{"id":25402,"date":"2023-01-19T07:02:15","date_gmt":"2023-01-19T12:02:15","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/telegram-why-nobody-uses-secret-chats\/25402\/"},"modified":"2024-09-04T11:20:37","modified_gmt":"2024-09-04T10:20:37","slug":"telegram-why-nobody-uses-secret-chats","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/telegram-why-nobody-uses-secret-chats\/25402\/","title":{"rendered":"Telegram \u2013 “secret”? Yeah, right"},"content":{"rendered":"

Telegram\u2019s developers position their product as safe and protected<\/a>. But in practice that\u2019s not entirely true: the reality is that Telegram has a number of quirks that make protecting your messages a little tricky, and it\u2019s got nothing to do with the complexities of cryptography, but with much more prosaic stuff. Let\u2019s take a look at some rather dubious features in both the messenger\u2019s interface and general logic that make it less secure than is commonly believed.<\/p>\n

Shades of secure messaging<\/h2>\n

To start with, let\u2019s figure out how a secure messenger works. The first thing to realize is that almost all modern messengers long ago switched to encrypted data exchange between user devices and servers. That\u2019s the absolute minimum that any messenger should provide. However, that\u2019s not enough to consider a system secure, since it does not guarantee total message security.<\/p>\n

Here\u2019s why: if not only messaging participants but also the service has access to chats, then that creates additional risks. For example, the owners of the service themselves may turn out to be overly curious or greedy. Or, even if we assume they\u2019re honest to the core and have no desire to stick their noses into users\u2019 data, where\u2019s the guarantee that, if the service is one day sold, the next owners would be as honest? And then of course the service could get hacked, in which case the hackers themselves would gain access to correspondence.<\/p>\n

However, there\u2019s a very effective way to avoid all these dangers and answer the question of whether the service can be trusted once and for all: end-to-end encryption<\/a>. This ensures that information is encrypted on the sender\u2019s device and decrypted only on the recipient\u2019s device. As such, the service sends back and forth only encrypted messages and does not have access to the content. This automatically protects correspondence from nosy owners (current or future) and from the other troubles that might occur.<\/p>\n

So, we arrive at a very simple formula: a secure messenger is one that uses end-to-end encryption. Now let\u2019s see how Telegram handles all this.<\/p>\n

1. Not all Telegram chats are equally secure<\/h2>\n

Let\u2019s go straight to the root of the problem: Telegram is a unique messenger with two types of chats: regular and secret. Regular<\/em> chats are not end-to-end encrypted. Only secret<\/em> ones are.<\/p>\n

No other messenger does this: even the notorious WhatsApp, part of Mark Zuckerberg\u2019s data-hungry empire<\/a>, uses end-to-end encryption by default. The user doesn\u2019t need to do anything at all, there are no special checkboxes or anything:messages are protected<\/a> from all outsiders (including the service owners) right out of the box.<\/p>\n

As for messengers that explicitly position themselves as secure and protected, no one at Signal or Threema would ever think of having two types of correspondence: one end-to-end encrypted, one not. Why bother if you can make all chats equally safe without discombobulating the user? But Telegram is one of a kind.<\/p>\n

2. About those defaults\u2026<\/h2>\n

By default, Telegram chats do not use end-to-end encryption, and nor does the messenger inform users about the secure chat option. Who could have thought that a user who just installed a messenger precisely because it was advertised as secure wanted to keep correspondence private? Answers on a postcard, please. The upshot is that when a user creates a new chat, Telegram neither offers to secure it nor even hints at the existence of an option other than the default chat.<\/p>\n

I\u2019m willing to bet there are thousands, if not millions, of folks who entrust important secrets to Telegram chats in the full confidence that they\u2019re securely protected by default, yet use regular<\/em> chats with no end-to-end encryption.<\/p>\n

What\u2019s especially interesting is that the secret<\/em> chat button is hidden as deep as possible. It\u2019s not in the chat interface itself. It\u2019s not available at the next level either: even if you tap the name of your chat partner and go to their profile, you won\u2019t find the coveted button there. You need to dig a bit deeper: tap the three dots menu, rummage around in the secondary features, and there it is \u2014 the secret chat option with end-to-end encryption.<\/p>\n

3. Why all the secrecy anyway?<\/h2>\n

Another complaint arises regarding the name Telegram has given to its end-to-end encrypted chats. The developers could have called them something neutral like \u201csecure\u201d, \u201cprotected\u201d, or \u201cprivate\u201d. But no: they went for \u201csecret\u201d \u2014 and this word has a very interesting effect on people\u2019s perception.<\/p>\n

Many a time, after creating a secret chat in Telegram, I receive a sarcastic quip from the other end something like: \u201cWow James \u2013 For My Eyes Only, eh?!?\u201d Others apprehensively enquire as to what could possibly be so important \u2013 or naughty or something else \u2013 for its needing to be secret.<\/p>\n

Sure, it\u2019s doesn\u2019t happen every time: some people don\u2019t make such comments \u2013 or stop making them after a few times. But the fact remains that when you switch to Secret Chat<\/em> mode, it provokes a certain emotional reaction. You immediately feel like a spy, or a hardcore gossip-monger, or part of some other cloak-and-dagger operation. This simple and seemingly innocuous word triggers a very biased response in people\u2019s mind.<\/p>\n

And, I want to emphasize that it happens for no objective reason at all. When you start a chat on WhatsApp or Signal, no one ever asks or cares why you\u2019re using end-to-end encryption. That\u2019s because all WhatsApp and Signal chats use it without asking! In Telegram, however, the natural desire to protect a chat turns into a part of the chat itself, making participants feel at least uncomfortable, if not downright idiotic.<\/p>\n

4. Missing bells and whistles<\/h2>\n

The situation is further complicated by the fact that secret chats lack some features available in regular, unencrypted chats. And although the list isn\u2019t long \u2014 no emoji reactions or pinned messages \u2014 their absence may well put some people off using secure chats. And that\u2019s understandable: the lack of total privacy feels abstract, while the discomfort of not being able to give a thumbs-up is more concrete.<\/p>\n

Again, there\u2019s no objective reason for this. In WhatsApp, emoji reactions work perfectly \u2014 end-to-end encryption doesn\u2019t interfere in the slightest. I can only surmise that secret chats have long become such a fringe concern for Telegram\u2019s developers that the implementation of new features in them gets kicked not into the long grass but off the cliff.<\/p>\n

5. Two\u2019s company, three\u2019s a crowd<\/h2>\n

Let\u2019s say you manage to persuade your fellow chatters that there\u2019s nothing strange about Secret Chat mode and it\u2019s worth losing a couple of features for the sake of privacy. That in itself is no small achievement \u2014 and not everyone can pull it off. But don\u2019t get too comfortable just yet: sooner or later there\u2019ll come a moment when you need to discuss something as a group. And naturally you want to do it in a secure chat. Here Telegram has another surprise for you: it isn\u2019t possible. Telegram group chats cannot be end-to-end encrypted. Period. There\u2019s no such option.<\/p>\n

To talk in a group of three or more, you have to either sacrifice security or drag everyone into a secure chat in another messenger. If your chat partners are used to Telegram, the first scenario is the most likely outcome since it takes only one stubborn person to ruin the effort.<\/p>\n

Admittedly, from a technical point of view, implementing end-to-end encryption of group chats is no easy task. That said, the aforementioned WhatsApp, Signal, and Threema all provide end-to-end encryption of group chats by default the same way as for dialogs. The problem has even been solved for video conferencing.<\/p>\n

6. More isn\u2019t always better<\/h2>\n

There\u2019s one other thing in Telegram that makes the lives of its users harder: the ability to create as many secret chats with the same person as you like. It\u2019s clear why this is so: encrypted chats are tied to an encryption key that\u2019s stored on the device and cannot be transmitted anywhere. Evidently, Telegram\u2019s developers wanted to make it possible to use the messenger on several devices simultaneously. Hence the multiplicity of encrypted dialogs: for each new device you need to create a new secret chat (although WhatsApp somehow managed to solve this problem without multiplying chats). And since such an option exists anyway, why stop there? Let\u2019s allow users to spawn as many secret chats as they wish (on top of regular ones).<\/p>\n

I admit that in some exotic circumstances it may be useful to have several separate chats with the same person. But in most cases it\u2019s highly inconvenient and adds unnecessary confusion. It\u2019s especially challenging to try to recall on which device and in which chats someone sent you a phone number or other information (link, e-mail, account number, address) that\u2019s needed right now. For some, this confusion is a convincing argument against the use of Secret Chat mode.<\/p>\n

7. Another take please?<\/h2>\n

Regular, non-encrypted chats are stored on Telegram\u2019s servers and automatically appear on all devices after you sign in to the messenger. As mentioned above, this is not the case with encrypted secret chats: these remain on the device.<\/p>\n

What should you do if you bought a new phone and want to migrate all your data to it, including encrypted Telegram dialogs? There\u2019s nothing to do: Telegram doesn\u2019t let you transfer secret chats to a new device. There are \u201cfolk remedy\u201d<\/a> solutions for Android, but they\u2019re neither simple nor safe to use. And for iPhone users such dubious methods don\u2019t exist<\/a> at all. So, if you do switch to a new phone, all Telegram messages in secret chats will be lost forever.<\/p>\n

A couple more nuances: first, you\u2019d have to set up all your secret chats again, remembering whom you chatted with on your old device. Second, you\u2019d need to explain to all of your contacts that you have a new phone and that they need to write to a new chat because you no longer have access to the old chats. Don\u2019t think that Telegram will do it for you. Your friends will still have the old chats on their devices. They\u2019ll even be able to send something in them, but you won\u2019t ever see it.<\/p>\n

No secrets<\/h2>\n

To sum up, although in theory it\u2019s possible to communicate securely in Telegram through secret chats, in practice things aren\u2019t so straightforward. Since most folks always prefer the path of least resistance, they end up using regular chats without end-to-end encryption. Many probably don\u2019t even realize they\u2019re using an unprotected channel. But even if they do, they most likely don\u2019t see the point of suffering for the sake of privacy, and treat attempts toward secure communication with skepticism.<\/p>\n

One more time: protecting all your Telegram communication is no easy task. It requires plenty of effort on your part and with no guarantee of success. And even if, through blood, sweat, and tears, you do manage to make your dialogs secret, your group chats will remain unencrypted no matter what.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

A few words about why Telegram isn\u2019t as secure as its developers boast.<\/p>\n","protected":false},"author":2726,"featured_media":25403,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1622],"tags":[2960,586,43,590],"class_list":{"0":"post-25402","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"tag-end-to-end-encryption","9":"tag-messengers","10":"tag-privacy","11":"tag-telegram"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/telegram-why-nobody-uses-secret-chats\/25402\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/telegram-why-nobody-uses-secret-chats\/25080\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/20573\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/10398\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/27662\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/25732\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/telegram-why-nobody-uses-secret-chats\/28319\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/telegram-why-nobody-uses-secret-chats\/34543\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/telegram-why-nobody-uses-secret-chats\/11243\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/46889\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/telegram-why-nobody-uses-secret-chats\/20031\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/telegram-why-nobody-uses-secret-chats\/20644\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/telegram-why-nobody-uses-secret-chats\/29678\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/telegram-why-nobody-uses-secret-chats\/33180\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/telegram-why-nobody-uses-secret-chats\/25768\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/telegram-why-nobody-uses-secret-chats\/31443\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/telegram-why-nobody-uses-secret-chats\/31155\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/telegram\/","name":"telegram"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/25402","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=25402"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/25402\/revisions"}],"predecessor-version":[{"id":28126,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/25402\/revisions\/28126"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/25403"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=25402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=25402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=25402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}