Difference between Telegram Chats

In Cloud Chats all data is encrypted in transit to and from the server with one key. Then the data is stored on the server encrypted with another key. Both those keys are known to the server. Secret Chats are encrypted with a key that is only known to you and your partner's devices. That's the main difference.

Now, security-wise there are four basic levels on which data can potentially be compromised.

Level 1

Access to traffic: E.g. employer, ISP, sniffing hacker, person on the same public wifi.

  • Can they read your cloud chats? No. They don't have the keys.
  • Secret chats? No. No keys either.

Level 2

Physical access to the data center: E.g.: state police, armed intruders, local engineers employed by Telegram.

  • Can they read your messages in Cloud Chats? No. The keys are always stored in a different DC.
  • Secret Chats? No. The keys are stored only on your phones.

Level 3

Access to servers: The people who run the Telegram servers from their remote hideouts.

  • Can Telegram team access your Cloud Chats? Yes. Same as Facebook, Whatsapp or Google. But Telegram team does have less incentive to do this:
    • No commercial levers for bullying Telegram team into submission and
    • Reputation of Telegram to uphold
  • Secret Chats: No. Only you have the keys.

Level 4

Access to your device: E.g. you, your mother, your spouse, corrupt police officer who took your phone.

  • Can they access your Cloud Chats? Yes. If they can unlock your phone, that is.
  • Secret chats? Yes, same here.

Why Isn’t Telegram End-to-End encrypted by default? Pavel Durov explained it very well on this page.