I am writing this note as a person who is dealing with numbers of security attacks every day as part of my paid job. If I want to make a long story short, there are two high-level potential threats communicating via any messaging platform:
1. The whole platform is corrupted and shares your data with 3rd parties, governments, etc. for their sole benefit without explicitly mentioning that in their terms & conditions.
2. Malicious individuals on the platform who are actively struggling to steal your data, capture likes, makes you join their group, impersonate you, blackmail you, etc.
There are two well known approaches so far to deal with these threats:
1. As of now an end-to-end encryption is the best answer to the first threat. Yes, it’s costly but you as a user will be confident if even FBI needs your data, it needs to pay the price and expends huge amount of time and money to crack the encryption if it will be eventually capable to do so. Below are some messaging platforms with end-to-end encryption in place. ex. iMessage, WhatsApp, Signal. Despite claims by Telegram, its encryption is non-standard and shady and end-to-end encryption is not enabled by default.As you all may have noticed up to now, if I don’t say all but most of them are banned in Iran and China, what a coincidence, right? And non-encrypted messaging Apps are so popular in these geographical regions including Telegram. (Although Telegram has “secret chats” which is claimed to be encrypted, it’s not being used by majority of users.)
2. Verified users is one remedy to restrict malicious users. This method helps other users to trust other individuals. It means when an entity claims to be an organization (ex. Bank of America, American Red Cross, etc.) and you see the verified sign you know its identity has been verified. (You are still at the risk, if the organization is not doing the verification job right).
Facebook and Twitter have done a great job in this area by asking more essential questions while you are opening an account and keep tracking of user’s activities and suspend accounts with unusual behavior afterwards. “Telegram does not verify user accounts at the moment”, mentioned in Telegram wiki page.
http://telegram.wiki/tips:usernames
All being said, Telegram is not secured messaging application at least by these two main security metrics but everyone is entitled to share anything, every where for any reason he/she decided. Just keep in mind your precious information may not always stay in good hands at the end of the day.
Cheers,
Ali
Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers
http://www.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM?sp=alcms