This is a work in progress and not a release. We're looking for volunteers. See Issues to know how to collaborate.

Telegram

tag: [Security Specialist, Operations & Strategy]

1. Use Two-Step Verification

  • Enable Two-Step Verification: Protect your account with an additional password to ensure that even if someone has your phone number, they cannot access your account without the additional password.
    • Go to Settings > Privacy and Security > Two-Step Verification and set up a password.

2. Enable End-to-End Encryption for Secret Chats

  • Use Secret Chats: For sensitive conversations, use Telegram's Secret Chats, which are end-to-end encrypted and not stored on Telegram’s servers.
    • Start a new secret chat by selecting a contact, tapping on their name at the top, and choosing Start Secret Chat.

3. Set Self-Destruct Timers for Messages

  • Self-Destruct Timers: In Secret Chats, set a self-destruct timer for messages, which automatically deletes messages after a set period of time.
    • Tap the clock icon in the message input bar within a secret chat to set the timer.

4. Control Your Online Presence

  • Manage Last Seen and Online Status: Control who can see your last seen and online status by adjusting your privacy settings.
    • Go to Settings > Privacy and Security > Last Seen & Online and select who can see your status.

5. Limit Who Can Add You to Groups

  • Group and Channel Privacy: Restrict who can add you to groups or channels to prevent being added to unwanted or potentially malicious groups.
    • Go to Settings > Privacy and Security > Groups & Channels and select your preferences.

6. Use a Strong Passcode Lock

  • Enable Passcode Lock: Set a passcode to lock the Telegram app, adding an extra layer of security.
    • Go to Settings > Privacy and Security > Passcode Lock and set up a passcode.

7. Review Active Sessions Regularly

  • Active Sessions: Monitor and terminate any unauthorized active sessions to ensure no one else is accessing your account.
    • Go to Settings > Privacy and Security > Active Sessions to review and manage your sessions.
  • Beware of Phishing: Do not click on suspicious links sent by unknown contacts. These could lead to phishing attempts or malware.

9. Control Data Sharing

  • Manage Contact Syncing: Disable contact syncing if you want to prevent Telegram from accessing your contact list.
    • Go to Settings > Privacy and Security > Data Settings > Contacts and toggle off Sync Contacts.

10. Be Cautious with Public Channels and Bots

  • Join Public Channels Wisely: Only join public channels and interact with bots from trusted sources, as they can collect your data.
  • Review Bot Permissions: Be cautious about giving bots access to your account information.

11. Regularly Update the App

  • Keep Telegram Updated: Ensure you are using the latest version of Telegram to benefit from the latest security patches and features.
    • Check your app store regularly for updates or enable automatic updates.

12. Avoid Using Third-Party Telegram Apps

  • Use the Official App: Stick to the official Telegram app for the best security and privacy protections.
    • Download from the official Telegram website or your device's official app store.

13. Backup Your Two-Step Verification Password

  • Store Your Password Safely: Ensure you store your two-step verification password in a secure password manager to avoid being locked out of your account.

14. Disable Automatic Media Download

  • Control Media Download: Disable or limit automatic media downloads to prevent unwanted files from being stored on your device.
    • Go to Settings > Data and Storage > Automatic Media Download and adjust your preferences.