I am using Telegram as my only way to control Home Assistant while out of wifi range. I have set it up with allowed chat id’s as in the documentation.
I have for fun deleted my wife as an allowed chat id, but since the Telegram bot is public I can still from her phone chat with it. I can then from her phone send commands to Telegram - it doesn’t respond to her account, but it does to mine, so commands she sends is responded to by Home Assistant, the acknowledgement is only sent to me however. So theoretically someone chatting with “our” bot can send the message to deactivate the alarm. Can I somehow make sure that Home Assistant is only responding to allowed chat id’s?
I know it is a very theoretically problem, as someone has to know our bot, has to know commands that the bot does not directly respond back to, and has to know the location of our house to make it really uncomfortable, but still?