Telegram Security Best Practices

In this post, I’m sharing some best practices to follow on Telegram to protect yourself from info leak, spams, impersonators session hijackers and other security threats.

Here are the steps to follow before signing up or logging into your account on a new device.

• If you can afford get a virtual number to sign up on telegram, it could be permanent or single time OTP based, for eg you can recieve Telegram OTP at sms-activate for few cents.
• When signing up or logging in into your account, uncheck the box “Sync contacts”.
• Deny the permission to your camera, contacts & microphone. You can enable them on demand anytime.

After you sign up or login into new device, first of all, go to settings;

Data Storage

• Settings >> Data Storage >> Automatic media download >> Toggle off all the options. On iOS Disable both using cellular & Wifi.
  

With automatic media download enabled there is a high risk of getting your device infected with malware especially if you are on desktop.

Privacy and Security

• Settings >> Privacy and Security :
  • Two-step verification > Enable
  • Passcode-lock / Touch ID > Enable
  • Phone number :
    • Who can see my phone no > Nobody
    • Who can find me by my number > My contacts
  • Last seen & online > Nobody
  • Profile Photos > My Contacts (avoid using your real pic)
  • Calls > Nobody (or My Contacts, if you prefer)
  • Calls Peer-to-Peer > Nobody/Never (leaks your IP to other participant)
  • Forwarded Messages > Nobody
  • Groups & Channel > Who can add me > Nobody
  • Automatically delete my acc > If away for > 1 year
  • Data Settings / Cntacts > Toggle off / Delete synced contacts
  • Data Settings / Secret chats > Link Previews > Disable

Note:

• If you have no contacts synced & you configure any settings specific to your contacts it will have effect for Nobody, which is better for privacy.
• Preferably, sign up for Telegram with a cell number which you have shared with nobody.

Power Saving

• Settings >> Power Saving :
  • Activate Power saving mode or
    • Autoplay GIFs > Disable
    • Animated Stickers > Disable loop animations

Devices

• Settings >> Devices >> Active Sessions > Terminate unrecognized sessions

General Checklist

• Do not trust random files that get shared on Telegram especially executables & archives.
• As a precaution use AV bots before downloading files on your machine for eg:
  • VirusTotal - can scan upto 320 MB file.
  • VirusYab - scans upto 300 MB file
• PDF documents could be infected as well, use dangerzone.rocks to convert them to safe PDFs.
• Beware of impersonators. Check carefully if you get any notifications about logging into Telegram, they should come into the official telegram service account notifier.
• Be careful about scammers using Telegram’s name asking for your personal informations like identity, real name, bank account, etc.
• All of official Telegram accounts, like service notification, supports, etc. are verified and their phone numbers starts with +42 which is always visible in their bio and they never ask you for your personal info.
• Do not trust random bots on telegram with your sensitive information like cell number, payment info etc, unless it is mediated via trusted third-party service.
• If you happen to close any deal with some stranger in exchange of certain payment always make sure seller have no leverage, i.e do no pay upfront.
• Avoid sending DMs to unknown people, they will report you and get your account limited.

Verified Bots

A list of some useful verified Telegram bots.

• @BotFather - to create / register bots.
• @Stickers - to create stickers.
• @SpamBot - to check the status of your account.
• @telegraph - login into gra.ph
• @QuizBot - create quizes on Telegram
• @VerifyBot - verify an official channel, bot or public group.
• @gdprbot - request data Telegram stores on you.
• @MTProxybot - setup Telegram MTProxy servers.

Official Channels

A list of some official Telegram channels.

• @telegram - Official News outlet of Telegram
• @durov - Official channel of Telegram Founder / CEO Pavel Durov

Official Accounts

Some offical handles of Telegram

• @dmcatelegram - reports about copyright violations +42454, [email protected]
• @notoscam - reports about scammers, impersonators +4240007, [email protected]
• @stopCA - report about child abuse
• @AbuseNotifications - report ISIS / Terrorist content, [email protected]
• @BotSupport - questions, issues, etc about bots +424314159.

That is all about this post. Hope you found this useful.

Reply via mail