- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
You must log in or register to comment.
Anyone who reads the article may be surprised to find that it contains literally no evidence to support the claim made in its clickbait headline. The author of the article comes to pretty different, much more limited conclusion:
Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.
This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.
This is way more different thing than claiming and proving that Telegram is somehow FSB honeypot.
Furthermore, the author of the article does not even attempt to somehow prove a Telegram/FSB connection and takes this claim for granted based on the article published on websites of OCCRP and its Russian affiliate Istories. Let’s check this article and the evidence it presents:
Reporters obtained the company’s internal accounting documents for 2024 which show that one of its most important government clients is the FSB.
The documents show that Electrotelecom installs and manages equipment for a system that is being used by the FSB offices in St. Petersburg and the Leningrad region for surveillance.
Unlike the conclusions made in the rys.io article, which have a vast evidence base and can be verified, in this case we are simply asked to take the word of the so-called “investigative journalism outlet”.
And what do we know about OCCRP?
In 2024, it was reported that OCCRP receives nearly half its funding from USAID
https://en.wikipedia.org/wiki/Organized_Crime_and_Corruption_Reporting_Project
I think that’s enough.
TLDR:
-
Telegram uses a suboptimal method of handling user IDs in its packets, which allows to track which user ID is sending messages to which user ID.
-
The Telegram/FSB link claim is based solely on unverifiable statements made by shills on USAID payroll.
This is way more different thing than claiming and proving that Telegram is somehow FSB honeypot.
I did not claim nor attempt to prove that “Telegram is somehow FSB honeypot”. I did claim and I believe I showed that it is indistinguishable from an FSB honeypot. If you’re nit-picking, at least nit-pick the correct claims, instead of some straw-man version of what I wrote that happens to be easier to attack. 😼
Yes, OCCRP received funding from USAID. They put that information very clearly on their own website. Here’s a crazy thought: investigative journalism needs to be funded somehow, and USAID was one of the ways this could be done. If you have a better idea of how to fund investigative journalism, there is a lot of media outlets that would love to hear from you!
The way OCCRP was/is funded does not say anything about the veracity of their reporting. Or that of IStories, which was done independently of OCCRP (that’s an important bit that most people miss).
What does speak to the veracity of reporting is the fact that over a decade and a half of reporting on stuff like this OCCRP has been sued by oligarchs multiple times in the most oligarch-friendly jurisdiction out there, UK (specifically, London), and have not lost a single time. Will Telegram sue OCCRP or IStories? Perhaps. Will they win? I seriously doubt it.
If they do sue, the discovery will be hilarious. IStories folks are going to get access to all sorts of great documents, I’m sure. Can’t wait for these to get published!
Speaking of documents, I like how you quote two random claims made in that OCCRP version of IStories article, and just decide to ignore the bit where Vedeneev claims, in actual court documents, that yes he has access to Telegram infrastructure. And how there are documents showing he owns GNM. And how there are documents showing he also signed documents on behalf of Telegram (hilariously, a document exists that he signed both on behalf of GNM and of Telegram). And how he co-owns or co-owned companies which are also co-owned by people directly connected to the FSB. And a bunch of other stuff.
But that doesn’t fit your “US shill” hot take, so why mention any of that right? 😄
You might also want to read the Russian version of IStories story, for hard documentary evidence of Durov’s connections to FSB:
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/On a personal note, it is so much joy to see all the hand-wavy pushback in this thread. Clearly the story hit a pain point somewhere. The funny thing is that if similar but much less substantiated claims were made about Signal here, there would be a frenzy of dunking on it as an “imperialist tool of surveillance”. 🤡
-
The entire article seems like an attack. The author finds a unique identifier and adds “Russia bad” throughout.
States the information is in cleartext but then explains how everything is encrypted (in transit).
What will the author do if they intercepted any single online stores transfer of credit card details. Also encrypted in transit but Is that also deemed as cleartext? Or is that okay?
I don’t think much new is learnt here. WhatsApp also sends metadata in “cleartext” (not really, as it’s encrypted in transit, but this article called that “cleartext”).
States the information is in cleartext but then explains how everything is encrypted (in transit).
That’s not how I understood it. The message context is allways encrypted in transit (using a novel encryption scheme). The auth_key_id however is not encrypted. And that can be used to track users as it is s(semi-)static.
That’s not what I understood from the post, but could you point to the specifics of what you’re talking about in regards to the identifier being encrypted in transit? It seems the ID is sometimes obfuscated, but that is trivial to remove and not meant for security as mentioned.
Russia bad btw.
I don’t know… I think the author put a lot of effort on document things and presenting evidence.
Your post history and mod logs are also quite weird.
Your post history and mod logs are also quite weird.
Lol what does that mean
That means you reply to things like a troll and it would be hard to assume you have good intentions
Really?! Okay. I think your troll radar is well off, but it’s your opinion so you do you I suppose.
Maybe you are the troll. Like 4D chess level of troll. =D
Yes, I do love to waste my precious time doing things like that.
Clearly, trolling is your passion as evidenced by this very thread.
No, not that very obvious thing that people have been saying for years! I simply refuse to believe it!
Just infantile Western propaganda/russophobia. reverse it for Western reality, and ignore the post…
Hahaha , so the conclusión is ? Use usa and israel software so they can spy us ? F… this crap propaganda.
Hi, author here. First of all, in that piece I don’t happen to recommend using any specific piece of software. I mention Signal and WhatsApp for comparison, as tools that are considered similar, and yet avoid making the same weird protocol choices.
Secondly, if you have any proof that any specific communication tool is used to “spy” on people, I am sure I am not the only person who would love to hear about it. That’s the only way we can keep each other safe online. Surely you wouldn’t be making unsubstantiated claims and just imply stuff like that without any proof, would you?
And finally, I’ve spent a good chunk of time and expertise on analyzing Telegram’s protocol before I made my claims. I provided receipts. I provided code. I explained in detail my testing set-up. You can yourself go and verify my results.
Instead, you claim it’s “propaganda”, while mischaracterizing what I say in that post. Classy!
I can’t say I read the whole thing because the technical analysis went over my head, but I don’t think we read the same conclusion
Conclusions
Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.
This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.
fr it’s literally
no russia bad but trust our feds instead because we are the good guys bsfr 💀💀💀
But I can’t lie the analysis is still quite in-depth and feels like an effortpost
trust our feds instead
Can you quote that part from the article? I think I missed it
Awesome analysis. Thank you!
I’m not the author. You can thank @rysiek@szmer.info for this amazing write-up
Heh, thanks. AMA I guess.
What’s your favourite deep sea creature?
Ooh, that’s a good question!
I am going to say Sperm Whales, if only because of how amazing they look while… sleeping vertically:
https://www.nationalgeographic.com/photography/article/sperm-whales-nap-sleeping-photography-spdBeautiful and eerie. Thanks for sharing.
I like this one: https://www.mbari.org/animal/giant-phantom-jelly/
Nice!
Not a question, but you’ve written some fantastic articles, thanks — I’ve added your website to my RSS feed!
Thank you, that’s really great to hear!
AMA is AMA
- What lead you to dive into examining Telegram?
- How would you use it if abandoning it is not an option, safety-wise, on android? Like, opening it in browser instead, killing app from the background, or using some app\tool? Not using it for anything sensitive is obvious.
- What are other potential worms is in there you may think of? Recently, Yandex and Meta analytics tools got caught in sending browsing data to phone’s localhost - where their locally installed apps caught it and sent back home. If the FSB conection is that deep, there is no end to what they’d want to mine from users.
It’s not the first time I see your discovery shared and I want to thank you. It won’t completely disencourage people around me from using it but it’d pile up with other many reasons to do so. Someday there would be just enough of them, like it happened with VK, Facebook etc, I believe.
AMA is AMA
What have I done.
What lead you to dive into examining Telegram?
I do information security work, and I used to work closely with investigative journalists hailing from Russia, Kazachstan, Ukraine, and other places in that general area. Telegram is massively popular there. Because of this Telegram has been on my radar for a very long time as a serious security threat – not just because its protocol and management are suspect, there are plenty of other IMs like that, but also because of how many people I worked with had used it.
I’ve written about Telegram before, on amore general level (linked in the blog post), so when IStories reached out to me for comment on this it was a good inspiration to dive deeper.
How would you use it if abandoning it is not an option, safety-wise, on android? Like, opening it in browser instead, killing app from the background, or using some app\tool? Not using it for anything sensitive is obvious.
I would not use it. I refuse to accept that abandoning it is not an option. There are plenty of options. It’s always a decision one can make.
Please remember that even if hypothetically you could use it in a way that protects you from the spying – something I am very, very doubtful of! – the mere fact you are using it sucks other people into using it. You personally become one more reason for someone to start using or keep using Telegram. You personally become one more “user” of Telegram, justifying another media organization or NGO to set up or maintain a presence there – which in turn pulls in even more users into the dragnet.
In other words, your decision to use Telegram anyway, even though you know what the issues are, becomes one of the many things that make other people feel that “abandoning is not an option”. I refuse to be a part of that. The only thing I can recommend is to stop using it.
What are other potential worms is in there you may think of? Recently, Yandex and Meta analytics tools got caught in sending browsing data to phone’s localhost - where their locally installed apps caught it and sent back home. If the FSB conection is that deep, there is no end to what they’d want to mine from users.
I think this hits the nail on the head: If the FSB conection is that deep, there is no end to what they’d want to mine from users.
I don’t want to speculate. The possibilities are vast. But I will say what I said in the blogpost: Telegram is indistinguishable from an FSB honeypot.
I don’t trust Telegram the company, I don’t trust Telegram the software, I don’t trust MTProto. I certainly do not trust Pavel Durov. I don’t think we need to speculate on what more could possibly be hiding there, what is already known about Telegram should really be enough to stop using it.
