Every text you send through Telegram is stored in plaintext. Telegram and authorities can access that without your knowledge. Also it will get leaked in a breach someday.
Now you decide for yourself if it's private.
False. If you want to tell how things works, get your facts right!
All data sent to Telegram's servers will be encrypted once they reach the servers. With other words, the messages and media and other files, will be sent in "plain text" over HTTPS only when using Cloud Chat. In Secret Chat, MTProto is (based on how E2EE works) as safe as what Signal Protocol is.
But nothing will be stored in plain text, no matter what you use (Cloud Chat or Secret Chat).
But(!) since the source code for MTProto is closed, we don't know how it really works, and if we can trust their FAQ or not.
I trusted Telegram at first, but I don't trust it 100% anymore (still better than SMS). Am using my own Snikket server these days. Much safer with a lot of ๐๐๐๐ moments, even today, maybe a year later. Especially with OMEMO (Signal Protocol).
Woah, thanks.
What should I use, then? Because, from what I seen, Signal is US hosted, and this isn't very good to privacy.
Signal is well designed enough that Jurisdiction doesn't matter much. The only things you'll find that can br arguably better than signal are fully decentralized apps that go over TOR like Briar or Simplex but these have a lot less usage because they're so slow and terrible for your battery.
Some people obviously do not know what they are talking about. Telegram stores clear text chat messages on their servers. That's not even near privacy
stores clear text chat messages on their servers.
Does it really?
By default, yes. It is possible to create a so-called secret chat, which is standard for signal and similar, but that's something you have to manually do. Furthermore, it's not even possible to make secret chats for groups. When it was initially released, I was cautiously optimistic that it could turn into a good, secure application, but knowing it's been this long and it hasn't, I wouldn't consider that likely.
It absolutely doesn't mean they store chats in plain text. There is no reason for it at all, it's extra work and extra stupidity. It's encrypted when the client sends it, no reason not to store it that way.
I'm not entirely sure what you're trying to say here. To clarify, telegram uses a store-forward architecture, meaning that it deletes messages from the server once they have been received by everyone. Until that time, the messages are stored on the server in plaintext, unless you're using a secret chat. They do this to avoid having to exchange keys between different clients, but what that really means is that it isn't actually private most of the time.
A lot of debate has been had about whether the CEO is trustworthy, but I guess if they're not doing end to end encryption then there's no point.
There's no debate. The CEO is a compulsive liar who misleads people about how encryption works. Every one who knows how encryption works and have looked at Telegram will tell you Telegram is not encrypted
Its main "security" feature is that they are uncooperative towards most governments. If a government makes a legally binding request to signal, they recieve IP, Account creation date and other unavoidable stuff and signal is transparent about that. If telegram gets that request, they probably ignore it, but maybe they don't and there is no way to know as a user.
Also telegram is the platform of drug dealers, nazis and conspiracy theorists. So even if it had e2e by default, I would still prefer using another platform.
https://www.messenger-matrix.de/messenger-matrix-en.html
Take a look at the comparison and judge for yourself.
I wouldn't call it "big tech". The biggest problem is that none of the chats are encrypted by default. And even if you do use "secret chats", the encryption there doesn't seem to be up to PAR with modern standards.
The creator previously refused to comply with warrants but since he was jailed in France, that's pretty much over.
A good messenger is unable to comply, by design, because it simply does not store the data that these govts are after.
Use Forkgram off of F-Droid. Its an open source app with extra features. You have to have the regular app to verify the login on forkgram. Then just uninstall the regular app. I only use it for news channels and mod'd app channels. I don't use it for communications. Its not good for that.
Telegram talks a pretty big privacy game, but consider that the feature that actually enables end-to-end encryption, called "Secret Chats" in the app, is OFF by default. Couple that with everything else said in this thread and you start to see a picture forming. And it's not pretty.
It probably has worse privacy than e-mail or IRC, because it has the same level of encryption (transport encryption only, i.e. Telegram LLC can read your messages), but it also requires a phone number to use, linking your account to your real identity. In short, do not use it for communications if you desire them to be private.
All I know is that every scammer under the sun uses it these days
It depends. By default, it uses a weaker encryption than WhatsApp. You can turn on e2e encryption, but not in group chats.
On the other hand, it has multiple FOSS clients, will work on pretty much any platform, and has a great UI.
If you want a fairly secure chat app that your grandparents can use, then Telegram is perfect. If you're sending highly confidential stuff, then no.
It's also suitable for project groups, because of the better tools (and moderation bots) available to the mods.
For messaging purpose WhatsApp (if not Signal) is better than Telegram as Telegram chats are not encrypted by default.
Wrong, we do not control WhatsApp. It fails to include a libre software license text file. Nothing secures our messages from WhatsApp.
Neither do we control Telegram. Both TG and WP are notorious. Even after Telegram client's being open-sourced, no one stopped them from sharing user data to Indian Govt. I am not defending WP, but it at least has a mention that chats are by default E2E encrypted. That's why I mentioned "if not Signal".
At least Telegram might try to resist. Meta corporation offers your data to highest bidder preemptively
Wrong, 'open source' misses the point of libre software.
Ok, does that prove Telegram more privacy-oriented than WP? That is my point.
It was much better in the past in years 2017 ,now don't use it.they put many limitations to custom clients and still not published source code of server as it was promised
Just another application owned by multi miliionaire
Like being poor makes it okay.
It relies on a service we do not control.
The alleged the connections to FSB give me pause. https://www.themoscowtimes.com/2025/06/10/investigation-uncovers-telegrams-potential-links-to-russias-fsb-a89400
Telegram allegedly complied with a government to give them user data, and their e2e encryption was switched to be off by default. I know because when I started the chat with someone we raved about how it says 'end to end encrypted' before sending a message. Well, between then and when I decided to migrate off it, that private one-to-one chat's encryption was switched off.
I say it's okay, but only ensure that e2ee is on
Even with e2ee, I wouldn't trust it since they use a closed-source, proprietary encryption protocol.
How far they have fallen.. Which would you recommend, sans self-hosting a service? Signal?
Signal is easy to on board folks to. Not a huge fan of the phone number requirement, but it's worth the trade off for me. I used Session for a while, but media sharing was buggy. I've heard good things about Simplex, but the inability to have a desktop client was deal breaker for me.
Libre software app, we control it, good.
Relies on a service we do not control, BAD!
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
