Telegram, the popular messaging app known for its focus on privacy and security, which is highly questionable, has recently introduced a new feature that has left many users and security experts deeply concerned. The "Peer-to-Peer Login" (P2PL) system, as Telegram calls it, promises users a free premium subscription in exchange for allowing the app to use their phone numbers to relay one-time passwords (OTPs) to other Telegram users.
This new system, which is currently being rolled out in select countries for Android users, raises significant privacy and security concerns that all Telegram users should be aware of.
The Peer-to-Peer SMS Relay Explained
According to the details reported by various tech publications, the P2PL system works as follows:
- Telegram users can opt in to the program and allow the app to use their phone numbers to send OTP codes to other Telegram users who are logging into their accounts.
- For every OTP code sent from a user's number, Telegram will keep track of the usage. Once a user's number has been used to send a minimum number of OTP codes (reportedly around 150 per month), Telegram will provide them with a gift code for a free one-month premium subscription.
- The terms of service for this program clearly state that Telegram will not be held responsible for any "inconvenience, harassment or harm" that may result from other users becoming aware of the participating user's phone number through the P2PL system.
The Concerning Privacy and Security Implications
Telegram has always had concerns about its claims of being privacy focused, and many privacy experts advise against using it. The introduction of the P2PL system just worsens the situation instead of improving it.
While the prospect of a free premium subscription may seem enticing, the P2PL system poses several significant privacy and security risks that users should carefully consider:
Privacy Concerns:
Exposure of Phone Numbers
The primary concern is that the recipient of an OTP code sent from a user's number will be able to see the user's phone number. This opens up the possibility of unwanted contact, harassment, or even abuse.
Lack of Control
Telegram's terms of service make it clear that the company will not be held responsible for any consequences arising from the exposure of a user's phone number. This effectively absolves Telegram of any accountability, leaving users to deal with the fallout on their own.
Violation of Privacy Principles
Telegram has long positioned itself as a privacy-focused messaging app, with features like end-to-end encryption and self-destructing messages. The P2PL system directly contradicts these core privacy principles, undermining the very foundation that has made Telegram popular among privacy-conscious users.
Security Risks:
Undermining Two-Factor Authentication
The primary purpose of two-factor authentication, such as the use of OTP codes, is to provide an additional layer of security beyond just a password. By allowing users' phone numbers to be used as a relay for these codes, the P2PL system compromises the integrity of this security measure.
Potential for Abuse
Cybercriminals and scammers could potentially exploit the P2PL system to gain access to a large pool of phone numbers, which they could then use for various nefarious activities, such as SIM swapping, phishing, or spam campaigns.
Carrier Fees
Telegram's terms of service explicitly state that the company will not be responsible for any carrier fees or charges associated with the sending of OTP codes. This means that users who opt-in to the P2PL system may end up paying more for their phone service than the value of the free premium subscription they receive.
Alternatives and Recommendations
Given the significant privacy and security concerns surrounding Telegram's P2PL system, it's crucial for users to carefully consider whether the potential benefits of a free premium subscription are worth the risks involved.
Alternatives to the P2PL System:
Exploring Other Messaging Apps
There are numerous other privacy focused messaging apps available that prioritize privacy and security, such as Signal, WhatsApp, and iMessage. While these may not offer the same level of features as Telegram Premium, they provide a more secure communication experience without the risks associated with the P2PL system.
Paying for Telegram Premium
While the $4.99 per month cost of Telegram Premium may seem high, it is a much safer and more secure option than the P2PL system. By paying for the premium subscription, users can enjoy the additional features without compromising their privacy or security.
Recommendations for users:
Avoid the P2PL System
Given the significant privacy and security risks, it's highly recommended that Telegram users steer clear of the P2PL system, even if it means forgoing the free premium subscription.
Prioritize Privacy and Security
When choosing a messaging app, users should prioritize privacy and security features over additional functionalities. The protection of personal data and communication should be the primary concern.
Stay Informed
It's essential for Telegram users to stay up-to-date on the latest developments and changes to the app's policies and features. Regularly checking Telegram's terms of service and privacy policies can help users make informed decisions about their use of the platform.
If Telegram's recent actions and the introduction of the P2PL system have eroded user trust, it may be worth exploring other messaging apps that have a stronger reputation for privacy and security.