Recommended Security Settings:
- Phone Number Who can see my phone number — Nobody;
- Data and Storage Auto Download Media — Toggle off;
- Phone Number Who can find me by my number — My Contacts;
- Last Seen & Online Who can see my timestamp — Nobody;
- Profile photo Who can see my profile photo — My Contacts;
- Calls Who can call me — My Contacts (or Nobody, if you prefer);
- Calls → Peer-to-peer My contacts (or Nobody, if you prefer not to share your IP address with chat partners);
- Start Call Emojis When you start the call, you will see four emojis at the top right corner — ask the person you are calling to name them and compare them to yours (they should be the same as yours). This is protection from Man-in-the-Middle attacks;
- Forwarded Messages Who can add a link to my account when forwarding my messages — My Contacts;
- VPN Usage Never add contacts to Telegram (if there are any — erase them), and always use VPN;
- Groups & Channels Who can add me — My Contacts;
- Two-Factor Authentication Set up a 2FA (cloud password);
⠀Additional Security Measures:
- Set up a cloud email 2FA;
- Learn more about 2FA at core.telegram.org/api#telegram-verification;
- Disable sticker loop animation! Animated Stickers = danger;
- Turn off auto-downloading for both Wi-Fi and cellular in Privacy & Security → Data Settings ;
- Prevent P2P calls for everyone as it may expose your IP! Same with secret chats! End-to-end encryption means that your IP will become known the person you’re chatting with. And vice versa;
- Disable link & image previews in secret chats (scroll down in a Privacy and Security section);
- Turn off autoplay for GIFs;
- Subscribe to Telegram Premium for more features — fragment.com/premium;
- Never activate any telegram bot with /start command, especially in public chats;
- Use safe PDF opening options like dangerzone.rocks or Google Drive preview (ask to upload);
- Monitor active sessions! Terminate inactive ones! Watch out for session stealers;
⠀
⠀Additional Recommendations:
- Verify messages about account login with official Telegram notifications & news channels;
- Refer to the Telegram FAQ;
- Use a different or virtual phone number for extra privacy;
- Hide your IP with a VPN provided by Telegram at law enforcement’s request;
- Follow additional tips at Telegram Tips;
- Maintain a separate secure device with an account logged-in for monitoring;
- Regularly check the application and service notifications, at least once every five days;
- Recognize that the more devices logged into the account, the higher the risk of account compromise;
- Learn about Telegram limitations at Link 2;
⠀