Telegram is offering some users a free premium plan, but there’s a huge risk

March 26, 2024 TH Author

Telegram's messaging app — Lance Whitney/ZDNET

Telegram has always touted its commitment to security. One of the company’s latest offers for its private messaging app, however, could open you up to all sorts of security risks. In an update to its Terms of Service, the company announced a new Peer-to-Peer Login program that promises a free subscription to its $4.99-per-month Premium plan, with a catch.

Revealed in an English translation of a Russian-language Telegram channel spotted by X user AssembleDebug, the new offer would dole out the Premium plan for free. To qualify though, you’d have to agree to receive OTP (one-time password) codes meant for fellow Telegram users and forward them to the intended recipients.

Also: What is phishing? Everything you need to know to protect yourself from scammers

Based on the info from the channel, the offer is available only on Android phones and only for people from certain countries, such as Indonesia. No more than 150 SMS codes would be sent per month, but you’d be on the hook for any associated carrier costs. Once the minimum monthly number is met, you would receive a gift code for a monthly Premium plan.

A free subscription is always tempting, but this one runs afoul of common sense security and privacy in so many ways.

First, any fellow Telegram user with whom you share an SMS code could potentially see your phone number. Second, you’d be able to see the phone numbers of anyone to whom you send a code. Third, this whole scheme violates the purpose of multi-factor authentication in which your phone number plays a major security role.

Imagine the field day that hackers, scammers, and spammers would have by signing up for this offer. It would provide a treasure trove of phone numbers to exploit. And what happens if an unlucky user gets scammed through this process? Surely, Telegram would step in to help.

Nope.

“Telegram cannot prevent the OTP recipient from seeing your phone number upon receiving your SMS,” the company says in its Terms of Service. “Therefore, you acknowledge and agree that you have considered any and all potential repercussions this may entail, and you have taken the necessary precautions to mitigate them as you see fit. Accordingly, you understand and agree that Telegram will not be liable for any inconvenience, harassment or harm resulting from unwanted, unauthorized or illegal actions undertaken by users who became aware of your phone number through P2PL.”

The offer is a surprising one coming from a company like Telegram, which normally prides itself on the security and privacy it offers through its messaging app. On its FAQ page, Telegram even says that the two most important components of internet privacy should be: 1) Protecting your private conversations from snooping third parties, such as officials and employers; and 2) Protecting your personal data from third parties, such as marketers and advertisers.

In the long run, this offer would save you only $5 per month. Surely, your security and privacy are worth more than that.