Douglas Crawford

Douglas Crawford

April 17, 2018

Telegram Messenger is notorious because of its wide-scale use by ISIL. Indeed, this notoriety may have fueled a popular conception that Telegram is highly secure and private.

Quick Links to our best 5 VPNs for Telegram Messenger App

  1. CyberGhost
  2. ExpressVPN
  3. Buffered
  4. NordVPN
  5. VyprVPN

Despite privacy and security experts not sharing this view, the app remains wildly popular. This is especially true in the Middle East. In Iran alone, Telegram has some 40 million monthly active users. It also played a critical role in the 2016 Iranian parliamentary election. I will discuss the specific situation with Telegram and Iran later in this article.

A number of governments have tried, or have proposed, to block Telegram – notably Indonesia and Russia.

Please see below for a discussion on how a Virtual Private Network (VPN) can – and cannot – help Telegram users.

9.6/10.0

Editor's choice

Editor's choice

CyberGhost Homepage
PROS:
  • Special Offer: 77% off 2-year plans!
  • More than 800 servers & global coverage
  • Multiple usage on up to 5 devices
  • No logs policy, guaranteed security and encryption
CONS:
  • Could be faster

CyberGhost‘s software is easy-to-use while also being veryfully featured. It usesvery strong encryption, and 5 simultaneous connections is generous. Being based in Romania and keeping no meaningful logs is also a big draw. Like ExpressVPN, some minimal statistics are kept, but with no time stamp or IPs recorded, these present no threat to users' privacy.

Although it runs few servers in the Middle East itslef, Cyberghost has a strong Eastern Eurpean presenece, which is ideal overcoming regional censorship.

CyberGhost’s great logging policy, decent local (burst) speeds, and fully featured software are a winning combination. And witha 7-day free premium trial plus 30-day no-quibble money back guarantee, there is zero reason not to give it a whirl.

Try the Best VPN Service Today!

Visit CyberGhost »30 day moneyback guarantee

9.2/10.0

ExpressVPN Homepage
PROS:
  • Special Offer: 49% off today!
  • Super fast – great for streaming!
  • Super secure – 256-bit encryption
  • Unlimited downloading
  • 5* customer support and 24/7 live chat
  • 30-day money-back guarantee
CONS:
  • Not much

ExpressVPN is a fantastic VPN service for Telegram users thanks to great 24/7 customer service, easy-to-use software, and a 30-day, no quibbles, money-back guarantee that actually does what it promises. It's also very fast and offers server end-points in an impressive 87 different countries (with a number in the Middle East).

The encryption that ExpressVPN uses is as strong as it gets, and stealth mode is ideal for bypassing government VPN restrictions. The software is available for all major platforms, can be used on three simultaneous devices, and is extremely easy to use.

8.4/10.0

Buffered Homepage
PROS:
  • Special Offer: 49% off today!
  • Great customer support
  • Strong privacy policy and OpenVPN encryption
  • 24/7 live chat support
  • Fast connection speeds
  • Servers in 37 countries -No kill switch
CONS:
  • Some connection logs

Buffered is now based in Gibraltar with its central server located in the Netherlands. It keeps no usage logs (but some connection logs), has servers located in 37 countries worldwide, and even promises to add servers upon request should users need them! It generously permits up to 5 devices to connect at once and offers 24/7 live chat support.

It runs many severs in Eastern Europe, which are well-loacted to defeat censorship in the Middle East.

Buffered's unique “port discovery” feature is intriguing. It searches for open ports, allowing you to login to the WiFi at airports and hotels etc. without having to ask reception for a password.

With a 30-day money-back guarantee on offer (which is valid for ten hours of VPN use), it is easy to trial Bufferedrisk-free. What’s more, Buffered gives automatic refunds to subscribers who don’t use the VPN for the first seven days. All in all, a formidable VPN that is well worth the money if you commit for a year.

8.0/10.0

NordVPN Homepage
PROS:
  • Special Offer: 77% off today!
  • Servers in 61+ countries
  • Excellent for privacy and security
  • Fast connection speeds for streaming
  • Easy to use and reliable
  • Great customer care
CONS:
  • Support could be better

NordVPN is a great no logs VPN provider based in Panama. This alone makes it one of the best VPN choices available for privacy fanatics, which many Telegram users are, as it puts NordVPN comfortably outside the direct influence of both the NSA and copyright holders. When reviewing NordVPN, we were pleased to see that they back up this privacy-friendly stance by using great encryption and accepting potentially anonymous payment in Bitcoins.

Although I have to be convinced of its utility, many also value NordVPN’s support for “double-hop” VPN chaining (which essentially routes traffic through two servers rather than one).

NordVPN did suffer some performance issues, but has worked hard to fix these. As such, what you get with NordVPN is a very fully featured, fast, and privacy-friendly VPN service. It also runs various servers in or near the Middle East, which will help users in Iran and nearby to get the best possible speeds.

7.6/10.0

VyprVPN Homepage
PROS:
  • Very fast due to own infrastructure
  • Servers in over 70 countries
  • Port selection
  • “Chameleon” stealth servers
  • No usage logs
CONS:
  • Connection (metadata) logs
  • P2P: no

VyprVPN is notable for being one of the rare VPN services to own and control its entire network infrastructure. The result is fantastically fast connection speeds around the world.

We strongly recommend avoiding its PPTP-only basic plan, but VyprVPN otherwise offers a great selection of features, such as a SmartDNS service, robust customer support, port selection, and servers in over 70 countries.

VyprVPNs “Chameleon” stealth technology is effective in countries such as Iran. Like ExpressVPN, VyprVPN offers a 30-day money-back guarantee.

ProviderPriceOur ScoreVisit
1Visit Site »
CyberGhost review »
From
$2.75
/month

9.6

Our Score
Visit Site »
CyberGhost review »
Special Offer: 77% off 2-year plans!
2
ExpressVPN review »
Visit Site »
From
$6.67
/month

9.2

Our Score
Visit Site »
ExpressVPN review »
3
Buffered review »
Visit Site »
From
$6.60
/month

8.4

Our Score
Visit Site »
Buffered review »
4
NordVPN review »
Visit Site »
From
$2.75
/month

8.0

Our Score
Visit Site »
NordVPN review »
5
VyprVPN review »
Visit Site »
From
$4.17
/month

7.6

Our Score
Visit Site »
VyprVPN review »

VPNs for Telegram: Considerations

Using a VPN will allow you to access the Telegram website and download the desktop software, even when it is otherwise blocked. It should also help unblock Telegram in the event of Internet Service Providers (ISPs) blocking the Telegram protocol.

If Telegram is not available from the Google Play store in your country , Android users can download the app using F-Droid.

Unfortunately for privacy, Telegram authenticates users using their phone numbers. This means that Telegram Messenger LLP knows who its users are. Thus it can (in theory) associate non-end-to-end encrypted conversations with individual users (more on this later). Would it ever divulge this information to governments? Probably not, but who knows?

Of more concern is the fact that Telegram stores this information on its servers. It is therefore vulnerable to hacking and surveillance. In Russia last year, two activists’ Telegram accounts were hacked, probably by Russian security services with the cooperation of the activists’ mobile provider.

As Nima Fatemi, an independent security researcher based in the US, told the Committee to Protect Journalists (CPJ):

If any of [Telegram’s] servers get compromised, all of the users’ data is up in the air. We know from the Snowden revelation and all massive hacks that no single computer can be protected from hackers. Especially if it’s a juicy target with millions of people’s conversations stored on it.

Telegram is Not That Secure!

Despite its reputation for privacy and security, privacy and security experts are not fans of Telegram.

End-to-end Encryption

Central to Telegram’s privacy and security claims is its Secret Chat option. This uses end-to-end encryption in order to allow for private and secure conversations. It means that all messages are encrypted on the sender’s device when he/she enables Secret Chat. The messages can only be decrypted and read on the intended recipient’s device.

Messages sent using Secret Chat should therefore secure, even against hackers and Telegram Messenger LLP itself.

This is great. However, experts have criticized Telegram for not enabling Secret Chat by default. Unless you specifically activate Secret Chat, messages sent using Telegram aren’t secure. This means that Telegram Messenger LLP and hackers could access them.

It’s gravely concerning that many Telegram users don’t know that their messages aren’t secure by default. Some may simply forget to turn Secret Chat on.

When combined with Telegram’s method of authenticating users using their phone numbers, this makes it very easy for governments to seize accounts and access unencrypted messages.

Always use the Secret Chat option when you want to keep your conversations private

Encryption Concerns

Additionally, even if you enable Secret Chat, researchers are critical of the encryption used by Telegram. Rather than use tried, tested, and fully audited encryption standards, Telegram uses its own MTProto encryption protocol.

As a detailed security assessment (.pdf) of MTProto notes:

Our  main  discovery  is  that  the  symmetric  encryption  scheme  used  in Telegram  –  known  as  MTProto  –  is  not  IND-CCA  secure,  since  it  is possible to turn any ciphertext into a different ciphertext that decrypts to the same message…

“The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g. authenticated-encryption) are to be preferred to home-brewed encryption schemes.

This is a criticism endorsed by Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, who has recommended not using Telegram because of “its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green.”

If you would like to know more about how encryption works, why not check out our ultimate guide to online privacy?

Open Source?

The only way to know if software can be trusted is if it is open source. This means that researchers can freely examine the code to ensure nothing malicious is going on. The Telegram client is primarily open source, but contains some elements (called binary blobs) that are not.

Some experts have also criticized Telegram for being slow publishing recent versions its open source code. This is a security problem, as the code could be modified without anyone being aware of it.

The server-side code is closed-source and proprietary. However, this shouldn’t be an issue if you enable end-to-end encryption (Secret Chat).

Signal is More Secure

If privacy and security are your main reasons for using Telegram then you should consider switching to Signal. Experts widely regard Signal as the most secure means of remote communication currently available.

The WhatsApp app is based on Signal. Although not without issues, WhatsApp is also much more secure than Telegram.

Of course, you may simply want to use Telegram because your friends and colleagues use it. You may also want to follow particular Telegram users via the app’s mass-broadcast Channel function. This is absolutely fine, but please bear in mind Telegram’s limitations on the privacy/security front.

Telegram in Iran

Iran blocks mainstream media platforms such as Facebook, Twitter, and most international news sites. Telegram is widely used as a means to bypass state censorship and to access reformist viewpoints.

Indeed, analysts believe that Telegram assisted dozens of moderate and reformist-leaning candidates in becoming elected to the Majles (Iran’s parliament) in the 2016 elections. As Amir Rashidi, an internet security researcher at the Center for Human Rights in Iran, told CPJ,

Telegram had a huge impact in Iran’s last parliamentary election. Reformist activists had very limited access to major media outlets and the state radio and TV, so they used Telegram to send and spread their messages.

In response to this, the conservative and authoritarian Iranian government has sought to regulate Telegram. It now requires all Iranian citizens by law to register Telegram channels with more than 5,000 followers with the Ministry of Culture and Islamic Guidance. Some 2,000 Channels (Persian) are now registered in this way.

According to statement by Telegram, in advance of the 2017 elections “internet providers in the country are blocking the protocol that is used to establish a connection between users before a P2P call can be activated.”

If you’re looking to circumvent state restrictions on content in Iran, our best 5 VPNs for Iran should make for interesting reading.

Arrests

Iranian authorities arrested the administrators of 12 reformist Telegram Channels ahead of the May 2017 election. These Channels included Reform News, with more than 111,000 followers, and Assembly of Reformists, with 94,000 followers.

It is my understanding that the authorities later released the Channel admins. However, Radhidi argues that the arrests helped to create an atmosphere of fear and intimidation among liberals and progressives in the country.

Russia Bans Telegram

On Friday 19 April 2018 a Moscow court authorized Roskomnadzor, the Russian communications and technology watchdog, to block Telegram.

The move follows demands from the Federal Security Service (FSB) that Telegram hand over its encryption keys to the secretive KGB successor after claiming that it is widely used by terrorists. Telegram refused.

Good news, however, is that Telegram can still be freely accessed in Russia using a VPN. This is because a VPN hides the fact that you are connecting to the Telegram network from your internet and/or mobile provider (and therefore the Roskomnadzor).

For more information on this story please see our full Russia Bans Telegram Messenger article.

Best Telegram Messenger VPNs: Conclusion

Telegram has proven itself to be a useful tool for defeating censorship and exercising freedom of speech. If you can’t access the Telegram website, or your ISP attempts to block the Telegram protocol, a VPN will help.

Do please be aware, however, of Telegram’s limitations as a privacy tool. Most importantly, always remember to use the Secret Chat feature when participating in discussions that you would rather the authorities not access.

Best VPNs for Telegram Messenger: Side-by-Side Summary

ProviderPriceOur ScoreVisit
1Visit Site »
CyberGhost review »
From
$2.75
/month

9.6

Our Score
Visit Site »
CyberGhost review »
Special Offer: 77% off 2-year plans!
2
ExpressVPN review »
Visit Site »
From
$6.67
/month

9.2

Our Score
Visit Site »
ExpressVPN review »
3
Buffered review »
Visit Site »
From
$6.60
/month

8.4

Our Score
Visit Site »
Buffered review »
4
NordVPN review »
Visit Site »
From
$2.75
/month

8.0

Our Score
Visit Site »
NordVPN review »
5
VyprVPN review »
Visit Site »
From
$4.17
/month

7.6

Our Score
Visit Site »
VyprVPN review »

Image Credit: Allmy/Shutterstock.com