Telegram is not encrypted by default. Most users don't know this. Regular messages sit in plaintext on Telegram's cloud servers. Only "Secret Chats" — which require manual activation and don't work for groups — are end-to-end encrypted. 950 million people think they're using a secure messenger. They're using a cloud chat app with a privacy reputation it hasn't earned. Signal uses the Signal Protocol. WhatsApp uses the Signal Protocol. Telegram invented its own. Cryptographers call it unvetted. And the only encrypted mode — Secret Chats — doesn't work in groups, doesn't sync across devices, and requires manual activation. The feature exists so Telegram can say it exists. Almost nobody uses it.
What they claim: Telegram markets itself as a private, secure messaging platform
What we found: Telegram CEO Pavel Durov was arrested in France in August 2024 on charges including complicity in drug trafficking, CSAM distribution, and fraud facilitated through the platform. Telegram's default chats are NOT end-to-end encrypted — only "Secret Chats" (which few users enable) use E2EE. Regular messages, group chats, and channels are stored in plaintext on Telegram's cloud servers, accessible to Telegram staff and potentially to law enforcement.
What they claim: Telegram promotes Secret Chats with end-to-end encryption
What we found: Telegram uses a proprietary encryption protocol called MTProto, developed in-house rather than using established protocols like Signal Protocol. Cryptographers have repeatedly criticised MTProto as unvetted and potentially vulnerable. Secret Chats — the only E2EE feature — do not sync across devices, do not work in group chats, and must be manually initiated. The vast majority of Telegram users never use them.