In general Telegram is OK but you should treat some of its claims about privacy with some skepticism since it has become clear that chats are not always end-to-end encrypted, it appears as though chats might still be accessible to Telegram staff. This is not generally an issue since most cloud services are the same.
However, unless you are involved with anti-govnment groups in some extreme countries, it appears to be reasonably private.
If you wanted much higher levels of security and privacy, you would need to switch to using something like Signal. However, creating bots for such secure services is a whole lot harder.
One other thing you can do in the node's config is to limit the chat id's that the bot will listen to. This only impacts the Node-RED end of things but would prevent attackers from issuing commands unless they had managed to get into your group. You can also limit interactions with a bot to your own personal chatid as well so that any interactions from groups would be ignored.
I'm not dealing with highly sensitive privacy issues. I just don't want to leave Telegram settings open to the public to access my home video clips or control my Node-Red system. I'm just trying to figure out how to configure the privacy "fences" between Telegram's bots, groups, channels, users, etc.
I just double-checked and had already configured the Telegram config node to only authorize my Chat ID. And yes, I used BotFather to disable groups for my bot. So it sounds like I've done all I can do with the Telegram settings. Thanks.
I see that Node-Red messages coming out of the Telegram Command node also include 'first_name', 'last_name', and 'username', so I can check those before processing these commands.
Using Signal in Node-Red is not that difficult. Unfortunately, the available contrib-node went dead almost 2 years ago, but back then I created an example flow for using another containerised API.
In the meantime I moved to yet another solution (signald with tcp), which I should write a new flow about , but the gist is that using signal is not too complicated and it can be considered very secure.
Thanks for that. I must have another look since I already use Signal for work as a backup for if/when MS Teams fails & discussions with certain organisations that need slightly higher levels of privacy.
Though to be honest, my minimal use of Telegram just works and is plenty good enough for home automation use even for the mildly paranoid like me.