ESET sounds the alarm: Telegram is unsafe — even secret chats do not guarantee protection from intelligence agencies
Antivirus software developer ESET has published a study showing that Telegram lacks end-to-end encryption by default. It’s only present in secret chats. The company concludes that this makes Telegram an unsafe messaging app, as Russian intelligence agencies could have access to conversations in non-secret chats.
"Standard Telegram messages, including one-on-one chats, group messages, and public channels, use a method called client-server encryption. This means your messages are encrypted on your device before being sent to Telegram’s servers. They are then decrypted before being delivered to recipients and then stored in the Telegram cloud," ESET’s investigation states.
"This system is built on Telegram’s proprietary MTProto 2.0 protocol, which uses AES-256 encryption, SHA-256 hashing, and a custom key generation scheme. While the technical details may seem complex, the bottom line is this: Telegram servers can access the contents of your cloud chats if necessary…. Since Telegram holds the decryption keys for your cloud chats, they can access or share your messages with law enforcement…. Telegram should never be considered safe for high-risk users. Real-world cases and investigative reports show that Russian activists and opposition figures have had their Telegram activity examined during interrogations and used against them in criminal cases. Whether it’s device compromise, legal pressure, or exploitation of Telegram’s architecture, the message is the same: if your freedom or physical security depends on privacy, Telegram—even in secret chat mode—is a risky choice…”
ESET recommends using Telegram only as a tool for monitoring public channels or low-risk everyday chatter. If you’re an activist, journalist, whistleblower, or anyone whose communications could put you in serious danger, you shouldn’t rely on Telegram.
