Skip to content

Telegram’s new Peer-to-Peer Login feature is a security risk

  • by
  • 3 min read

Telegram has launched a new program called ‘Peer-to-Peer Login’ (P2PL), which allows users to earn a premium subscription by providing their phone numbers to send one-time passwords (OTPs) to other Telegram users.

While this initiative benefits users seeking a free premium subscription, cybersecurity experts and privacy advocates have criticised the program.

The details of the P2PL program were first brought to light by a user named @AssembleDebug on a popular Telegram channel and reported by The Verge.

According to Telegram’s terms of service, users who opt into the program agree to let Telegram use their phone numbers to send OTPs to other users for account logins. Participants receive a gift code for one-month premium subscriptions if their number is used to send a minimum number of OTPs per month.

The company believes that this new feature will further ease the process of receiving the access code in some areas.

The users will be responsible for the cost of SMS or any other charges. Telegram will not provide any reimbursements. Furthermore, a user is not allowed to interfere with the service otherwise Telegram can terminate the service.

“Telegram can decide to discontinue P2PL at any time, including in response to unforeseen circumstances beyond our control. We make no guarantee of ongoing or continued support for this program,” says the Telegram terms of service.

Although it is one of the many subscription packages offered by Telegram, it has raised eyebrows. One of the primary concerns raised by experts is the potential exposure of personal phone numbers.

This new feature is a cybersecurity nightmare for users.

When a user’s number is used to send an OTP, the recipient can see the phone number, leading to privacy risks and possible unwanted contact.

The cybersecurity risks get further aggravated as Telegram refuses to provide a cybersecurity guarantee to the users.

“Accordingly, you understand and agree that Telegram will not be liable for any inconvenience, harassment or harm resulting from unwanted, unauthorized or illegal actions undertaken by users who became aware of your phone number through P2PL,” noted the terms of service.

Not only can others see the phone numbers, but they can also reply to the OTP, and Telegram has no way to restrict this. This reliance on user compliance leaves room for misuse of personal information and potential privacy violations.

Other experts believe this program may also serve as a cost-saving measure for Telegram, potentially avoiding fees associated with SMS code delivery.

The launch of the P2PL program has raised questions about Telegram’s commitment to user privacy, especially considering the company’s previous emphasis on privacy protection. The users now face a dilemma between the allure of a free premium subscription and concerns about personal data exposure.

In the News: NordVPN unveils Saily eSIM service for travellers

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: