Using Telegram Safely

Telegram is not a safe messaging app as even if it has a end to end encryption, it is only available on secret chats and we can't be sure about the server encryption because the code has not been released yet (only the app is open source).
However it still a platform worth using if you have a message to spread and you care about your security.

Telegram IS a opsec nightmare, if you are planning to do something that might threaten you, you shouldn't do it on Telegram.
Instead you should move to a more secure platform with the ones you know.

Then why should we use Telegram? For political purpose.
Telegram let you run a public channel, forward messages and manage a community in pretty easy and comfy way.
You can easily reach new users and gain subs as strong redpilled community is already there, proving how hard it is to be censored on this platform for a political view.
A strong pressure from the mainstream media is building up though, so the future of Telegram might not look bright. Anyways if Telegram is going to publicly hand the data of one of its users to the authorities they should be notifying us on their Transparency Report channel.

So, if you are still willing to use Telegram in a secure way, then let's get back to the topic.
We don't know how the servers exactly work as their source code has not been released yet, but we do know what it is sent to them as the Telegram app is open source.
Your objective is to make Telegram know as little as possible about you.

Quoting Snowden "Telegram is run by people with good intentions. Better than nothing, but unsafe default settings make it dangerous for non-experts to use."
So let's see how to be more safe there.

Contents
-What Telegram knows about you-
-Two step verification and privacy settings-
-Contacts and exploits-
-Using a fake phone number-
-Anonymous chats-
-How safe can you really be-

What Telegram knows about you

Bad news, Telegram requires a phone number to sign up. You will need a burner phone number.

When you connect to Telegram the device you logged with, your ip, and the app you are using are stored in a new session.
You can check your sessions by clicking on Settings->Privacy and Security->Show all sessions.
All sessions and the history of the usernames you used are saved by Telegram for a maximum of 12 months.
It is vital then to use a VPN or Tor to connect to Telegram to protect your ip, also you want to protect your device information as well.
You can do this by using the web version of Telegram while not using the app from a smartphone as your device name could potentially identify you.

Make sure that no session that you don't recognize are shown as it might mean that your account is compromised. You see, every message you send to Telegram (except the ones from secret chats) is stored on their server, so if a "hacker" gets in control of your account he has to not get any of your personal information from your chats.
You shouldn't worry too much about this as we are going to fix this issue in the next step.


Two step verification and privacy settings

The first thing you want to do once you signed in telegram is to enable the two-step verification.
This might sound as a silly advice but it is actually a quite important one, even more important to the users using burner phone numbers as they might lose their number.
Telegram would notify you if someone tries to log in to your account using your phone number, and it will provide you with the intruder's ip.
If he doesn't gain access to the account his only choice is to request the deletion of your account, if he does so Telegram will give you some days to move to another number without letting the current owner of the phone number know that.
You can enable the two-step verification on Settings->Privacy and Security->Two-Step Verification.

Make sure to check all the settings on the Privacy and Security tab to get the best protection you can get from this platform, like preventing people to see your account from a forwarded massage or making no one, not even the ones who have your phone number as a contact, see your phone number. This last step is really important to follow. (Settings->Privacy and Security->Phone Number).
For a better privacy disable the in app browser to open links with a more safe browser if you have one installed (Settings->Chat Settings->In-App Browser).


Contacts

Telegram stores on their servers your contacts to check if they have installed Telegram and notify you as soon as one of them does it.
If you happen to have given Telegram access to your contacts, delete any synced contact you have and disable the sync contacts setting from the privacy and security tab.
Settings->Privacy and Security->Delete Synced Contacts.


Using a burner phone number

There are lots of companies that would let you have another phone number, just look for the free ones. Once you get a new phone number use it to log in telegram and set a password so that no one else can steal your profile.
There you are, even if someone manages to get your phone number they will just have a fake one, that will not link to you.
Ideally you will have to create more than one account to compartmentalize your identity: if you have a hobby you'd like to share use a fake persona to share it while not linking it with the account you use to spread inconvenient truth.
Never show the account with your real phone number, even better yet delete it (you might share the same session with more accounts, that could potentially lead to you).
"Whats wrong with just changing the number of my account that I created with my own phone number using a fake fake one?"
You can do that, if you trust Telegram that it doesn't store your old phone number.


Anonymous chats

Unlike channels and chats where admins or other users can see your account, messaging through a anonymous bot chat could provide you the last piece of protection you would need on Telegram.
Basically they link your telegram id to a random internal number which would be updated every day, so no one, excluding the one running the server, would know who posted what after a day, even because no account is showing.
The most famous anonymous chat is the one created by secretlounge, but you shouldn't trust any instances of that bot, as they do nothing about the fact that mods can see your username.

We are currently developing our own self hosted open source anonymous chat focused on privacy called Telegranon.


How safe can you really be

You shouldn't trust this app.
Even if we still don't have any proof of leaked data that doesn't mean that we can be really sure about its security. Never forget that anything posted here is not really safely encrypted, as far as we know.
So if you want to have a really safe environment for a organization, and your life is threaten for political reasons by the government or something else as powerful, don't use Telegram.
If Telegram leaks its data, they will know everything you posted, your contacts, who you texted with, where you logged from, in which device and when you did it.
If your "organization" needs to spread a message on a platform without fear of getting taken down, take every step mentioned on this article to protect your account, never reveal your identity, do good opsec and you should be good.

Now let's take a moment to focus on telegram's future.
Telegram is becoming more and more important as a political platform, since almost any "alt-right" personalities or channels are getting deplatformed from any other mainstream social media.
This will eventually lead to a "mainstreaming" of telegram itself, as it gets more populated and important as a free-speech platform.
Durov said that telegram was made for privacy protection and free-speech, but what would happen when everyone labeled as "nazi" will use telegram?

"You can already see the headlines of future articles saying how telegram is used by the nazis they deplatformed from the other socials. Clearly they will try to push telegram for a more progressive view and ban them, but from my own point of view I am pretty sure Durov will not take that path."
The previous statement was written some months ago, and it has to be updated now to remove the word "future", as it was predicted to happen it is happening right now.
https://www.motherjones.com/politics/2019/09/telegram-jewish-list/
https://slate.com/technology/2019/08/telegram-white-nationalists-el-paso-shooting-facebook.html
https://www.splcenter.org/hatewatch/2019/06/27/far-right-extremists-are-calling-terrorism-messaging-app-telegram
Shut it down.
Telegram is still not banning you for political reasons, but, they are affected by the ToS of both Microsoft Store and the Apple Store, where they put their app to be downloaded.
If you want more insight about this new wave of censorship on Telegram you should check out this article we made.

You should start worrying about your personal data if you are running a channel or posting stuff that could cause you trouble if you get doxed. If you want to keep using telegram in a secure way you have to imply that this platform is not secure at all.
Even if they hack into the account you use to host your channels they should find an empty shell: no personal data.
Lets sum up what you should do in order to have a clean account:
>Use a vpn to hide yourself from the session tab<
>Turn on any privacy setting<
>Delete all synced contacts and any chat with them, as they could be used to dox you<
>Move your account to a fake number (even better yet delete the one with your real number)<
>Do not mention the account you use to host your channels<
>Don't use a telegram client that isn't open source<

Sometimes though this isn't enough.
Hopefully you didn't join Telegram using your real name because some bots, like @SangMataInfo_bot, are used to get any information about you and store it to make it available publicly. If that bot or anything like that knows your identity you need to delete your account.

Alright, we already said how deleting your account to start a new one can help you, but if you are currently running a channel created with a account you should delete, well you would have had trouble with that.
By deleting your account you would kill any channel you created with that account.
Luckily a relatively recent Telegram update let you now transfer ownership of channels to other accounts, so remember to do this before deleting your account as there is no way back.
Before we had to rely on bots that literally created a copy of a channel then ask our subscribers to move to the new channel.
The bot is open source and you can find it on the Projects sections of this site, it might be still used to backup a channel.

Telegram's official advice
Telegram over Tor
Telegram Privacy Policy