Telegram is not a
privacy app. It never was.
With over 900 million users, Telegram has cultivated a powerful reputation as the secure, freedom-focused alternative to WhatsApp. That reputation is built on a myth. By default, Telegram does not end-to-end encrypt your messages. It stores them indefinitely on its own servers, in a form its own staff can access. It collects your contacts, IP address, and device information. The most dangerous security product is not the one you know is surveillance — it is the one you wrongly believe protects you.
"Telegram's privacy reputation has been built on marketing, not architecture. The gap between what users believe Telegram provides and what it actually provides is one of the most consequential misconceptions in consumer digital security." — Security research consensus, widely reported 2021–2024
The gap between Telegram's
reputation and its reality
Telegram is a cloud-based messaging platform. Its defining feature — cloud sync across all devices — is made possible by the fact that Telegram holds your messages on its servers in a form it can read. The features users value most (message history on new devices, web access, desktop sync) are structurally incompatible with true end-to-end encryption. Telegram chose convenience. The privacy reputation came later, from perception, not design.
Cloud Architecture — Your Messages Are on Their Servers
Telegram operates a centralised, cloud-based messaging architecture. Standard chats are stored on Telegram's company-controlled servers — not on your device. This is a deliberate design choice that enables multi-device sync and message history, but it means Telegram holds your conversations in a form its infrastructure can access.
No End-to-End Encryption by Default
By default, Telegram does not use end-to-end encryption for regular chats. Messages are encrypted in transit and at rest on Telegram's servers — but Telegram holds the keys. The service can read your messages. Unlike WhatsApp or Signal, the content of standard Telegram conversations is accessible to the service provider in principle at any time.
Group Chats — Never End-to-End Encrypted
Group chats on Telegram are categorically not end-to-end encrypted — not even optionally. There is no Secret Chat equivalent for groups. Every group conversation involving any number of people beyond a 1-to-1 private chat is stored on Telegram's servers in a form Telegram can read and disclose.
Channels — Fully Readable by Telegram
Telegram Channels — used by millions of people for news, activism, community broadcasting, and political communication — are entirely unencrypted from an E2E perspective. Telegram has full access to every message ever sent in every channel. The audience, content, timing, and participant list are all held centrally and fully accessible.
Indefinite Message Retention
Telegram stores messages in its cloud infrastructure indefinitely by default. There is no automatic deletion, no server-side retention limit, and no mechanism that prevents Telegram from holding a complete archive of your communication history. A subpoena served on Telegram today could yield years of historical conversations.
The Perception Gap Is the Risk
Academic and security research consistently finds that Telegram users significantly overestimate their privacy protection. Users choose Telegram believing it to be more private than WhatsApp — a platform that at least applies E2E encryption to all messages by default. In this specific respect, Telegram is objectively less private than WhatsApp.
"Users often assume Telegram is fully secure by default, but in reality privacy depends heavily on using the correct features. The combination of cloud storage, centralised control, and optional encryption means Telegram offers convenience and flexibility at the expense of default privacy guarantees." — DAL Technology Research Brief, 2026
Secret Chats exist —
almost nobody uses them
Telegram does offer end-to-end encryption, but it is hidden behind a feature most users have never activated, incompatible with groups, limited to a single device, and absent from every public channel. Understanding the full encryption matrix reveals a platform where the vast majority of communication occurs with no meaningful E2E protection whatsoever.
| Communication Type | E2E Encrypted? | Notes |
|---|---|---|
| Regular (Cloud) Chat | NOT E2E | Default for all 1-to-1 conversations. Encrypted in transit and at rest, but Telegram holds the keys. Content accessible to Telegram and disclosable to authorities. |
| Group Chat | NOT E2E — Ever | No E2E option exists for groups of any size. All group conversations are fully stored on Telegram's servers indefinitely. |
| Channels | NOT E2E — Ever | Channels are broadcast-only and entirely server-readable. Subscriber lists, post content, and timing are all held by Telegram. |
| Secret Chat (1-to-1 only) | E2E Encrypted | Must be manually initiated. Device-specific — messages do not sync to other devices. Uses MTProto 2.0. Not available for groups. Rarely used. |
| Voice Calls (1-to-1) | E2E Encrypted | 1-to-1 voice calls use E2E encryption. Users can verify a visual fingerprint if they choose to. |
| Video Calls (1-to-1) | E2E Encrypted | 1-to-1 video calls are E2E encrypted. |
| Group Voice / Video Calls | NOT E2E | Group calls are not end-to-end encrypted. Audio and video pass through Telegram's servers. |
| MTProto 2.0 (the protocol itself) | Proprietary / Partial | Telegram's encryption protocol is proprietary and not independently standardised. The client is open source; the server implementation is not. Academic audits have identified weaknesses in earlier versions. Not comparable to the Signal Protocol in terms of independent scrutiny or adoption. |
"Telegram's encryption protocol (MTProto) is proprietary, meaning it has historically received significantly more scrutiny and debate compared to widely standardised alternatives such as the Signal Protocol — and its server-side implementation remains closed to independent verification." — DAL Technology Research Brief, 2026
The Durov arrest changed
everything Telegram claimed to be
On 24 August 2024, Telegram founder and CEO Pavel Durov was arrested at Le Bourget airport near Paris, France. French authorities charged him with complicity in crimes facilitated through Telegram, including drug trafficking, fraud, and possession of child sexual abuse material. The arrest triggered one of the most consequential shifts in Telegram's operating posture since its founding — and exposed the fragility of privacy-by-reputation.
Pavel Durov Arrested in France — Telegram Compliance Policy Reversed Overnight
Within weeks of his arrest, Telegram publicly revised its cooperation policy with law enforcement. The platform announced it would begin disclosing user IP addresses and phone numbers to authorities in response to any valid legal request — not merely requests related to terrorism, as previously claimed. Telegram's transparency reports, which had historically shown near-zero data disclosures, spiked dramatically in the months following Durov's arrest. In late 2024, Telegram reported complying with US government data requests on at least 14 occasions — a figure that had previously been effectively zero. The privacy posture that hundreds of millions of users had relied upon was reversed not by legislation, not by court order, but by the personal legal jeopardy of a single individual.
The Durov arrest reveals the fundamental fragility of privacy-by-policy. Telegram's resistance to government data requests was never architectural — it was a posture adopted by its founder. When that founder faced personal criminal liability, the posture changed. This is precisely what privacy architects mean when they say that meaningful privacy cannot depend on the goodwill or courage of a platform operator.
Durov had cultivated a public image as a libertarian defender of free speech and privacy — a man who had left Russia rather than comply with FSB demands for user data from his previous platform, VKontakte. That narrative was central to Telegram's brand. The arrest demonstrated that individual resistance, however principled, is insufficient protection against state power when backed by criminal prosecution in a jurisdiction where the individual is physically present.
The implications extend beyond Telegram. Any platform whose privacy protections rest on the stated commitments of its leadership — rather than on cryptographic architecture that makes compliance impossible regardless of commitment — is vulnerable to exactly this failure mode. The CEO of Signal cannot hand over message content they do not hold. The CEO of Telegram can hand over everything stored in the cloud — and following the 2024 arrest, has demonstrated they will.
The criminal charges also highlighted what was being facilitated on Telegram's platform — and by extension, what was accessible to Telegram. French prosecutors argued that Telegram's refusal to moderate content amounted to complicity in the crimes committed through it. That argument implicitly acknowledges that Telegram has the technical capability to review that content. For a platform claiming to prioritise privacy, the confirmation that it holds readable copies of its users' communications was damning.
The full catalogue of
Telegram's privacy failures
Beyond the encryption problem, Telegram presents a broad attack surface — collecting extensive personal data, enabling large-scale identity exposure through its public features, and operating a platform architecture that creates maximum value for anyone seeking access to user information.
Extensive Data Collection
Telegram collects account data, device information, IP addresses, and contact lists. This data profile — even without message content — enables user identification, location inference, social graph construction, and behavioural analysis. It is precisely the data set that law enforcement agencies, intelligence services, and data brokers find most valuable.
Full Social Graph Construction
Telegram can build a complete social graph of user relationships: contacts, group memberships, channel subscriptions, and interaction patterns. This graph — mapping who knows whom, what communities they belong to, and what interests they express — is held centrally and has been demonstrated to be disclosable under legal pressure.
Mass Identity Exposure via Public Features
Large public groups and channels expose user identities, participation patterns, and interests at scale. Users who join a political channel, a protest-organising group, or a sensitive community organisation may have their membership recorded, searchable, and disclosable — without any understanding that they are creating a permanent record of their associations.
Location Exposure via "People Nearby"
Telegram's "People Nearby" feature allows users to broadcast their approximate location to discover nearby Telegram users. Security researchers have demonstrated that this feature can be exploited through trilateration to determine a user's precise location with metre-level accuracy, even when the user believes they are sharing only a general area.
Bot Integrations — An Invisible Data Layer
Telegram supports extensive bot integrations and third-party interactions. Bots added to group chats can read all messages posted in that group, store them externally, and process them with no visibility to group members. The data handling practices of third-party bot operators are entirely outside Telegram's privacy policy and beyond user control.
Proprietary Encryption Protocol
Telegram's MTProto protocol is not independently standardised. Researchers found significant weaknesses in MTProto 1.0, and while MTProto 2.0 has improved, it lacks the extensive independent academic scrutiny of the Signal Protocol. Critically, the server-side implementation of MTProto — where the actual key management occurs — is closed source and unverifiable.
High-Value Breach Target
The centralised storage of both content and metadata for hundreds of millions of users makes Telegram's infrastructure an extraordinarily high-value target for state-sponsored hackers, criminal organisations, and intelligence services. A successful breach of Telegram's servers would yield not just metadata — as with Signal — but the actual content of billions of conversations stretching back years.
Endpoint Vulnerability
As with all messaging platforms, endpoint security remains a critical weakness: messages are readable on devices before encryption and after decryption. For Telegram, this risk is compounded by the fact that cloud sync means message history is accessible from multiple devices — each of which represents a potential point of compromise.
Insider Threat Risk
The cloud-based model introduces significant exposure to insider threats. Telegram employees with access to server infrastructure have, in principle, access to the content of billions of unencrypted conversations. Unlike a platform that cannot read its users' messages, Telegram's staff can. The controls governing that access are internal policies, not cryptographic impossibility.
What happens when a government
asks Telegram for your data
Telegram's historical position — that it would only disclose data in terrorism-related cases — has collapsed following the 2024 Durov arrest. The platform now cooperates with valid legal requests from any jurisdiction. For users who relied on Telegram's stated non-cooperation as a privacy protection, the change is fundamental.
- Content of regular chats: Disclosable. Telegram holds readable copies of all non-Secret-Chat conversations. A lawful request to a jurisdiction where Telegram has legal presence can compel disclosure of years of message content, attachments, and media.
- Group chat content and membership: Fully disclosable. Every message ever sent in every group chat — including who sent it, when, and to which group — is held on Telegram's servers and can be produced in response to legal process.
- Channel content and subscriber lists: Disclosable. Telegram can identify every subscriber to any channel — including anonymous political channels, activist groups, and sensitive community spaces — in response to a lawful request.
- IP addresses and device identifiers: Disclosable, and now disclosed routinely. Following the 2024 policy change, Telegram confirms it provides IP addresses and phone numbers in response to valid legal requests. IP addresses can confirm a user's physical location at specific times.
- Contact lists and social graph: Disclosable. Telegram's record of who a user communicates with, what groups they belong to, what channels they subscribe to, and their patterns of interaction constitutes a detailed social graph that can be produced in full.
- Secret Chat content: Not disclosable (by design). Secret Chats use genuine E2E encryption, and Telegram does not hold the keys. However, almost no users use Secret Chats, and they are not available for groups — so this protection applies to a negligible fraction of Telegram conversations in practice.
"Telegram retains the ability to respond to lawful government requests, particularly where content is accessible in non-encrypted chats. Following the 2024 arrest of its founder, Telegram's stated policy of non-cooperation was replaced with a policy of routine compliance. The architecture always permitted this. The policy finally confirmed it." — DAL Technology Research Brief, 2026
What Telegram actually is —
and what it is not
Telegram is a capable, feature-rich cloud messaging platform. It is not a privacy tool. The distinction matters enormously for anyone making security decisions based on its reputation rather than its architecture.
~ What Telegram Partially Provides
- Secret Chats offer genuine E2E encryption for 1-to-1 conversations — if manually activated
- 1-to-1 voice and video calls are end-to-end encrypted
- Transit encryption protects data between your device and Telegram's servers
- Disappearing messages available in Secret Chats — not in regular chats
- No advertising ecosystem comparable to Meta — limited commercial data monetisation
- Open-source client code allows partial review of the application
- Username system allows some reduction in phone number exposure to contacts
- Self-destructing media options in some contexts
✗ What Telegram Critically Fails to Provide
- Default E2E encryption — regular chats are NOT end-to-end encrypted
- Group E2E encryption — categorically unavailable, ever, for any group
- Channel privacy — all channel content fully readable by Telegram
- Minimal data retention — messages stored indefinitely by default
- Resistance to legal compulsion — demonstrated to be policy-dependent, not architectural
- Social graph protection — full contact and group membership data held and disclosable
- Transparent server implementation — server-side code closed source
- Independently audited protocol — MTProto is proprietary, not standardised
- Insider access prevention — staff can access unencrypted message content
- Bot data controls — third-party bots have unrestricted access to group messages
- Structural compliance resistance — 2024 arrest proved posture changes under pressure
- Honest defaults — users systematically overestimate privacy protection
"From a technical perspective, a centralised service with server-accessible content presents greater theoretical and practical exposure to surveillance and data access than systems designed to minimise server knowledge. Telegram's architecture places it firmly in the first category — regardless of its privacy reputation." — DAL Technology Research Brief, 2026
WhatsApp is a trademark of Meta Platforms, Inc. Signal is a trademark of the Signal Foundation. Telegram is a trademark of Telegram Messenger LLP. Radar is not affiliated with or endorsed by any of these companies.