In addition to Telegram being a popular platform for cybercriminals to leak stolen personal data, it now looks like the platform also leaks its own users’ data. Contrary to Telegram’s self-promotion as an opponent of privacy infringement, a new report reveals Telegram has leaked user data to German authorities on multiple occasions.
Telegram promises to keep user data secure and private, even on chats that aren’t end-to-end encrypted (which isn’t automatically enabled). The company says it keeps user data safe by storing chats on distributed infrastructure so it’s spread across different jurisdictions. Yet this doesn’t prevent Telegram from accessing it.
That isn’t the only type of data Telegram gathers, either. It also collects the phone number, IP address, and other personal data of everyone who uses it. The service publicly boasts it has never handed any of this data to the authorities, but sources reporting to the German news platform Der Spiegel say otherwise.
Privacy Isn’t a Built-in Feature
Despite the fact that most messages on Telegram aren’t encrypted, the service has positioned itself as a secure messenger offering end-to-end encryption. This has created a false impression that Telegram is a secure alternative to services like WhatsApp and Signal.
The reality is that messages on the platform aren’t encrypted unless you enable the “secret chats” feature. That feature is only available for one-to-one messages on the mobile app. Moxie Marlinspike, the mind behind Signal, tweeted about Telegram’s privacy (or lack thereof) and its data collection practices.
While Signal is a direct competitor, and his opinions may be colored by that lens, Marlinspike is correct in stating that Telegram isn’t an encrypted messenger. Security researchers and media outlets have also questioned its privacy claims in the past.
Despite all of this, Telegram maintains that it protects its users’ data, whether they use encrypted chats or not. In its FAQ section, the service also claims it has disclosed “0 bytes of user data to third parties, including governments to this day.” Apparently, that’s not true.
Handing Over Your Data to the Government
The report from Der Spiegel says Telegram has released user data to the Federal Criminal Police Office (BKA) on multiple occasions. German authorities (among others) have requested user information from Telegram numerous times. The report says that, while many requests have been denied, Telegram did provide German authorities with user data on some occasions.
According to Der Spiegel, the information Telegram released related to child abuse and terrorism suspects. The German government is also pressuring Telegram to cooperate with its investigations into right-wing extremist groups who spread their cause via the app.
Although it can be argued Telegram had good reason for the disclosures, users have expressed concern that this sets a dangerous precedent. Authoritarian governments have a history of monitoring and suppressing their citizens, and many anti-government activists use Telegram to escape the suppression of free speech. Telegram has also banned various channels and users, in part due to threats of suspension by governments.
Telegram Fails to Notify its Users
In light of Der Spiegel’s report, Telegram appears to be openly lying to its users about how it handles their data. If the company is hiding the fact that it’s sharing user data with authorities, Telegram users can reasonably question what else the company is hiding from them.
Given this new development, you may want to know how to delete your Telegram account permanently. You may also want to check out other messaging apps that can better suit your online privacy needs. Here’s a list of privacy-focused apps that use end-to-end encryption on all your chats:
- WhatsApp (Despite being owned by Meta, it offers better end-to-end encryption than Telegram. Whatsapp also recently added an encrypted Communities feature.