- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 11 3.2.2 Account and Privacy Telegram accounts were traditionally tied to telephone numbers. However, in December 2022, an update introduced the option to sign up without a SIM card, using an anonymous phone number purchased on the Fragment platform, especially created for Telegram-related auctions. To buy a number, one needs to link a TON wallet to the website. The price of those numbers starts at nine Toncoins (as of December 7, 2022, approximately USD $ 16.5) and premium virtual numbers (such as +888-8-888) can even reach up to 31,500 Toncoins (approximately USD $ 58.2K). 22 Users can add multiple devices to their account and receive messages in all of them. 23 Telegram also allows users to keep their profile hidden and not easily discoverable by unknown people. Thus, users can send messages in private chats and groups without making their phone number visible. 24 In December 2021, Telegram introduced content protection features for admins of groups and channels. To activate content protection, the owners need to restrict message forwarding, thus also enabling screenshot blocking via Android security policies (however, screenshots are still likely an option for desktop and iOS clients) and disabling the option to save media from posts. 25 3.2.3 Encryption According to Telegram, it uses two types of encryption: cloud-based (server-client encryption) and end-to-end (client-client encryption). Groups, channels, and one-to-one chats use its ‘cloud’ encryption. The cloud setup means that the company can show and sync messages across desktop and smartphone apps in real time. In addition, the messages are stored on its servers. Cloud chats and groups are encrypted between the client and the server, so that ISPs and other third parties on the network cannot access data. Overall, this ‘cloud’ encryption is not as privacy-protecting as end-to-end encryption. However, Telegram does offer limited end-to-end encryption with MTProto protocol for chats between two people, called ‘Secret Chats’. MTProto is a symmetric encryption based on 256-bit AES encryption, 2048-bit RSA encryption and Diffie–Hellman key exchange. 26 Voice calls and video calls are end-to-end encrypted by default as well. 22 https://techcrunch.com/2022/12/07/telegram-is-auctioning-phone-numbers-to-let-users-sign-up-to-the- service-without-any-sim/ 23 https://telegram.org/faq#:~:text=You%20can%20log%20in%20to,cloud%20chats%20will%20sync%20instantly. 24 https://cointelegraph.com/news/telegram-to-allow-no-sim-accounts-via-anon-blockchain-numbers 25 https://www.bleepingcomputer.com/news/software/telegram-adds-content-protection-support-for-groups- and-channels/ 26 https://core.telegram.org/mtproto