Telegram routinely boasts about its secure messaging for truly private conversations between two parties. However, default cloud chats in Telegram are only encrypted between client and server, not client and client, which means you have to be a little proactive in making sure your private conversations on Telegram are really private.
Other security-minded messaging platforms such as Signal Private Messenger, which utilizes the already established Signal Protocol, use end-to-end encryption for all conversations, not just some of them. Even WhatsApp, which Telegram claims is less secure than its service, adopted the Signal Protocol completely for messaging in 2016. These E2E chats are only stored on the devices of its users, not on company servers.
- Don't Miss: The 4 Best Phones for Privacy & Security
However, Telegram has been hard at work trying to improve security all around in its app, especially for its cloud chats. Telegram uses a proprietary encryption protocol, MTProto, which has grown significantly from version 1.0 to 2.0 in December 2017. By default, Telegram's regular cloud-based chats are stored on its servers, but it uses a distributed infrastructure where decryption keys are split amongst locations, so data is more secure.
So yes, cloud chats are more secure than before, but Telegram still has access. The company claims to have "disclosed 0 bytes of user data to third parties, including governments," but if you're sharing sensitive information, it's better to go with E2E encryption. With client-to-client communications, messages remain on user devices only, not on company servers that could potentially be subpoenaed for information.
So how do you make sure you're using end-to-end encryption in your chats on Telegram? Just use Telegram's "Secret Chat" feature. The benefits of using Secret Chat over a regular chat are numerous.
- Messages use end-to-end encryption.
- Messages stay on devices, not in Telegram's servers.
- Messages are device-specific so you can not sync them with other devices.
- Messages cannot be forwarded.
- Messages can be set to self-destruct.
- Messages can only be deleted for both parties, not one or the other.
To start a Secret Chat on an iPhone, tap on the new message icon in the top right of the "Chats" tab, then select "New Secret Chat." Select the contact you'd like to initiate the Secret Chat with, and on the next screen, it will show that you have invited them to join. Note that they need to be in your contacts list to Secret Chat with them.
To start a Secret Chat on an Android phone, there are two ways to go about it. For the first way (left GIF below), tap the three-lined sidebar menu icon, then tap "New Secret Chat," followed by the name of the contact. For the second way (right GIF below), tap on the new message icon in the bottom right of the "Chats" screen, select "New Secret Chat," then the name of the contact.
Either way, on the next screen, it will show that you have invited them to join. Note that they need to be in your contacts list to Secret Chat with them.
In a Secret Chat, you can send photos, videos, voice messages, stickers, files, and even your location. Just like regular text, they are only visible on user devices and not stored in Telegram's servers. The data is processed on its servers, but Telegram states it "store[s] and process random sequences of symbols that have no meaning without the keys which [it doesn't] have," so files will remain indecipherable outside of you or your recipient's phone.
You can also initiate an end-to-end encrypted phone call, though, all phone calls in Telegram use end-to-end encryption. The phone call log will end up outside of the Secret Chat, however odd that sounds, and it won't be marked with a lock like Secret Chats.
As stated above in the bullet list, if you decide to delete a message in a Secret Chat, you can only do so for both you and the other party. You can do this in regular chats as well, but you also have the option to delete the message for yourself.
Additionally, you can "clear" the history for a Secret Chat to erase all messages within on both sides. On an iPhone, you would swipe left on the Secret Chat from the "Chats" tab, select "Delete," then "Clear History." On Android, you can choose the Secret Chat from the main Telegram screen, tap the vertical ellipsis, then "Clear history." Alternatively, you can tap the vertical ellipsis from inside the Secret Chat, then select "Clear history."
If someone decides to "delete" the whole Secret Chat, the other party will still be able to view all of the messages. However, iPhone users will get a "Delete and Exit" notification to prompt them to clean house, while Android users will get a "Secret chat canceled" alert, and it will be up to them to manually delete it.
If you screenshots in Telegram on Android (which is only possible now on older Android OS and Telegram versions), any time you take a screenshot in a Secret Chat, an alert will appear directly inside the Secret Chat for both you and them to see. If you take a screenshot on an iPhone, both you and the other person will get a notification in the Secret Chat as well.
And a few quick last things to note: You cannot convert regular chats to Secret Chats, nor can you downgrade Secret Chats to cloud chats. Also, Secret Chats do not support group messaging — only person to person. It's challenging to add E2E encryption to group chats, and Telegram claims that WhatsApp, iMessage, and other E2E encrypted group chats aren't implemented securely. Until Telegram finds a way to keep group chats secure, Secret Chats are not supported for group conversations.