# Telegram privacy question



## Crusti (Oct 5, 2018)

Some media reported that Telegram leaks IP addresses when users do voice calls.
They tried to prove that such thing is happening to desktop version only and that they're going to improve it, but I wouldn't be so sure.
It's not the first time when such news appear proving that it is not so private  and secured as described. They don't even provide all the users with encrypted secret chat as it is available for iOS only.

What's your thoughts? Is Telegram still worth using or it's time to say good-bye and switch to something else and more secured?


----------



## MatGrow (Oct 5, 2018)

There is no need to stuck using only this one messenger.
For sure we have too many contacts we communicate using Telegram.
What about to change it and start using something more secured?


----------



## RCoon (Oct 5, 2018)

Interesting coincedence, two people using VPNs posting extremely generic stuff.


----------



## Crusti (Oct 5, 2018)

MatGrow said:


> There is no need to stuck using only this one messenger.
> For sure we have too many contacts we communicate using Telegram.
> What about to change it and start using something more secured?


Some people have 3 messengers installed on their devices as their friends use different ones. I can't understand that.
I used Telegram before, but now I'm stuck with the question what should I do next as I don't want to lose all my information.
The question is what are the best encrypted messengers to switch to?


----------



## DRDNA (Oct 5, 2018)

Crusti said:


> Some people have 3 messengers installed on their devices as their friends use different ones. I can't understand that.
> I used Telegram before, but now I'm stuck with the question what should I do next as I don't want to lose all my information.
> The question is what are the best encrypted messengers to switch to?


while I can't say one way or another what is better or even more secure; there are other options such as Google's Gmail or Microsoft's Skype.... I can say this though, there are NONE left that are just doing this for free, now days its about the gleaning of information used for mostly advertisements. Also as you both already seem to know is that using a VPN can also help a bit with security but even then the VPN vendors usually do the same thing unless they call out otherwise. Also worth a mention is that the Gmail can also send SMS messages to cell phones which i find to be very convenient. Good luck in the pursuit of security and flexibility!


----------



## Crusti (Oct 5, 2018)

DRDNA said:


> while I can't say one way or another what is better or even more secure; there are other options such as Google's Gmail or Microsoft's Skype.... I can say this though, there are NONE left that are just doing this for free, now days its about the gleaning of information used for mostly advertisements. Also as you both already seem to know is that using a VPN can also help a bit with security but even then the VPN vendors usually do the same thing unless they call out otherwise. Also worth a mention is that the Gmail can also send SMS messages to cell phones which i find to be very convenient. Good luck in the pursuit of security and flexibility!


I agree that most of services now collect our data in order to place appropriate ads on our pages and earn money. 
But I think that if a messenger announces itself as a private one - it should keep it's words.
I've heard that some blockchain based and end-to-end encrypted messenger start to appear, so I believe the day will come when we could be absolutely safe.


----------



## RCoon (Oct 5, 2018)

Blockchain is not the solution to everything. Nor is it a solution to anything, really...


----------



## Crusti (Oct 5, 2018)

RCoon said:


> Blockchain is not the solution to everything. Nor is it a solution to anything, really...


I thought that it's well encrypted.. Um.. As some of them are not based on the server and so on.
Am I wrong?


----------



## MatGrow (Oct 5, 2018)

So I personally use Signal.
I think it's the most secured messenger.


----------



## Crusti (Oct 5, 2018)

MatGrow said:


> So I personally use Signal.
> I think it's the most secured messenger.


Signal is almost the same as Telegram is. The only difference is that it uses end-to-end encryption.
But it still has an access to your IP address and location and it stores your data on the server.


----------



## MatGrow (Oct 5, 2018)

Crusti said:


> Signal is almost the same as Telegram is. The only difference is that it uses end-to-end encryption.
> But it still has an access to your IP address and location and it stores your data on the server.



Ok then, what's your recommendation?


----------



## Crusti (Oct 5, 2018)

MatGrow said:


> Ok then, what's your recommendation?


It depends on your needs mostly. 
If you use messenger for chatting with friends only - then Signal will be quite enough for you. 
If you use it for your work or for some things that should stay private - there's a range of encrypted messengers that don't store your messages like Dust, Adamant, e-Chat and so on.
It also depends on functions you need. So the choice is up to you only.


----------



## MatGrow (Oct 5, 2018)

Crusti said:


> It depends on your needs mostly.
> If you use messenger for chatting with friends only - then Signal will be quite enough for you.
> If you use it for your work or for some things that should stay private - there's a range of encrypted messengers that don't store your messages like Dust, Adamant, e-Chat and so on.
> It also depends on functions you need. So the choice is up to you only.



I don't mind if a messenger will be secured enough and have user-friendly interface.
The most important thing is to make sure this app is popular among people I need to talk to using it.
Otherwise, how can I use it if people I want to communicate with do not use this messenger?
Recently I found out that new messenger was produced. It's called Stealthy.
Heard of it?


----------



## Crusti (Oct 5, 2018)

I even downloaded it and tried to install but had quite a lot problems with that. So I deleted it the next minute.
By the way, I've mentioned a very funny thing - it's logo looks very similar to Telegam's  And it's almost the same bad..


----------



## DeathtoGnomes (Oct 5, 2018)

best solution is not to use them at all.


----------



## Crusti (Oct 5, 2018)

DeathtoGnomes said:


> best solution is not to use them at all.


By the way, I don't use any social networks, but I need messenger as my company has a work chat there. 
Communication through email is out of date already. So what can be a way out in such situation?


----------



## DeathtoGnomes (Oct 5, 2018)

look into Discord.


----------



## Crusti (Oct 5, 2018)

DeathtoGnomes said:


> look into Discord.


I've checked it and saw many complaints about developers permissiveness and its rate is only 3 that doesn't seem very reliable..


----------



## Vayra86 (Oct 5, 2018)

Crusti said:


> I agree that most of services now collect our data in order to place appropriate ads on our pages and earn money.
> But I think that if a messenger announces itself as a private one - it should keep it's words.
> I've heard that some blockchain based and end-to-end encrypted messenger start to appear, so I believe the day will come when we could be absolutely safe.



Blockchain is only a good tool for data reliability/integrity, not for its security. You can't hack a blockchain, but reading the information out of it is easy - and that's on purpose, because every participant is capable of verifying it. That is precisely what you DON'T want when it comes to secure end-to-end encryption. You want that data to stay out of sight, and data that is out of sight, is not reliable.

You can compare it with the mailman reading your letters to make sure its really meant for you and that it has the exact information you need. That's what blockchain really is.

Blockchain therefore is a fantastic solution for distribution chains, who want to verify a process every step of the way. For most other things its just a nice buzzword that's predicted to increase sales, but really has no relation the service on offer. Blockchain based end to end encryption is almost a complete contradiction.


----------



## Crusti (Oct 5, 2018)

Vayra86 said:


> Blockchain is only a good tool for data reliability/integrity, not for its security. You can't hack a blockchain, but reading the information out of it is easy - and that's on purpose, because every participant is capable of verifying it. That is precisely what you DON'T want when it comes to secure end-to-end encryption. You want that data to stay out of sight, and data that is out of sight, is not reliable.
> 
> You can compare it with the mailman reading your letters to make sure its really meant for you and that it has the exact information you need. That's what blockchain really is.
> 
> Blockchain therefore is a fantastic solution for distribution chains, who want to verify a process every step of the way. For most other things its just a nice buzzword that's predicted to increase sales, but really has no relation the service on offer. Blockchain based end to end encryption is almost a complete contradiction.


So you mean it's better to rely on end-to-end encryption and forget about blockchain?
I want to find the most secure messenger and it's hard to choose as there are many of them already.


----------



## Vayra86 (Oct 5, 2018)

Crusti said:


> So you mean it's better to rely on end-to-end encryption and forget about blockchain?
> I want to find the most secure messenger and it's hard to choose as there are many of them already.



The most secure messenger is a physical letter, because there is law in place that prevents the mailman from opening it.

For digital communication, those laws are either not present or being broken down. What's safe today can be unsafe tomorrow. But yes, forget about blockchain, it adds nothing to this search.

End to end encryption is what is, and until it is audited by an independent party you cannot rely on anything. Whatsapp for example was long deemed safe but there are question marks there now too. And rightly so, since Facebook took over and the old CEO is gone.

I think its wise to accept that perfect security of private data means you need to take it offline. Data is always kept somewhere in the cloud or on a server, so all you really have is 'trust' in a service provider. Nothing more.


----------



## Crusti (Oct 5, 2018)

Vayra86 said:


> The most secure messenger is a physical letter, because there is law in place that prevents the mailman from opening it.
> 
> For digital communication, those laws are either not present or being broken down. What's safe today can be unsafe tomorrow. But yes, forget about blockchain, it adds nothing to this search.
> 
> ...


I'm afraid that using letters in order to communicate will take much time 
As for server and cloud storage I found some messengers that don't store any information and Dust for example erases it in 24 hours. Maybe that's a kind of way out..


----------



## DeathtoGnomes (Oct 5, 2018)

Crusti said:


> I've checked it and saw many complaints about developers permissiveness and its rate is only 3 that doesn't seem very reliable..


dont put so much weight into those complaints, actually try it, a lot of those complaints about products are usually by those with an ax to grind.


----------



## R-T-B (Oct 5, 2018)

DeathtoGnomes said:


> dont put so much weight into those complaints, actually try it, a lot of those complaints about products are usually by those with an ax to grind.



Discord does have downtime on occasion.  But it is quick to correct.

Not sure how it ranks on a privacy centered perspective.  I don't use chat clients much at all if privacy is a concern.


----------



## Vayra86 (Oct 5, 2018)

Crusti said:


> I'm afraid that using letters in order to communicate will take much time
> As for server and cloud storage I found some messengers that don't store any information and Dust for example erases it in 24 hours. Maybe that's a kind of way out..



Explain this to me then: how can a service provider, provide you with a service if the data to do so, is not present on its servers? Yes, if its temporary storage, then you would have to believe it is actually temporary but another possibility is just that data is in *your* temporary storage and archived after 24 hours. It *could* be erased, but again, this is 100% and only about how much you trust a service provider. You can never get a guarantee, and if you are really hellbent on security of data, that makes it a 'no go'...

Even a service such as Snapchat is likely to have all that data present somewhere. Imagine the stuff they can capture when people live with the illusion that what they send is only there 'temporarily'... even though any idiot can screengrab whatever gets sent...

So again - once you put something up in the cloud, there is always a risk involved. When you consider that, does it really matter what you use? There is realistically no difference between service providers: with each and every single one, its all about how much you trust it.


----------



## mihailc (Oct 5, 2018)

From what I've gathered recently reading up on E911 chip reddit discussion, no matter which secure applications you launch, it doesn't benefit you, since certain interested parties can directly read your swipes and taps on smartphone screen before it's encrypted.


----------



## R-T-B (Oct 5, 2018)

Vayra86 said:


> Explain this to me then: how can a service provider, provide you with a service if the data to do so, is not present on its servers? Yes, if its temporary storage, then you would have to believe it is actually temporary but another possibility is just that data is in *your* temporary storage and archived after 24 hours. It *could* be erased, but again, this is 100% and only about how much you trust a service provider. You can never get a guarantee, and if you are really hellbent on security of data, that makes it a 'no go'...



It's possible.  But not with cloud storage.  With cloud storage the easiest answer is to encrypt your data prior to uploading because obviously, they are going to have it.

For chat, you can have no storage of data.  But then, you are depending on a client to client model (IP exposed).



mihailc said:


> From what I've gathered recently reading up on E911 chip reddit discussion, no matter which secure applications you launch, it doesn't benefit you, since certain interested parties can directly read your swipes and taps on smartphone screen before it's encrypted.



Not sure that's true, but I guess it would depend on the firmware and how deep the government has it's fingers in it.  I know it's probably not true for a project like Lineage OS.

Truly, and I don't mean this condescending, but do you really need privacy for your chat?  particularly, from whom?  Third party espionage, or government?  If you are worried about the state and such, I would advise you to do a lot more reading (as well as realize you are probably screwed and should stop your likely criminal activity).  At any rate, it helps to understand why you need it before pursuing it.  True privacy and convienience are often at opposite ends of the spectrum.  You won't find them together often.  Telegram or Discord should be fine if you don't need any privacy from state level actors.


----------



## DRDNA (Oct 7, 2018)

opps


----------



## Solaris17 (Oct 7, 2018)

I personally use telegram, I would not use discord. Discord unlike telegram collects alot of your information.

https://discordapp.com/privacy

Discord was never paraded as a security app and should not be used as such if you are worried about it.

Regarding telegram leaking ips for voice chat it should be mentioned it was ONLY for voice chat and ONLY for the desktop clients. and didnt affect other types of chat.

They also corrected it you can read about that here.

https://www.firstpost.com/tech/news...its-latest-v1-4-0-desktop-update-5314381.html


----------



## Crusti (Oct 8, 2018)

Vayra86 said:


> Explain this to me then: how can a service provider, provide you with a service if the data to do so, is not present on its servers? Yes, if its temporary storage, then you would have to believe it is actually temporary but another possibility is just that data is in *your* temporary storage and archived after 24 hours. It *could* be erased, but again, this is 100% and only about how much you trust a service provider. You can never get a guarantee, and if you are really hellbent on security of data, that makes it a 'no go'...
> 
> Even a service such as Snapchat is likely to have all that data present somewhere. Imagine the stuff they can capture when people live with the illusion that what they send is only there 'temporarily'... even though any idiot can screengrab whatever gets sent...
> 
> So again - once you put something up in the cloud, there is always a risk involved. When you consider that, does it really matter what you use? There is realistically no difference between service providers: with each and every single one, its all about how much you trust it.


Okay.. And what if a messenger doesn't have a server or cloud storage and its based on blockchain? Then it's probably no way to reach the messages I've sent.



Solaris17 said:


> I personally use telegram, I would not use discord. Discord unlike telegram collects alot of your information.
> 
> https://discordapp.com/privacy
> 
> ...



But Telegram collects all the information and moreover - it has an access to it. 
They also announced that they will pass some information to 3rd parties if needed. 
Is it about privacy?


----------



## Vayra86 (Oct 8, 2018)

Crusti said:


> Okay.. And what if a messenger doesn't have a server or cloud storage and its based on blockchain? Then it's probably no way to reach the messages I've sent.
> 
> 
> 
> ...



How is it based on blockchain though.

The idea of blockchain is that each entity in the chain adds a piece of information and all participants have access to the 'chain'. But the data it 'protects' must still be available somewhere and as such it is held somewhere - its not on your device, that is for sure, because then the chat would die when you would turn it off. So where else? The only thing blockchain really works well for is authenticity of the data. Still won't protect you from the company itself or '3rd parties' that want the data. In a practical sense there is no difference with any other form of encryption.

The question must again be asked, why do you care so much, because realistically, and as pointed out by others as well, once you put data in the cloud, its anyone's guess how secure it truly is. Perfect security doesn't exist, so the purpose you have for seeking it does matter - you can then find a medium with a very low risk of that 'kind' of exposure of data.


----------



## Crusti (Oct 8, 2018)

Vayra86 said:


> How is it based on blockchain though.
> 
> The idea of blockchain is that each entity in the chain adds a piece of information and all participants have access to the 'chain'. But the data it 'protects' must still be available somewhere and as such it is held somewhere - its not on your device, that is for sure, because then the chat would die when you would turn it off. So where else? The only thing blockchain really works well for is authenticity of the data. Still won't protect you from the company itself or '3rd parties' that want the data. In a practical sense there is no difference with any other form of encryption.
> 
> The question must again be asked, why do you care so much, because realistically, and as pointed out by others as well, once you put data in the cloud, its anyone's guess how secure it truly is. Perfect security doesn't exist, so the purpose you have for seeking it does matter - you can then find a medium with a very low risk of that 'kind' of exposure of data.


Why do I care? I think every person that is not simply browsing the web and watching kitten pictures should care about his privacy. 
I mean there were so many scandals with arrests in different countries for just sending some memes to friends.. Government is watching what do people send to each other, they watch after every step and it's quite annoying.


----------



## Vayra86 (Oct 8, 2018)

Crusti said:


> Why do I care? I think every person that is not simply browsing the web and watching kitten pictures should care about his privacy.
> I mean there were so many scandals with arrests in different countries for just sending some memes to friends.. Government is watching what do people send to each other, they watch after every step and it's quite annoying.



I'm not saying you shouldn't care. I think we collectively don't care enough about privacy as it is.

But. Personally I do fancy being effective at what I do. And worrying about privacy in an online world where you purposely put stuff in mass-surveilled networks and then expect it to remain a secret, is just not going to work.

The bottom line is, you can't have your cake and eat it too. Blanket statements about 'muh privacy and gov surveillance' are not going to get you anywhere. Its a simple case of either/or. Either you choose to invest major time and effort into a truly secure solution that is often very user unfriendly, or you choose to be part of the masses and rely on security through obscurity. As in: there is so much data, the relevance of your personal data is extremely low, you'll take your chances.

Considering we need to take our chances every day (in traffic, in life, etc.), its really not that bad. I think the real problem here is trust. I've said it before: even the client/messenger you use is fundamentally a trust issue. Do you trust your government (or rather: the people who work there, because its not a single minded entity) and the checks and balances that exist in law to protect you, or not?

You need to answer those questions to make the right decisions on privacy. My personal view is that we need collective effort to really make a change. And while the current state of privacy for individuals often seems very poor, there IS law in place to protect you from privacy breaches and there are real steps in the right direction in for example the EU, with GDPR. The major issues people experience with privacy is almost exclusively because they _themselves _posted all sorts of crap online. Often in public places, too. There is even legislation for thát, the right to be 'forgotten'.

Those are the sorts of changes we need, because privacy only works if it works for everyone, without having to take all sorts of measures to achieve it. That is why privacy still works in the physical letter - its common sense you don't open it and if you do, that's an offense.


----------



## Solaris17 (Oct 8, 2018)

Have you decided on what software you would like to use? That’s what the threads about after all.


----------

