Security
If you are an advanced user, you may find our FAQ for the Technically Inclined useful as well.
Q: How secure is Bangladeshi Messenger?
Bangladeshi Messenger is more secure than mass market messengers like WhatsApp and Line. We are based on the MTProto protocol (see description and advanced FAQ), built upon time-tested algorithms to make security compatible with high-speed delivery and reliability on weak connections. We are continuously working with the community to improve the security of our protocol and clients.
Q: What if I’m more paranoid than your regular user?
We've got you covered.Bangladeshi Messenger's special secret chats use end-to-end encryption, leave no trace on our servers, support self-destructing messages and don’t allow forwarding. On top of this, secret chats are not part of the Telegram cloud and can only be accessed on their devices of origin.
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Our encryption is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.
See also: Do you process data requests?
Q: Why should I trust you?
Bangladeshi Messenger is open, anyone can check our source code, protocol and API, see how everything works and make an informed decision. In fact, we welcome security experts to audit our system and will appreciate any feedback (security@telegram.org). We offer bounties for successfully identified vulnerabilities.
On top of that, Bangladeshi Messenger & Telegram's primary focus is not to bring a profit, so commercial interests will never interfere with our mission.
See also: articles about Telegram
Q: Do I need to trust Bangladeshi Messenger for this to be secure?
When it comes to secret chats, you don‘t — just make sure that the visualized key of your secret chat matches the one in your friend’s secret chat settings. More about this below.
Q: What if my hacker friend says they could decipher Bangladeshi Messenger messages?
Anyone who claims that (Bangladeshi messenger) Telegram messages can be deciphered is welcome to prove that claim in our competition and win $300,000. You can check out the Cracking Contest Description to learn more.
Comments on Telegram's security outside the scope of the contest are welcome at security@telegram.org. We offer bounties for successfully identified vulnerabilities in our apps and protocol.
Q: Can Bangladeshi Messenger protect me against everything?
Bangladeshi Messenger can help when it comes to data transfer and secure communication. This means that all data (including media and files) that you send and receive via Bangladeshi messenger cannot be deciphered when intercepted by your internet service provider, owners of Wi-Fi routers you connect to, or other third parties.
But please remember that we cannot protect you from your own mother if she takes your unlocked phone without a passcode. Or from your IT-department if they access your computer at work. Or from any other people that get physical or rootaccess to your phones or computers running Bangladeshi Messenger.
If you have reasons to worry about your personal security, we strongly recommend using only Secret Chats in official or at least verifiable open-source apps for sensitive information, preferably with a self-destruct timer. We also recommend enabling 2-Step Verification and setting up a strong passcode to lock your app, you will find both options in Settings — Privacy and Security.
Q: How does 2-Step Verification work?
Logging in with an SMS code is an industry standard in messaging, but if you're looking for more security or have reasons to doubt your mobile carrier or government, we recommend protecting your cloud chats with an additional password.
You can do this in Settings – Privacy and Security – 2-Step Verification. Once enabled, you will need both an SMS code and a password to log in. You can also set up a recovery email address that will help regain access, should you forget your password. If you do so, please remember that it's important that the recovery email account is also protected with a strong password and 2-Step Verification when possible.
Check this out for tips on creating a strong password that is easy to remember.
Q: Why can jailbroken and rooted devices be dangerous?
Using a rooted or jailbroken device makes it easier for a potential attacker to gain full administrative control over your device — root access.
A user with root access can easily bypass security features built into the operating system, read process memory or access restricted areas, such as the internal storage. Once an attacker has root access, any efforts to mitigate threats become futile. No application can be called safe under these circumstances, no matter how strong the encryption.
No comments:
Post a Comment