Home / Content / How to Configure Privacy & Security on Telegram

How to Configure Privacy & Security on Telegram

Submitted by admin on Thu, 01/21/2021 - 12:34

WhatsApp recently updated its privacy policy, which has caused many unhappy users to switch to rival messengers, among them Telegram. In the past few days, Telegram added 25 million new users, pushing its active user base to over 500 million.

That makes this the perfect time to talk about Telegram’s security and privacy.

End-to-end encryption is not the default option in Telegram

The first thing to know about Telegram is that Cloud chats, as Telegram calls its standard chats, are not end-to-end encrypted. (Here’s why end-to-end encryption is important for privacy.)

In summary, the absence of end-to-end encryption means Telegram has access not only to metadata (who you wrote to, when, how often, etc), as WhatsApp does, but also to the contents of standard chats with no end-to-end encryption. According to Telegram’s privacy policy at the time of this writing, the data is not used for advertising purposes. However, as we know from experience, policies can change.

How to enable end-to-end encryption for secret chats in Telegram

Telegram does have end-to-end encryption — you just need to enable it. Telegram calls chats with end-to-end encryption enabled Secret chats.

In secret chats, text messages, pictures, videos, and all other files are sent using end-to-end encryption. That means only you and the recipient have the decryption key, so Telegram cannot access the data.

Moreover, the contents of secret chats are not stored on Telegram’s servers. Because secret chats are saved only on the devices of chat participants, they cannot be accessed from another device — and they disappear when you log out of Telegram or delete the app.

Secret chats are available in Telegram’s iOS, Android, and macOS apps. The Web version and Windows app do not support secret chats; they cannot ensure secure storage of chats on the device.

How to create a secret chat in Telegram

To create a secret chat, you need to open the profile of your chat partner, tap or click the three-dot button, and select Start Secret Chat.

That opens a chat in which end-to-end encryption is applied to messages (a notification to that effect appears in the chat window at the start). You can also set the time after which messages will be deleted by tapping or clicking the clock icon close the contact name.

Of course, the automatic deletion of messages doesn’t prevent your chat partner from taking screenshots, but if they do, you will be notified about it in the chat. The one exception is if the other person is using the macOS app; in that case you won’t get a notification.

Here’s another handy tip: Telegram allows multiple secret chats with the same person. Group chats cannot be secret, however, unlike in WhatsApp, which applies end-to-end encryption to all chats by default.

How to know if a chat is end-to-end encrypted: The padlock icon

Because Telegram chats can be either cloud or secret, in some cases it is important to know which type you are using. If a chat contains sensitive information, it should be secret, right?

Yes, of course. But end-to-end encrypted chats look almost identical to regular ones. To confirm which kind you’re in, look for a padlock icon next to the name or phone number of your chat partner. If it’s there, the chat is secret. If not, then end-to-end encryption is off, in which case you should create a new chat.

You can tell if end-to-end encryption is enabled when there's a padlock close to your partner's name and the color is green.

Telegram Security Settings

The first step is to make sure no one can read your chats if you accidentally leave your device unlocked and unattended. To do so, select Passcode, tap or click Turn Passcode On, think up a PIN code you won’t forget, set it, and confirm.

Next, select Auto-Lock and set a low value — 1 or 5 minutes. If your device supports fingerprint or face recognition, you can enable the option here.

The next step is to set up two-factor authentication to protect your account against hijacking. The primary login method uses a one-time code sent by text, so Telegram lets you set a password as the second factor.

To do so, on the Privacy and Security tab, select Two-Step Verification (Telegram’s term for 2FA), and set a strong combination. Remember that you will rarely enter this password, so it is very easy to forget; store it somewhere safe.

What will happen if you forget that additional password? You’ll have to reset your account. In essence, that means submitting a request to remove your account completely, after which you will have to wait seven days. After a week, the account will be deleted (including associated contacts, cloud chats, and channel subscriptions) and you can create a new, completely empty account using the same phone number.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.