Telegram Security Best Pratices

Recommended Security Settings:

  • Phone Number Who can see my phone number — Nobody;
  • Data and Storage Auto Download Media — Toggle off;
  • Phone Number Who can find me by my number — My Contacts;
  • Last Seen & Online Who can see my timestamp — Nobody;
  • Profile photo Who can see my profile photo — My Contacts;
  • Calls Who can call me — My Contacts (or Nobody, if you prefer);
  • Calls → Peer-to-peer My contacts (or Nobody, if you prefer not to share your IP address with chat partners);
  • Start Call Emojis When you start the call, you will see four emojis at the top right corner — ask the person you are calling to name them and compare them to yours (they should be the same as yours). This is protection from Man-in-the-Middle attacks;
  • Forwarded Messages Who can add a link to my account when forwarding my messages — My Contacts;
  • VPN Usage Never add contacts to Telegram (if there are any — erase them), and always use VPN;
  • Groups & Channels Who can add me — My Contacts;
  • Two-Factor Authentication Set up a 2FA (cloud password);

⠀Additional Security Measures:

  • Set up a cloud email 2FA;
  • Disable sticker loop animation! Animated Stickers = danger;
  • Turn off auto-downloading for both Wi-Fi and cellular in Privacy & Security → Data Settings ;
  • Prevent P2P calls for everyone as it may expose your IP! Same with secret chats! End-to-end encryption means that your IP will become known the person you’re chatting with. And vice versa;
  • Disable link & image previews in secret chats (scroll down in a Privacy and Security section);
  • Turn off autoplay for GIFs;
  • Never activate any telegram bot with /start command, especially in public chats;
  • Use safe PDF opening options like or Google Drive preview (ask to upload);
  • Monitor active sessions! Terminate inactive ones! Watch out for session stealers;

⠀Additional Recommendations:

  • Verify messages about account login with official Telegram notifications & news channels;
  • Use a different or virtual phone number for extra privacy;
  • Hide your IP with a VPN provided by Telegram at law enforcement’s request;
  • Maintain a separate secure device with an account logged-in for monitoring;
  • Regularly check the application and service notifications, at least once every five days;
  • Recognize that the more devices logged into the account, the higher the risk of account compromise;
  • Learn about Telegram limitations at Link 2;

Powered by Notaku