Telegram’s new “People Near” feature shows a list of other users in the area and their nearby location to you you create group chats based on geographic location. The feature is disabled by default and must be manually activated by the user, but it is a peculiar addition to an app that markets itself as a private, end-to-end encrypted messaging service – and according to security researcher Ahmed Hassan, major security risk.
Users can falsify their geographical location in Telegram and open it to potential scams. ‘Many scammers cheat their location and try to sell fake bitcoin investments, hacking tools, SSNs used for unemployment fraud, and so on. The amount of illegal activity I saw there makes the Silkroad look like amateurs are running it, ”Hassan explained in a recent blog post.
Worse, Hassan identified a bug in the People Near feature that could allow bad actors triangular the exact location of other app users by using two accounts with false addresses.
It opens users up to hacks, stalking, or worse – and Telegram, as announced, has no plans to solve the problem. Hassan reported the vulnerability to Telegram, but the company says it will not be patched. In fact, Telegram told Hassan that the discovery of a user’s specific location is in some cases an ‘expected’ result of the People People feature. The response feels out of place for an encrypted messaging program that sells itself privacy features. Even adding a more detailed warning that other users may find your exact location will be helpful, but it also does not look like it will happen.
To be reasonable, Telegram is generally more secure than other chat programs, and since people nearby are by default, this may not look like a serious issue. However, users can accidentally turn on the feature, think they are merely broadcasting their general closeness to someone else, and not their exact location. As you value your privacy, do not use the People Near feature of Telegram.
[TechRadar]
G / O Media can get a commission