Telegram Is An Obvious Honeypot

I’ve seen a rash of rightists on the Internet bring up Telegram as some kind of “secure” alternative to Discord and Twitter, bringing up how it has “end-to-end encryption” or whatever else. They bring up how the government can’t get on it and how it’s safe to post your plans to overthrow said government on it. I have some bad news for those users: it isn’t. I’m going to break down why I find this service to be an obvious honeypot into a few key points.

These channel names have more edges than bismuth.
  1. It Has Channel Links Like Discord Invite Links
    Every one of its channel links follows the following format: https://t.me/CHANNEL_NAME_HERE. This is similar to the Discord invite link format which look like this: https://discord.gg/RghMm9C. You will notice something specific in this format: they all require you to visit a specific domain name. This means that Telegram Messenger Inc. is informed that you went to this particular channel. You tell them when you do. Your privacy is compromised here just by that fact alone.
What next, asking for a Social Security Number?
  1. It Takes Your Real Fucking Phone Number

    When somebody signs up to use Telegram, it sends an SMS message to their phone, and even asks for permission to read SMS messages to make filling it in easier. This means it can associate a user account to a phone number and a time, and that phone number plus timestamp means it can be associated to a specific person through a phone company’s records. Now, I’m aware that there are ways to get phony burner numbers that let you bypass this, but the fact that they’re trying to get this information out of you in the first place is telling that they’re not exactly interested in your privacy. They want you to tip your hand.

    Also, implying that their automatic reading of the security code is the only time it reads your SMS messages.
Reported for posting cringe
  1. You Can Report Posts

    I thought this thing was supposed to be secure and immune to Telegram Inc’s spying, but then I discovered that you can report posts. Report them to who? Since they apparently can’t read your messages, why would reporting a message ever do anything at all? Here’s a hint: because they can, as a matter of fact, read your messages.
Nothing suspicious here, goy!
  1. Its Backend Is Closed Source And Proprietary

    Since it’s so secure and there’s just no way it could possibly be spying on its users, why keep the source code of the backend hidden? Naturally, to prove that their system isn’t malicious, they would not need to divulge sensitive information like database passwords or API tokens, and even then, they could release a fake backend repository to make it seem legit. They didn’t even do that. They straight up don’t tell you what the backend does. It’s a black box.

To anybody who fell for the “Telegram is secure” meme, consider the following: if you went to a used car dealership and they had a sign that read “no ripoff,” how seriously would you take that sign? Would you take it at face value without skepticism? No, you wouldn’t. So when some “app” or online service tells you that it’s secure and that the government can’t track you on it, always assume that the government can and try to figure out how they can. Ninety nine percent of the time, you’ll figure out exactly how the government can spy on you through it (see above), and the other one percent of the time you’re likely just missing something.

This is not to say that there are no secure-ish means of communication online. However, it should be noted that the most secure way to send messages like this (that I’m aware of) is called “Pretty Good Privacy.” That should tell you something. If you know what you’re doing, you’re going to admit that there’s almost definitely a way to break or circumnavigate whatever cute security power play you have to deploy that you aren’t aware of. Asking a real security expert “is this line secure?” is like a head of state asking his defense minister “is it impossible to lose a war?”

If you’re going to be paranoid, go about it intelligently

It’s also worth noting that the most important detail of security is trust. Discord is “secure” insofar as your communication with the server isn’t going to be successfully intercepted by some third party trying to steal your password, because it uses SSL effectively. However, Discord Inc. can still see everything you send over the line, so if you don’t trust Discord to not spy on you (you shouldn’t) then you shouldn’t send any interesting content over that line. And that’s just Discord Inc. itself; what about whoever hosts their servers? I bet they can see some cool stuff too if they deigned to look. The same can be said for any random IRC server with SSL; if you trust the administrator of that IRC server,, as well as the hosts of that IRC server, and keep good track of the SSL fingerprints, you’ll be fine, but even then, you should assume you’re being watched.

111 thoughts on “Telegram Is An Obvious Honeypot

  1. Avatar
    Anonymous says:

    If it's on the internet – and people are using it – it's almost certainly not secure.

    Reply
  2. Avatar
    Anonymous says:

    Your guess is as good as mine. The founder of Telegram is the founder of VK, he was chased out Russia and his company and got political asylum in the UK after refusing to cooperate with the FSB. So unless it's so kind of really elaborate double agent BS he probably do have security at heart.

    Reply
    1. Avatar
      Anonymous says:

      He fled from a democracy to a totalitarian hellhole and that makes him anti-state?

      Reply
      1. Avatar
        Anonymous says:

        The FSB were not asking for the keys to everything, they were demanding it. When he said no they locked him out of everything, froze all his assets. Quite the democracy you got there. Imagine this had been done to Apple when they told to FBI to get fucked.

        Reply
        1. Avatar
          Anonymous says:

          Instead, the FBI got in anyway using backdoors when they got told to fuck off. Asking was a formality and just to keep up the charade that we had rights. When Apple tried to play hero they just used the backdoors, Apple got good PR, and everyone moved on and forgot due to their attention spans being the length of a gnat's dick.

          Reply
          1. Avatar
            Anonymous says:

            No instead the FBI hired experts who found a zero day that has since been fixed.

          2. Avatar
            Anonymous says:

            BTW this mostly killed the hacking scene for iPhone. Until something else is found the bootloader is now bulletproof.

  3. Avatar
    Anonymous says:

    Nothing is that secure. Even real life among real people isn't secure if you talk about revolutions and shit. Because there are government agencies who are supposed to seek out and infiltrate said groups.

    Taking risks is part of what happens if you go against the status quo. If you aren't big boy enough to potentially risk everything, you aren't big boy enough to play rebel.

    And I'm sure most of those groups are groups nobody even gives a fuck about because that is where they want you: isolated from large populations and screaming into the void and preaching to the choir.

    Nothing is secure so you better be ready to put up or shut up and stop talking big shit when you're gonna sit your ass at home and do nothing. Most of the people here won't even pick up garbage in their own community and think they're the next Che Guevera. Arrogance (since everyone is always "waiting" and wants to be the big boss leader) and luxury (too much to lose and too much effort when they can shitpost for hours at a time) has already killed the vast majority of revolutionaries and why you only see it in areas full of poor fucks with nothing to lose.

    Reply
    1. Avatar
      Anonymous says:

      I mean there are degrees of honeypotting and Telegram is off the charts according to this article.

      Reply
  4. Avatar
    Anonymous says:

    >mfw you’re so dangerous that you don’t even get invited to honeypots

    Reply
  5. Avatar
    Anonymous says:

    the server-side and client-side encryption scheme is inherently secure and higher than the standard though it does not matter if the government does intend to pursue someone they deem as a risk. if you have a sim card, which supports GSM (most phones do), then you're susceptible to your network service to remotely install software on your sim card (sim cards are not EEPROM and can have software written to them). with that said, the app running on the sim can access all data on said phone. the point is that encryption will not ultimately save you

    Reply
    1. Avatar
      Anonymous says:

      Now I assume if one were to communicate using PGP and all that it would be relatively secure? I'm not doing anything, just curious. I know it is used for darknet market transactions as a means of masking address info and such. Can that type of thing be cracked given current government tech? Let's assume the keys haven't been compromise or anything

      Reply
      1. Avatar
        Anonymous says:

        The US govt dropped their case against Zimmermann without charge and its not because of lack of legal argument, PGP has been compromised since the 90's

        Reply
        1. Avatar
          Anonymous says:

          If that were true why haven't they busted every major darknet operation that has existed over the last few years? Every time they manage to bust someone they make a big press release, and that has not happened nearly as often as you'd expect if the communication medium they use is truly 100% compromised. At least, that's my intuitive take on it b/c I don't have any actual information on hand to support my conclusion lol

          Reply
          1. Avatar
            Anonymous says:

            because at NSA they arent worried about that sort of shit, the software is classified as a munition, they were worried about its use at the state/foreign intelligence level not wasting their time running after drug dealers and people selling kids, they have real money to make.

    2. Avatar
      Anonymous says:

      They can still log which channels you join, know your phone number, and read your call log/SMS/other stuff. It's spyware. The (((encryption))) is a fucking red herring.

      Reply
  6. Avatar
    Anonymous says:

    the article is shit and OP needs to fuck off with his low-information bullshit
    t. used telegram for wignasty shit for over three years

    Reply
    1. Avatar
      Anonymous says:

      I mean 4chan isn't trying to sell itself as "secure" but I've been posting extremely taboo opinions on it, too. That doesn't make the OP wrong.

      Reply
  7. Avatar
    Anonymous says:

    I only use it to shoot the shit with my frens if the NSA wanna see me trade memes and talk about sluts and niggers they're welcome but i wont willingly support alternatives from facebook or google et all who resell the data and have proven to be untrustworthy, as far as that goes its "secure" enough for me. I'm not joining any fringe groups there or anywhere online, that's just asking for trouble.

    Reply
  8. Avatar
    Anonymous says:

    /g/entooman here. It's nearly impossible to avoid spyware and/or malware (redundant, I know) in modern software. There are many examples of firmware even being user-hostile, which runs beneath any applications you run as a user, like device drivers, BIOS, EFI and EFI payloads, and there are even remote management "features" in modern Intel chipsets (since Core2 era) that rely on an always-on coprocessor that runs BELOW even your main CPU cores. Phones have a baseband processor that's essentially the same thing.

    I have a little less than a decade of experience working in software engineering, so listen to me carefully when I tell you this: The only secure form of communication is face to face with no microphones or cameras around. Leave your phone at home and meet in the woods.

    More info on why Telegram is ass and should be avoided:

    https://spyware.neocities.org/articles/telegram.html

    Reply
    1. Avatar
      Anonymous says:

      >Signal
      >Please register your phone number using this US based number
      Not saying telegram is great but signal is overhyped hot garbage.

      Reply
      1. Avatar
        Anonymous says:

        Signal has strong encryption, but their requirement of having a phone number is silly.

        Reply
        1. Avatar
          Anonymous says:

          Yes I'm not doubting the signal protocol in fact it's one of the best and most solid encryption protocols for instant messaging out there today, but the pure fact that meta data about you enrolling to use signal exists somewhere on a server is worrysome.

          Reply
          1. Avatar
            Anonymous says:

            Proprietary blobs = insecure shit.

          2. Avatar
            Anonymous says:

            So every messanger mentioned in this thread?

  9. Avatar
    Anonymous says:

    >I've seen a rash of rightists on the internet bringing up Telegram
    stopped reading there

    Reply
  10. Avatar
    Anonymous says:

    The article is trash. It doesn't prove the messaging is compromised, but states obvious facts.

    Reply
    1. Avatar
      Anonymous says:

      You mean like that "Telegram is an obvious honeypot"?

      Reply
          1. Avatar
            Anonymous says:

            I sure do, but I'm afraid you not.

  11. Avatar
    Anonymous says:

    Everything is a honeypot. We should all just remain silent and not risk having people know that we have unorthodox thoughts from time to time.

    Reply
    1. Avatar
      Anonymous says:

      Honestly, I'm on 4chan because I don't need an expectation that the government isn't spying on me to express myself, but at the same time I don't want my boss/professors figuring out what I have to say, either.

      Reply
      1. Avatar
        Anonymous says:

        I’ve got some bad news for ya. Your system admin can easily figure out if you are posting on the site. Nothing is 100% anonymous.

        Reply
    2. Avatar
      Anonymous says:

      or you know just say it because they can't fucking arrest everybody

      it's pretty obvious there's some expected and allowed level of dissent or else everyone on 4chan would be in jail.

      Reply
  12. Avatar
    Anonymous says:

    Russian government also advertised telegram to the point even small villages know that "all the youth" sit in the telegram now. Most people in Russia chat with telegram, even government itself and business while officially telegram is banned?

    Also Durov, despite saying how free his messenger is, agreed to cooperate with governments to track and ban terrorists.

    They also started to put "SCAM" flair on some shady channels instead of banning them.

    They still don't have message encryption in desktop apps, only in mobile apps and Mac OS version, and in mobile apps they refuse to add good local encryption justifying it by saying "if someone has physical access to your phone you are compromised already". Their current local encryption can be cracked within 10 minutes by a simple script-kiddie tool from Kali Linux kit.

    You don't have to be a genius to understand that.

    Reply
    1. Avatar
      Anonymous says:

      what do you think you'll gain by spreading FUD without proof?

      some americans might believe you because well the average american is not known to be "smart" but the entire world isn't full of americans

      Reply
      1. Avatar
        Anonymous says:

        how hard is it to google whatever I wrote you absolute nigger?

        Government officials use telegram, Tinkoff uses telegram, even man responsible for telegram ban, Jarov, uses telegram. He made an official fucking statement that yes, he uses it, he is not even hiding it.

        Durov wrote on his own fucking blog page that yes, he cooperates with the government to track terrorists.

        It isn't hard to google how easy it is to crack mobile telegram and how it was possible before to clone telegram app and connect as 3rd party to the end-to-end encrypted fucking chat, like what the actual fuck? There is no sense to continue. May be you are going to check your own FUD first before trying to shit on your own chair?

        Reply
        1. Avatar
          Anonymous says:

          >FUD

          I have to admit my own ignorance here but I'm interjecting on your exchange. What is FUD?

          Reply
        2. Avatar
          Anonymous says:

          Russian politicians are trying to BAN Telegram and they've been trying to do it for many years now because Telegram is refusing to hand over the encryption keys to the Russian feds and you are trying to convince people that "hurr durr Russia is working with Telegram, trust me bro"

          Fuck you lol

          Choke a dick fucking cum guzzler

          Reply
          1. Avatar
            Anonymous says:

            they are trying to ban it so hard they all use it, even Jarov himself
            they are trying to ban it so hard the ban itself doesn't work at all because Durov is such a master of evasion
            k

            more like they are trying to advertise it to make everyone opposing himself to the government use it

            >Choke a dick fucking cum guzzler
            just like you choked my dick with "AAH FUD NO PROOFS" despite proofs being freely available in google few keys away from you

            absolute durov cock sucking nigger retard

          2. Avatar
            Anonymous says:

            not to mention that all telegram (((privacy and security))) was abused by several countries and Durov himself in their time

            >Anton Rozenberg, Durov's ex-worker, sues his brother
            >Rozenberg reports his message history in telegram with Durov containing all evidence magically disappeared
            >after the report message history magically re-appeared with Durov saying "it was only a bug"

            >telegram is being banned in Russia
            >Durov team adds cloud password to prevent authorities intercepting SMS with login codes ONLY after russian government jails few people
            >cloud password is still not a default option
            >protests in China
            >Durov team adds anti-bruteforce protection ONLY after China authorities jail shitton of people just by bruteforcing their phone numbers (e.g importing random phone numbers in phone address book) despite people crying over bruteforce protection for years
            >messenger had several critical bugs with phone numbers being displayed to everyone
            >Durov team only makes something after serious consequences when it's already too late for people who used it and relied the most on it
            absolute kek of a messenger

    2. Avatar
      Anonymous says:

      Telegram is banned in Russia. People use it because it was a first messenger that got some public attentions. Mostly because of Durov.

      Durov sold his previous project (vkontakte) to the Russian government. Not directly, of course, but you can see the trace, and now everyone knows that every single picture, message, and post is being stored and monitored. The funny thing is that after he sold it he played a victim and went to Telegram.

      If you trust any centralized messenger with your privacy you're retarded.

      Reply
  13. Avatar
    Anonymous says:

    The entire internet is a honeypot pleb. FFS I bet you are a phone poster as well, that leaves the 'location service' on for convenience.

    Reply
  14. Avatar
    Anonymous says:

    The only thing you can rely on in this world are your own balls

    Reply
    1. cyberdemon
      cyberdemon says:

      >Potential Business Applications

      >sock puppeteering to overthrow a despotic regime
      >brand monitoring and sentiment analysis
      >shilling cryptocurrency at a moments notice for financial gain
      >influencing sentiment on topical issues
      >getting in on price action early
      >running analysis of a telegram channel

      This is pure gold.

      Reply
  15. Avatar
    Anonymous says:

    everything spies you, you can only choose sides
    >russians
    >murica
    >china

    Reply
    1. Avatar
      Anonymous says:

      nice try (((friend))) but you seemed to forget israel on your list

      Reply
  16. Avatar
    Anonymous says:

    I'm a furfag and I thought yiffagram was only used for furries and Pajeet XDA projects.

    Reply
  17. Avatar
    Anonymous says:

    I never take anyone seriously that has poor literary skills. Simply reading a few words of the paragraph made me realise that the author is a complete moron.

    Reply
    1. Avatar
      Anonymous says:

      maybe it's not a true honeypot, but you're fucking retarded if you think it's secure and private.
      >imagine being so retarded you think anyone who isn't absolutely fluent in YOUR language is a moron.
      you're retarded and should feel bad, monolingual

      Reply
      1. Avatar
        Anonymous says:

        Not to mention, the way that opening paragraph read wasn't really that bad. It wasn't Mark Twain or anything, but it didn't pain me to read it.

        Reply
  18. Avatar
    HAUSEVULT says:

    >report function sends message to moderators
    *inhales*
    AHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

    Reply
  19. Avatar
    Anonymous says:

    All proprietary services like this are honeypots and are easily compromised by glowies. While there is no such thing as true "security", you can increase your security by running your own private IRC servers with SSL, etc.

    Reply
    1. Avatar
      Anonymous says:

      I can see that maybe, but it seems like a bit much to ask people who aren't computer science types.

      Reply
  20. Avatar
    Anonymous says:

    You must be loving the influx on /pol/tards on your site. Anyway, do your research instead of posting such a shit article.

    Reply
  21. Avatar
    Anonymous says:

    >It Has Channel Links Like Discord Invite Links

    No shit. That's how groups invites work for 99% of the platforms.

    >It Takes Your Real Fucking Phone Number

    Yes, not being able to signup without a phone number is a fucking PITA. You can however use a fake number, or an alt number or something. But issue being if you lose access to that phone number you may be fucked.

    >You Can Report Posts
    >Report them to who? Since they apparently can’t read your messages

    Nowhere does it say they can't read your posts.

    Nobody said Telegram is "secure", but it IS a more secure alternative to Whatsapp, Line, Facebook Msngr, etc. It is the better alternative. Yes there are a few better alternatives, but Telegram meets that sweet spot of security and convienence. I would like to see them fully open source, and allow email registrations though. I would never expect E2E server encryption to happen. There's no point either, anybody can just join with the link if it's found.

    Reply
  22. Avatar
    Anonymous says:

    Telegram uses home-brewed (i.e. bad) encryption. That's enough to know that it's shit and perhaps backdoored.

    Reply
  23. Avatar
    Anonymous says:

    Why would the advertisement industry shit talk Telegram?

    Reply
  24. Avatar
    Anonymous says:

    Telegram sucks. I think signal is OK but Briar seems to be the king of end to end encryption.

    Reply
  25. Avatar
    Anonymous says:

    Maybe.
    Rule of thumb is to use a messaging app/device that was produced by your countries 'nemesis'.

    Reply
  26. Avatar
    Anonymous says:

    >Hong Kong activists and Mainlaind Chinese dissenters using it
    >they didn't get suicided
    Yeah I'm sure it's 100% compromised.

    Reply
    1. Avatar
      Anonymous says:

      >if they don't get literally every dissenter then it's 100% safe

      kys glowi

      Reply
  27. Avatar
    Anonymous says:

    Because the op post is a fucking bot and it's all automated. Only a fucking bot or a complete fucking tool would actually contribute to this thread or even consider clicking on the link.

    Reply
  28. Avatar
    Anonymous says:

    always do the opposite from what 4chan niggers says.
    if it's shilled and hailed in 4chan, it's complete shit
    if it's got trashed in 4chan, it's good
    those lowlife are absolutely seething if you use anything that more productive for your life.

    Reply
  29. Avatar
    Anonymous says:

    Using Telegram as an encrypted messenger is a bad idea regardless of whether or not it's a honeypot, but the Channels feature is gold.

    Reply

Leave a Reply

Your email address will not be published.

Scroll Up