Telegram Reportedly Handed User Data to German Authorities

In addition to Telegram being a popular platform for cybercriminals to leak stolen personal data, it now looks like the platform also leaks its own users’ data. Contrary to Telegram’s self-promotion as an opponent of privacy infringement, a new report reveals Telegram has leaked user data to German authorities on multiple occasions.

Telegram promises to keep user data secure and private, even on chats that aren’t end-to-end encrypted (which isn’t automatically enabled). The company says it keeps user data safe by storing chats on distributed infrastructure so it’s spread across different jurisdictions. Yet this doesn’t prevent Telegram from accessing it.

That isn’t the only type of data Telegram gathers, either. It also collects the phone number, IP address, and other personal data of everyone who uses it. The service publicly boasts it has never handed any of this data to the authorities, but sources reporting to the German news platform Der Spiegel say otherwise.

Privacy Isn’t a Built-in Feature

Despite the fact that most messages on Telegram aren’t encrypted, the service has positioned itself as a secure messenger offering end-to-end encryption. This has created a false impression that Telegram is a secure alternative to services like WhatsApp and Signal.

The reality is that messages on the platform aren’t encrypted unless you enable the “secret chats” feature. That feature is only available for one-to-one messages on the mobile app. Moxie Marlinspike, the mind behind Signal, tweeted about Telegram’s privacy (or lack thereof) and its data collection practices.

Tweet from Signal founder Moxie describing why Telegram isn't an encrypted messenger  

While Signal is a direct competitor, and his opinions may be colored by that lens, Marlinspike is correct in stating that Telegram isn’t an encrypted messenger. Security researchers and media outlets have also questioned its privacy claims in the past.

Despite all of this, Telegram maintains that it protects its users’ data, whether they use encrypted chats or not. In its FAQ section, the service also claims it has disclosed “0 bytes of user data to third parties, including governments to this day.” Apparently, that’s not true.

Screenshot from Telegram's FAQ section describing how it processes data requests.  

Handing Over Your Data to the Government

In 2018 the Russian-born co-founder of Telegram, Pavel Durov, announced a change in Telegram’s privacy policy. Before this, the company was adamant it wouldn’t provide any user data to third parties, but changed its tune when Moscow threatened to ban the app. The change wasn’t well-received by users, especially those in countries with authoritarian governments.

Telegram’s privacy policy now reads: “If Telegram receives a court order that confirms you’re a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened.”

An excerpt of Telegram's privacy policy detailing when it may disclose user data to the authorities  

The report from Der Spiegel says Telegram has released user data to the Federal Criminal Police Office (BKA) on multiple occasions. German authorities (among others) have requested user information from Telegram numerous times. The report says that, while many requests have been denied, Telegram did provide German authorities with user data on some occasions.

According to Der Spiegel, the information Telegram released related to child abuse and terrorism suspects. The German government is also pressuring Telegram to cooperate with its investigations into right-wing extremist groups who spread their cause via the app.

Although it can be argued Telegram had good reason for the disclosures, users have expressed concern that this sets a dangerous precedent. Authoritarian governments have a history of monitoring and suppressing their citizens, and many anti-government activists use Telegram to escape the suppression of free speech. Telegram has also banned various channels and users, in part due to threats of suspension by governments.

Telegram Fails to Notify its Users

On top of its now apparently false claims that it doesn’t share user metadata, Telegram’s privacy policy also promises to report any disclosures. It states that if the company ever shares user data, it will disclose that information in a semiannual transparency report. The messaging app hasn’t posted anything since the channel was created in 2018.

Screenshot of an empty Telegram channel created by the company to disclose transparency reports  

In light of Der Spiegel’s report, Telegram appears to be openly lying to its users about how it handles their data. If the company is hiding the fact that it’s sharing user data with authorities, Telegram users can reasonably question what else the company is hiding from them.

Given this new development, you may want to know how to delete your Telegram account permanently. You may also want to check out other messaging apps that can better suit your online privacy needs. Here’s a list of privacy-focused apps that use end-to-end encryption on all your chats:

          • Wire.
          • Threema.
          • Signal.
          • Viber.
          • CoverMe.
          • Line.
          • Silence.
          • WhatsApp (Despite being owned by Meta, it offers better end-to-end encryption than Telegram. Whatsapp also recently added an encrypted Communities feature.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*