In this article, we wanted to explore some of the technical nuances touched upon in the investigation. The connection between Telegram and the FSB may be ambiguous, but the risk of such a partnership is unambiguous due to the opacity of Pavel Durov’s company.
Telegram’s statement in response to the «Important Stories» investigation fails to provide arguments or address the specific concerns raised in the article. The response from the GNM Inc. representative to the investigation either refutes theses that weren’t in the investigation to begin with, makes statements that contradict the data presented in the investigation, or makes assertions without providing evidence for them.
Metadata Tracking
To begin with, it’s important to understand that the investigation’s findings do not allow one to conclude that the FSB has access to the text of communications. The editors do not deny that this is possible, but there is little evidence for it. We will also not assume that the FSB has direct access to the content of the servers1. The idea of the original investigation is that Telegram might not be working with intelligence agencies directly, but could be disclosing data to them indirectly.
The «Important Stories» investigation is primarily not about access to messages, but about the chains that could link Telegram and the FSB, as well as a vulnerability that allows intelligence agencies to track the social communication graphs of messenger users worldwide, even without direct access to the servers.
The Described Vulnerability
«Important Stories» refers to a weakness in the Telegram protocol described by Michał Woźniak.
When you log into your Telegram account on your phone, the messenger creates a unique key for each new session, which will be used to encrypt messages. Any messages from the moment the key is created arrive at Telegram’s servers encrypted with that very key, and the server needs to know which session the message belongs to in order to decrypt it with the correct key. For this, an unencrypted session identifier (auth_key_id) is attached to the message.
Using this auth_key_id, any Internet operator on the network can understand that it is the same user sending messages to Telegram, even if they change the IP address.
If a provider controls all traffic to Telegram, it can observe who the user is communicating with; for example, if upon sending a message from auth_key_id «A», Telegram consistently sends something to a user at auth_key_id «B», it means these two users are currently chatting. If these auth_key_ids do not change, an operator can observe these two people communicating for months.
Telegram has a mechanism that is supposed to change these identifiers regularly, especially when the user changes networks, as this significantly complicates surveillance. Unfortunately, the messenger has a leak: when changing networks, the app first sends the old auth_key_id and only then the new one, meaning that with all the traffic in hand, one can track the chain of these auth_key_id changes. Maybe, the correct approach would be for Telegram to generate an auth_key_id in advance (or use resumption tickets) and, upon a network change, immediately use an auth_key_id previously unknown to an external observer, which would look like a new user to such a tracking system2.
The journalists linked this vulnerability with information about Durov’s suspicious partners into a story about an FSB special operation for global surveillance. We’ll also note that this vulnerability does not create new risks for users in the Russian Federation, the point is in potential risks of surveillance over users outside Russia.
On Practicality and Probability
Even if we assume that the Russian company is controlled by the FSB and has full access to the network traffic of Telegram’s servers in the US, one should not forget that all of Telegram’s traffic is encrypted, and tracking via metadata is non-trivial. This type of tracking typically only provides an understanding of the fact that the application is being used, and at best, the fact of communication between one user and another, without revealing the content of the messages.
The original technical analysis notes that Telegram can reuse identifiers across different networks, which allows for tracking a user’s IP change. We agree that Telegram should indeed improve its PFS to prevent this, but the article’s assertive conclusions might be overly stretched.
The first and main condition for this vulnerability’s effectiveness is global control over internet traffic. Russia has achieved such control within its territory, and this is no secret, but the investigation suggests that possible connections between Telegram’s technical operators and intelligence services could give the FSB the ability to monitor Telegram usage even outside the country.
Besides global control, for the described scenario of tracking every move to be realistic, intelligence agencies need to somehow find out a user’s temporary network identifier and be able to track its entire chain of changes. Missing an element in the chain should, in theory, lead to losing the trail, but due to the described protocol weakness, the probability of losing the trail is reduced. To find the beginning of the chain, one must either know the victim’s location well and have access to their network traffic without noise from third-party users to accurately pinpoint the moment the victim opens the messenger, or know the exact moments of the user’s communication with another, already identified user. The fact of communication between one user and another can only be established by revealing the temporary identifiers of both users.
The tracking method only works for a specific session and breaks when you log out of the account or change devices. If you are worried that this vulnerability could be used against you, we advise you to regularly log out and log back into Telegram, using different networks, for example, through a VPN you trust.
Using such an approach, it is difficult to map out one person’s exact social circle. The global social graph described in the article still has some value for intelligence services, but the exact identity of each participant in it outside Russia will remain unknown, and such participants must be identified one by one.
Even without having both users identified, the intelligence can have honeypot accounts (including controlled politicians and public figures) or can uncover identifiers of activists, to judge user’s personal views by proximity to the known nodes in the social graph. We are not sure if such data is worth an operation on the scale described and if the FSB is technically capable of bringing this into life without leaving any direct evidence of it.
We believe that linking the existence of this vulnerability and a certain probability of Russian intelligence services controlling Telegram’s network traffic describes the most dangerous, but not necessarily the most likely scenario3. Perhaps such sensationalism in the technical article is due to the fact that Telegram often ignores and silences security issues if there is no public attention to them.
The described weakness in the protocol is undesirable even if we assume that Telegram’s partners are not monitoring the traffic, as network traffic is transmitted through numerous companies globally, and any of them could be subject to the demands of intelligence agencies.
Additionally, we note that with access to all traffic, it is possible to build social graphs even without precise identifiers, by using IP addresses and distinctive traffic characteristics, although such tracking would be significantly less accurate.
We repeat that metadata tracking does not provide access to messages. The editors do not see strong arguments against the hacking versions in the original «Important Stories» investigation. We regret to note that the investigation also does not mention who services Telegram’s servers in the Netherlands, which would be useful to know, as they store the data of European users. Telegram’s servers in Miami serve users in North and South America.
Servers in Russia
The investigation does not state this directly, but notes that Telegram’s IP addresses are «located in Russia»4. The messenger is regularly accused of having servers in the Russian Federation.
The editors of @tginfo note that GeoIP tools do not display the actual location of servers. These are compiled databases of addresses based on related signals and self-declaration (the owner can specify which country an IP belongs to, and this data is often not verified). Many online GeoIP checking services use outdated data, and their databases do not correspond to the current data of major GeoIP providers.
The editors of @tginfo have never seen convincing evidence of Telegram servers being in Russia. The messenger’s servers are located in the Netherlands, the US, and Singapore.
Activists also often accuse the messenger of using the networks of companies RETN and GNM Inc., which have Russian roots and continue to do business in Russia. It is worth noting that these companies serve a large part of Europe, have networks or traffic exchange points in the Netherlands, Germany, Ukraine, and other countries. The main office of RETN is in London, and GNM Inc. is registered in Antigua and Barbuda, which is considered an offshore zone. Today, they are indeed major backbone providers in Europe whose services are used by large companies, but it’s hard to ignore that both organizations trace their origins to St. Petersburg, where Pavel Durov also lived and developed «VKontakte». It is unfair to claim that Telegram only uses these companies, as the messenger has many network partners, but the investigation points to a possible special closeness between Pavel Durov and the owner of GNM Inc.
Not Everything is Perfect
At the same time, it is worth noting that the homegrown MTProto protocol, developed by Telegram, is not as actively studied by independent researchers as Signal’s encryption, which, in theory, could indeed mean a higher probability of unknown exploitable vulnerabilities. In recent years, Telegram has paid less attention to secret chats, shifting its focus to additional features for regular chats and monetization. There are also political questions for Telegram, such as coordination with Russian authorities and Pavel Durov’s trips to Russia on dates significant for the messenger.
Global Network Management owner’s contracts to simultaneously support the network infrastructure of Telegram and Russian state bodies do indeed raise questions. We note that, according to the investigation, Pavel Durov has known the owner and has been using his services since the «VKontakte» days. One could assume that such a partnership is maintained due to an old acquaintance, but this theory alone cannot explain everything.
In his rebuttal, the CEO of GNM claims that since 2022, he has had no employees in Russia, and since 2024, the Russian companies are «separated from GNM Inc.», including a change of ownership. According to the investigation, both GNM and the Russian business belong to Vladimir Vedeneev, with 96% of the Russian company «Globalnet» being transferred to Vedeneev’s relatives in 2024, which is a common way to disguise ownership. Separately, the company owner assured that the Russian business was sold in 2024, but the editors have not yet seen proof of this.
Here, one can only assess the risks of whether a Russian company can have state contracts and remain independent of the FSB while servicing infrastructure abroad. Pavel Durov’s opinion on his technical partner’s financial proximity to intelligence services is also unknown. If the FSB does have access to messages, the arguments presented do not allow for this to be asserted.
The investigation notes that «Globalnet» was «the first […] to implement, at the request of Roskomnadzor, a system for monitoring user traffic […].» Some readers may unfairly consider this additional proof of a connection to the FSB, but all Russian providers are required to comply with such demands. Nevertheless, it is an example of the company readily engaging in dialogue with the state, and the «Elektrontlecom» contracts mentioned in the investigation show a possible direct financial dependence on the FSB.
Conclusion
The investigation demonstrates:
- an objective weakness in Telegram’s encryption protocol
- certain facts that could link the messenger to the FSB.
The editors of @tginfo doubt that the vulnerability was left intentionally, due to its low practicality, but do not deny possible connections between the messenger and intelligence services, which Pavel Durov does not comment on.
In this article, we wanted to explore some of the technical nuances touched upon in the investigation. The connection between Telegram and the FSB may be ambiguous, but the risk of such a partnership is unambiguous due to the opacity of Pavel Durov’s company.
Telegram’s statement in response to the «Important Stories» investigation fails to provide arguments or address the specific concerns raised in the article. The response from the GNM Inc. representative to the investigation either refutes theses that weren’t in the investigation to begin with, makes statements that contradict the data presented in the investigation, or makes assertions without providing evidence for them.
We do not advise using Telegram’s cloud or secret chats if you are concerned about your security, at the very least because of the messenger’s sometimes reckless attitude towards user privacy and security.
For a messenger to be considered more secure, it must start with greater company transparency, a transition to well-studied cryptography, and open communication with the press, rather than ignoring inconvenient facts.
- We make this assumption because the contrary has not yet been proven, and because the essence of the investigation is that Telegram might be hiding its cooperation with intelligence agencies in this indirect way. We do not find the argument about server-side disk encryption relevant here. If we assume that Telegram is intentionally working with intelligence agencies, it would disclose messages directly or at least provide them with the encryption keys. Server disk encryption is only useful for protecting data during server seizures by law enforcement agencies of the country where the servers are located, or in the event of an intruder penetrating the data center. ↩︎
- In theory you could attack this system by creating an unreliable connection that would exhaust client’s temporary keys on one network to locate the client on a different network, but at least this kind of attack is not passive. But the best solution would be Telegram moving to well-known cryptography, like TLS. ↩︎
- Hanlon’s razor ↩︎
- Mentioned in the Russian version only ↩︎