When Telegram rolled out its Nearby Share feature, it touted it as a tool to get in touch with people without having to share their contacts, thus enhancing their privacy. Earlier this year, the messaging app rolled out the second version of the People Nearby feature. Telegram had noted that the feature helps users meet new people and allows them to make groups of like-minded people. By clicking on the Contacts section followed by “Add people nearby” the user can add people and can make himself visible by clicking on “make myself visible.”
Now, a user needs to enable his or her location to access this feature. However, according to a recent blog post by security blog Ahmed’s Notes, the People Nearby feature can be exploited by users to get the exact location of people who have shared their location on Telegram. The security blog post notes some elaborate as well as easy methods that can be used by adversaries to spoof someone’s GPS location who has enabled the People Nearby location on Telegram.
The easiest method, the blog post notes, is to “walk around the area, collect the GPS latitude and longitude of yourself, and how far the target person is from you.”
“You’re effectively publishing your home address online,” the blog post noted. It further states that an adversary can spoof a vulnerable user’s location for three points and use them to draw three triangulation circles within a 7 miles (roughly 10 km) radius limit that Telegram has in place.
However, according to Telegram’s security team, who replied to Ahmed’s query, People Nearby users are sharing their locations intentionally saying that the feature is not enabled by default and that it is expected that determining the exact location is possible under certain conditions.
If you don’t wish to reveal your location, then it would be sane to not use the People Nearby option. Telegram may further start charging its users for some features in the coming months. Earlier this year, talking about his plans to generate revenue, founder and CEO of the company Pavel Durov said, “Telegram will begin to generate revenue, starting next year. We will do it in accordance with our values and the pledges we have made over the last 7 years. Thanks to our current scale, we will be able to do it in a non-intrusive way. Most users will hardly notice any change.”