Elham Vaziripour, Reza Farahbakhsh, Mark O'Neill, Justin Wu, Kent Seamons, and Daniel Zappala, Private But Not Secure: A Survey Of the Privacy Preferences and Practices of Iranian Users of Telegram, Workshop on Usable Security (USEC), February 2018.
Telegram is a messaging application that offers a wide variety of privacy and security features, but these features must be activated or chosen by users, rather than being turned on by default. At the same time, Telegram has a large number of users in Iran, who may potentially have a high need for privacy and security. Thus in this paper we study how Iranian users of Telegram, living both inside and outside of Iran, have chosen to adopt the available privacy and security features, using a survey that was distributed primarily with snowball sampling and answered by approximately 400 respondents. We find that the overwhelming majority of respondents feel it is important that messaging applications protect the privacy of their messages, yet their adoption of the available privacy and security features is mixed. Overall, respondents tend to more widely use basic privacy features that are common in many other applications or social networks, such as limiting who can see their information, blocking other users, and editing/deleting messages. However, use of security features, such as a pass code lock, two-step verification, and end-to-end encrypted chat is much lower. A little over half of respondents use Telegram to send private or sensitive information, despite the vast majority rarely or never using end-to-end encrypted chat. Majority of Iranian users residing inside the country express higher concern and report sharing sensitive information more and employing privacy features more than rest of the respondents.