{"id":23213,"date":"2024-08-28T07:38:24","date_gmt":"2024-08-28T11:38:24","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=23213"},"modified":"2024-08-30T12:20:36","modified_gmt":"2024-08-30T08:20:36","slug":"telegram-privacy-security-backup-aug2024","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/telegram-privacy-security-backup-aug2024\/23213\/","title":{"rendered":"Telegram security: a sober look at the current situation"},"content":{"rendered":"<p>At the time of writing, Pavel Durov has been charged in France, but hasn\u2019t appeared in court yet. How things will pan out in court remains very unclear, but in the meantime scammers are already exploiting the massive attention and panic surrounding Telegram, while much dubious advice on social media is circulating regarding what to do now with the app. Our two-cents in a nutshell: Telegram users should remain calm, and act depending only on the facts as they currently stand. Now for what we can recommend today in detail\u2026\n<\/p>\n<h2>Chat privacy and the \u201ckeys to Telegram\u201d<\/h2>\n<p>\nPut simply, most chats on Telegram <strong>cannot be considered confidential <\/strong>\u2014 and this has <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/46889\/\" target=\"_blank\" rel=\"noopener nofollow\">always been the case<\/a>. If you\u2019ve been exchanging sensitive information on Telegram without using secret chats, consider it compromised. Move your private communications to another messenger <a href=\"https:\/\/www.kaspersky.com\/blog\/what-makes-a-messenger-secure\/48671\/\" target=\"_blank\" rel=\"noopener nofollow\">following these recommendations<\/a>.<\/p>\n<p>Many news outlets suggest that the main complaint against Durov and Telegram is their refusal to cooperate with the French authorities and provide the \u201ckeys to Telegram\u201d. Supposedly, Durov possesses some kind of cryptographic keys, which can be used to read users\u2019 messages. In fact, few people really know how the Telegram server is structured, but from the <a href=\"https:\/\/www.telegram.org\/faq#q-do-you-process-data-requests\" target=\"_blank\" rel=\"nofollow noopener\">available information<\/a>, it is known that the bulk of correspondence is stored on servers in minimally encrypted form \u2014 that is, the decryption keys are stored within the same Telegram infrastructure. The creators claim that chats are stored in one country, while keys are stored in another, but considering that all the servers communicate with each other, it\u2019s not clear how effective this security measure is in practice. It would help if the servers were confiscated in one country, but that\u2019s about it. End-to-end encryption, which is standard in other messengers (<a href=\"https:\/\/www.kaspersky.com\/blog\/whatsapp-privacy-security\/51428\/\" target=\"_blank\" rel=\"noopener nofollow\">WhatsApp<\/a>, <a href=\"https:\/\/www.kaspersky.com\/blog\/signal-hacked-but-still-secure\/45273\/\" target=\"_blank\" rel=\"noopener nofollow\">Signal<\/a> and even Viber), is called \u201csecret chat\u201d in Telegram. It\u2019s <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-why-nobody-uses-secret-chats\/46889\/\" target=\"_blank\" rel=\"noopener nofollow\">somewhat hidden in the depths of the interface<\/a> and needs to be manually activated for selected personal chats. All group chats, channels, and standard personal correspondence lack end-to-end encryption and can be read at least on Telegram servers. Moreover, for both secret chats and everything else, Telegram uses its own non-standard protocol \u2014 MTProto \u2014 which has been found to contain <a href=\"https:\/\/mtpsym.github.io\/\" target=\"_blank\" rel=\"nofollow noopener\">serious cryptographic vulnerabilities<\/a>. Therefore, Telegram correspondence can theoretically be read by:\n<\/p>\n<ul>\n<li>Telegram server administrators<\/li>\n<li>Hackers who\u2019ve successfully breached Telegram servers and installed spyware<\/li>\n<li>Third parties with some kind of access granted by Telegram administrators<\/li>\n<li>A third party that has discovered cryptographic vulnerabilities in Telegram protocols and can read (selectively or in full) at least non-secret chats by intercepting the traffic of some users<\/li>\n<\/ul>\n<h2>Deleting correspondence<\/h2>\n<p>\nSome categories of users have been advised to delete old chats in Telegram, such as work-related ones. This advice seems questionable, because in databases (where correspondence is stored on the server), entries are rarely actually deleted; they\u2019re simply marked as such. Moreover, like any major IT infrastructure, Telegram likely implements a robust data backup system, meaning \u201cdeleted\u201d messages will be kept at least in database backups. It may be more effective for both chat participants (or group admins) to completely delete the chat. However, the issue of backups would still remain.\n<\/p>\n<h2>Backing up chats<\/h2>\n<p>\nA number of observers have expressed concerns that Telegram could be removed from app stores, blocked, or otherwise disrupted. While this seems unlikely, backing up important correspondence, photos and documents is still good practice in digital hygiene.<\/p>\n<p>To save a backup of important personal correspondence, you need to install Telegram on your computer (<a href=\"https:\/\/desktop.telegram.org\/\" target=\"_blank\" rel=\"nofollow noopener\">official client here<\/a>), log into your account, and then navigate to <em>Settings \u2192 Advanced \u2192 Export Telegram data<\/em>.<\/p>\n<div id=\"attachment_52056\" style=\"width: 1754px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/08\/28154026\/telegram-privacy-security-backup-aug2024-01-EN.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-52056\" class=\"wp-image-52056 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/08\/28154026\/telegram-privacy-security-backup-aug2024-01-EN.png\" alt=\"How to export all data from Telegram\" width=\"1744\" height=\"816\"><\/a><p id=\"caption-attachment-52056\" class=\"wp-caption-text\">How to export all data from Telegram<\/p><\/div>\n<p>In the pop-up window, you can select the data you want to export (personal chats, group chats \u2014 with or without photos and videos), set download size limits, and choose the data format \u2014 HTML, which can be viewed in any browser, or JSON for automated processing by third-party apps.<\/p>\n<div id=\"attachment_52055\" style=\"width: 1586px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/08\/28154102\/telegram-privacy-security-backup-aug2024-02-EN.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-52055\" class=\"wp-image-52055 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/08\/28154102\/telegram-privacy-security-backup-aug2024-02-EN.png\" alt=\"Settings for backing up Telegram data\" width=\"1576\" height=\"1678\"><\/a><p id=\"caption-attachment-52055\" class=\"wp-caption-text\">Settings for backing up Telegram data<\/p><\/div>\n<p>Downloading the data to your computer could take several hours and may require dozens or even hundreds of gigabytes of free space, depending on how much you use Telegram and the export settings. You can close the export window, but be sure not to exit the app itself or disconnect your computer from the internet or the mains. We recommend only using the backup feature in the official client.\n<\/p>\n<h2>\u201cPreventing Telegram\u2019s deletion\u201d from smartphones<\/h2>\n<p>\nFirst, let\u2019s look at iOS. The folks at Cupertino don\u2019t remove apps from users\u2019 smartphones \u2014 even if apps are removed from the App Store, so any advice about stopping Telegram being deleted from iPhones is bogus. Moreover, a popular method for \u201cTelegram deletion prevention\u201d circulating online \u2014 that using the Screen Time menu \u2014 doesn\u2019t prevent Apple from deleting apps; it only prevents certain users (e.g., children) from deleting apps themselves: as such it\u2019s a parental control feature. And there\u2019s more: Durov\u2019s arrest has revived the <a href=\"https:\/\/eu.usatoday.com\/story\/news\/factcheck\/2021\/10\/06\/fact-check-apple-not-removing-telegram-iphones\/5947584001\/\" target=\"_blank\" rel=\"nofollow noopener\">old false claim about Telegram being removed remotely from iPhones<\/a>, which both Apple and Telegram officially denied back in 2021.<\/p>\n<p>As for Android, Google also doesn\u2019t typically delete apps \u2014 except when it\u2019s 100% malicious software. True, such guarantees don\u2019t apply to all holders of other ecosystems (Samsung, Xiaomi and so on), but on Android it\u2019s easy to install Telegram <a href=\"https:\/\/telegram.org\/android\" target=\"_blank\" rel=\"nofollow noopener\">directly from the Telegram website<\/a>.\n<\/p>\n<h2>Alternative clients<\/h2>\n<p>\nThere are unofficial but still functional and legal clients for Telegram, and even an \u201cofficial alternative client\u201d \u2014 Telegram X. These clients all use the Telegram API, but it\u2019s unclear whether they provide any additional benefits or increased security. The top five alternative clients on Google Play each talk about \u201cimproved security\u201d \u2013 but only refer to features like hiding chats on a device.<\/p>\n<p>Of course, you may end up downloading malware <a href=\"https:\/\/www.kaspersky.com\/blog\/telegram-signal-malware-in-google-play\/48937\/\" target=\"_blank\" rel=\"noopener nofollow\">disguised as an alternative Telegram client<\/a> \u2014 scammers don\u2019t miss an opportunity to exploit the app\u2019s popularity. If you\u2019re considering alternative clients, follow these safety guidelines:\n<\/p>\n<ul>\n<li>Download them only from official app stores.<\/li>\n<li>Make sure the app has been around for a while, and has high ratings and a large number of downloads.<\/li>\n<li>Use reliable antivirus protection across all platforms such as <a href=\"https:\/\/me-en.kaspersky.com\/premium?icid=me-en_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a>.<\/li>\n<\/ul>\n<h2>Fundraising for Durov and defending free speech<\/h2>\n<p>\nThis isn\u2019t directly related to Telegram chats, but it\u2019s important to beware also of scammers posing as those raising funds for Pavel Durov\u2019s legal defense (like, he really needs the cash), while actually aiming to steal payment information or cryptocurrency donations. Treat such requests with extreme suspicion, and verify whether the alleged organization really exists and really is conducting such a campaign. For more on charity scams, check out our <a href=\"https:\/\/www.kaspersky.com\/blog\/fake-charity-scam\/28496\/\" target=\"_blank\" rel=\"noopener nofollow\">dedicated article<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-geek\">\n","protected":false},"excerpt":{"rendered":"<p>Worried about your access to Telegram and its privacy after Pavel Durov&#8217;s arrest? Here&#8217;s what you should (and shouldn&#8217;t!) do right now.<\/p>\n","protected":false},"author":2722,"featured_media":23215,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[105,14,557,22,1061,43,738,581,521],"class_list":{"0":"post-23213","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-android","9":"tag-apple","10":"tag-backup","11":"tag-google","12":"tag-ios","13":"tag-privacy","14":"tag-surveillance","15":"tag-telegram","16":"tag-threats"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/telegram-privacy-security-backup-aug2024\/23213\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/telegram-privacy-security-backup-aug2024\/27918\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/telegram-privacy-security-backup-aug2024\/28094\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/telegram-privacy-security-backup-aug2024\/27630\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/telegram-privacy-security-backup-aug2024\/30358\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/telegram-privacy-security-backup-aug2024\/29174\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/telegram-privacy-security-backup-aug2024\/38140\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/telegram-privacy-security-backup-aug2024\/12674\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/telegram-privacy-security-backup-aug2024\/52051\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/telegram-privacy-security-backup-aug2024\/22141\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/telegram-privacy-security-backup-aug2024\/22903\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/telegram-privacy-security-backup-aug2024\/31557\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/telegram-privacy-security-backup-aug2024\/37031\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/telegram-privacy-security-backup-aug2024\/28230\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/telegram-privacy-security-backup-aug2024\/34027\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/telegram-privacy-security-backup-aug2024\/33689\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/telegram\/","name":"telegram"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=23213"}],"version-history":[{"count":4,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23213\/revisions"}],"predecessor-version":[{"id":23229,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23213\/revisions\/23229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/23215"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=23213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=23213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=23213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}