophisticated cyber attacks or surveillance. Good VPNs use tried-and-tested military-grade encryption, keeping your Telegram activity private and safe.
Here’s how to use a VPN with Telegram:
- Select a reputable VPN service that offers strong encryption, a no-logs policy, and a wide range of servers, like ExpressVPN.
- Download and install the VPN app on your device and create an account if necessary.
- Open the VPN app and connect to a secure server in a location where Telegram works.
- Keep the VPN active and running while using Telegram to ensure your IP remains hidden and your communications are encrypted.
2. Enable Two-Step Verification
2FA (or what Telegram calls Two-Step Verification) adds an extra layer of security to your account by requiring a password in addition to the code you receive via SMS when logging in. Here’s how you can use it on Telegram:
Step 1. Open the Telegram app and click on the menu icon (three lines in the top-left corner).
Step 2. Click on Settings and then Privacy and Security.
Step 3. Scroll down to find the Two-Step Verification option and click on it.
Step 4. Set up a strong password and recovery email. Make sure your email is secure, as it can be used to reset your password.
3. Use Secret Chats for Sensitive Conversations
Secret chats provide end-to-end encryption and aren’t stored on Telegram's servers. There’s also a self-destruct timer for messages. Here’s how to use these features:
Step 1. To start a secret chat, click on the pencil icon (bottom-right corner) to start a new message.
Step 2. Instead of clicking New Group or New Contact, click on New Secret Chat.
Step 3. Then select the contact with whom you want to start the secret chat.
4. Limit Who Can See Your Phone Number
By default, your Telegram contacts can see your phone number. But you can change this by going to the privacy and security settings. It’s possible to limit phone number visibility to just your contacts, or you can even make it entirely invisible to everybody.
Step 1. Open the app, go to Settings, and select the Privacy and Security tab.
Step 2. Under Privacy, click on the Phone Number option.
Step 3. You’ll see 3 options — Everybody, My Contacts, and Nobody (highly recommended). Choose the one that suits you best.
5. Set Up a Local Passcode or Fingerprint Lock
In the privacy and security settings, you can enable a Passcode Lock. This means you would need to enter a 4-digit code or use your fingerprint to access your Telegram account. It provides an extra layer of security if someone gets hold of your device.
Step 1. Go to Settings and the Privacy and Security tab.
Step 2. Scroll down to find Passcode Lock. Enable it and set up a passcode.
Step 3. If your phone has a fingerprint sensor and you want to use it, toggle on the Unlock with Fingerprint option.
6. Regularly Clear Your History
To protect your data from potential breaches, it's a good idea to routinely clear your chat history — especially if it contains sensitive information. This option can be found in the settings of individual chats.
Step 1. Open a chat you want to clear.
Step 2. Tap on the 3-dot menu at the top-right corner to open the options panel.
Step 3. Click on the Clear History button to delete any chat history. Confirm your choice if asked.
While we’re at it, you can also clear your financial and address information if you’ve previously paid for Telegram Premium by going to Settings > Privacy and Security > Clear Payment and Shipping Info.
It can also be good housekeeping to disable active Telegram sessions on any other devices you’re not currently using. To do this, go to Settings > Privacy and Security > Devices > Terminate all other sessions.
7. Set Account to Self-Destruct
While it sounds dramatic, it can be a good idea to configure the self-destruct setting to delete your account after a specified period of inactivity. This will ensure that all your data, including chats and media, are automatically deleted from Telegram's servers if you ever stop using the app.
Step 1. Go to Settings and click on the Privacy and Security tab.
Step 2. Scroll down to find Delete My Account If Away For. Click on it and set your preferred duration.
8. Be Aware of Scams and Phishing Attempts
Always be cautious when interacting with unknown users or clicking on links sent by strangers on Telegram. Plus, avoid sharing sensitive information unless you're certain about the recipient's identity and that the conversation is secure.
By following these guidelines, you can significantly improve your security and privacy while using Telegram. Always remember that while technology can provide tools for security, what’s most important is our awareness and proactive behavior in using these tools effectively.
Best VPNs for Telegram in 2024
- ExpressVPN — Military-grade encryption with an advanced Threat Manager for unbeatable protection on Telegram.
- CyberGhost — Privacy-optimized NoSpy servers ensure no third parties can read your Telegram activity.
- Private Internet Access — MACE security suite blocks trackers from secretly collecting your data on Telegram.
Editor's Note: We value our relationship with our readers, and we strive to earn your trust through transparency and integrity. We are in the same ownership group as some of the industry-leading products reviewed on this site: Intego, Cyberghost, ExpressVPN, and Private Internet Access. However, this does not affect our review process, as we adhere to a strict testing methodology.
FAQs on Using Telegram Safely
Is Telegram a Russian app?
While Telegram was founded by Russian brothers, it’s officially incorporated in Dubai and the British Virgin Islands — and its team is spread worldwide. That said, the app still comes with some security risks you should be aware of.
Telegram’s founders, Nikolai and Pavel Durov, actually fled Russia in 2014 after refusing to give the Russian government user data from their first social network, VK (VKontakte). Telegram was also blocked in Russia in 2018 for the same reason. However, it should be noted that the Russian ban was subsequently lifted when Telegram agreed to "counter terrorism and extremism" on the app — which could be interpreted as agreeing to cooperate with authorities.
Can Telegram users see my phone number?
It depends on your settings — by default, generally only users who you've added to your contacts can see your phone number on Telegram. That said, if you engage in a group chat with members that aren't on your contact list, they might be able to see your number. So, make sure you manually configure your Telegram settings to limit who can see your phone number.
Another factor to bear in mind is that your device contacts who are already on Telegram will be notified when you join. This notification displays your name as it’s stored in your contacts’ devices, rather than your chosen Telegram username — which could affect your privacy.
Is Telegram safer than WhatsApp?
WhatsApp employs end-to-end encryption for all conversations by default, unlike Telegram, which only uses it for secret chats. However, each app has its pros and cons when it comes to safety and privacy. Telegram protects your messages with 2FA, passcode and fingerprint locks, and self-destruct messages.
It’s important to note that no messaging app is completely impervious to security threats. So, it's recommended to analyze all security and privacy features of any given messaging app to ensure it lives up to your expectations.
Is Telegram encrypted?
Yes, Telegram does use encryption. All chats are encrypted, but only Secret Chats use end-to-end encryption. I highly recommend using the Secret Chat feature for any conversation that involves sensitive information.
Can Telegram be traced?
Messages on Secret Chats can’t be traced but regular chats aren’t completely private. This is because Secret Chats use E2E encryption, but regular chats are only client-server encrypted — and Telegram holds the keys. So, normal chats could be traced or allow Telegram to monitor and archive the contents. Telegram claims that your activity isn’t tracked or monitored. However, this claim hasn’t been independently verified.
Wrapping Up
While Telegram does have its security drawbacks, it’s generally safe for casual use. As with any platform, the level of safety significantly depends on how you use it. The app comes with robust security features such as secret chats with end-to-end encryption, 2FA, and anti-phishing protections. So, it’s a relatively safe messaging app. That said, regular chats could be accessed by Telegram and the company has suffered from data branches in the past.
If you adhere to the recommended steps for enhancing your overall security and understand its limitations, you should be able to use Telegram without major concerns. Just stay informed about potential threats, keep your security settings updated accordingly, and avoid sharing sensitive data with unknown contacts. By doing so, you can keep your messaging private and secure from bad actors on the internet.
Your data is exposed to the websites you visit!
Your IP Address:
Your Location:
Your Internet Provider:
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 61% off.
Please, comment on how to improve this article. Your feedback matters!