We explain why conversations must be secret on Telegram and how to configure security and privacy settings.
Now is the perfect time to tell you about Telegram’s security and privacy settings. Read everything you must know below in “Telegram Security and Privacy Tips”
End-to-end encryption is not the default option on Telegram.
The first thing to know about The Telegram app is that conversations hosted in the cloud, as Telegram calls its standard exchanges, are not end-to-end encrypted. This article explains why end-to-end encryption is so important when it comes to privacy.
How to enable end-to-end encryption to keep Telegram conversations secret?
Telegram instant messaging is well and truly equipped with end-to-end encryption; you need to activate it. These conversations protected by end-to-end encryption are known as Secret Exchanges.
All sent messages, images, videos, and other files are end-to-end encrypted during a secret exchange. This means that only you & the recipient have the decryption key, and Telegram cannot access the data.
Also, the content of secret exchanges is not stored in Telegram’s servers. Since private exchanges are only saved on the device, they cannot be accessed from any other device, and they disappear as soon as you log out of Telegram or delete the app.
Secret Exchanges are available with Telegram versions of iOS, Android, and macOS. The Web version and the Windows application are incompatible with private exchanges. These systems cannot guarantee that conversations are stored securely on the device.
How to create a secret exchange on Telegram?
With the Telegram app’s current versions, it isn’t easy to find the secret exchange option.
To create a secret exchange, you must open the profile of the person you are interacting with, tap or click all three buttons (or More in some cases), and then select Start a secret exchange.
This option opens a conversation where messages are end-to-end encrypted (a notification appears at the start of the conversation). You can also indicate when messages will be deleted by tapping or clicking the stopwatch icon in the received messages section.
Self-destruction of messages does not prevent your correspondent from taking a screenshot but, if he does, will be notified in the conversation. There is only one exception: if the other person is using the macOS app. You will not receive a notification in this case.
Here’s another helpful tip: Telegram allows multiple secret exchanges with the same person. Telegram Group chats cannot be secret, unlike WhatsApp, which by default applies end-to-end encryption to all conversations.
How to tell if a conversation is end-to-end encrypted: the padlock icon
As Telegram conversations are either stored in the cloud or secret, it is essential to know what you are using in some cases. If an exchange contains sensitive information, it should be secret.
Yes, of course. End-to-end encrypted conversations are almost identical to usual. To confirm your situation, look for the padlock icon next to the caller’s name or phone number. If there is one, the exchanges are secret. Otherwise, end-to-end encryption is disabled, and you should create a new conversation.
You can also touch or click on the corresponding conversation icon to check if the exchanges are end-to-end encrypted. If so, the Encryption Keywords appear at the bottom of the open window.
How to configure Telegram’s security and privacy settings?
While we’re at it, let’s take the time to configure the app’s security and privacy settings. Click Settings at the bottom right and select Privacy & Security.
Security settings on Telegram
The first step is to make sure that no one can read your conversations if you accidentally leave your device unlocked or unattended. To do this, select Passcode and Face ID, activate the function, and think of a PIN code that you will not forget. Enter it and confirm.
Then enter Auto-lock and enter the time frame, between 1 and 5 minutes. If your device supports fingerprints or facial recognition, you can enable this option here.
Then you need to accept two-factor authentication to protect your account from cybercriminals. With each new connection, you will receive a one-time code by text message, but Telegram invites you to choose a password as the second factor.
Go to the Confidentiality and security section, select Double authentication (term chosen by Telegram to designate 2FA), and set a complex password. You will rarely enter this password and quickly forget it, so keep it in a safe place, such as a password manager like psono.com which is an open Source self-hosted password manager.
What will happen if you forget this additional password? You will need to reset your account. In other words, you have to apply to delete your account entirely, and then you have to wait seven days.
The account will disappear after a week (associated contacts, cloud conversations, and channel subscriptions), and you can create a new, empty one using the same phone number.