Reasons not to use Telegram

June 6, 2020

A short list of reasons why I don’t recommend Telegram.

Telegram performed the mortal sin of cryptography when they rolled their own encryption scheme, MTProto. They had Maths PhDs create the scheme – but mathematicians are not cryptographers. A theoretical vulnerability in their scheme was discovered in 2016 (see this PDF), though it has since been fixed.

When challenged on their encryption, they issued a nonsensical challenge that showed they do not understand cryptography.

Telegram defaults to unencrypted chats, so your messages are stored in plaintext on their servers. If you don’t want them to read your messages, you have to manually enable Secret Chats – but these don’t work for groups and require users to be online at the same time. A 2017 usability study found that many users thought they were using secure, encrypted chats when they were in fact sending all their messages in plaintext.

In spite of the above, Telegram continues to market itself as a secure messenger, causing people to think that their communications are private when they aren’t.

We have far better alternatives: Signal, Wire, and WhatsApp all use the well-tested Signal Protocol for encryption. They don’t let users accidentally send plaintext messages. They do vary in terms of metadata protection; Signal does the most in order to prevent storing metadata.