$[x2 Indian government decrees that WhatsApp, Telegram, Signal, etc. must ensure continuous SIM binding with services]

• Indian government has classified each of WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, JioChat, and Josh as a Telecommunication Identifier User Entity (TIUE)

• TIUEs must fulfill a range of cybersecurity obligations

• TIUEs must ensure that SIM cards remain continuously linked to their services, they must make it impossible for their users to use services without a SIM

• For website or web-app-based access, TIUEs must ensure users are logged out periodically (not later than 6 hours) and must offer an option to relink accounts through a QR-code-based method

https://www.medianama.com/2025/11/223-dot-sim-binding-directions-to-whatsapp-and-telegram/

$[x2 Indian government decrees that WhatsApp, Telegram, Signal, etc. must ensure continuous SIM binding with services]

• Indian government has classified each of WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, JioChat, and Josh as a Telecommunication Identifier User Entity (TIUE)

• TIUEs must fulfill a range of cybersecurity obligations

• TIUEs must ensure that SIM cards remain continuously linked to their services, they must make it impossible for their users to use services without a SIM

• For website or web-app-based access, TIUEs must ensure users are logged out periodically (not later than 6 hours) and must offer an option to relink accounts through a QR-code-based method

https://www.medianama.com/2025/11/223-dot-sim-binding-directions-to-whatsapp-and-telegram/

"Here you'll find reviews and research about services and how they affect your #privacy both in person and online backed by real world findings and data collected from testing"

Some apps analysed include:

🏆 @simplex ( @threemaapp seems to be an undisputed winner on other lists)
🥈 @briar
🥉 @cwtch

https://privacyspreadsheet.com/messaging-apps

EDIT: this info is controversial (see comments)

#matrix #telegram #xmpp #signal #whatsapp #threema #wire #zoom #CWTCH

As part of the investigation, I have looked closely at Telegram's protocol and analyzed packet captures provided by IStories.

I have also done some packet captures of my own.

I dive into the nitty-gritty technical details of what I found and how I found it on my blog:

Telegram is indistinguishable from an FSB honeypot
https://rys.io/en/179.html

Yes, my packet captures and a small Python library I wrote in the process are all published along.

#Telegram #InfoSec #Privacy #Surveillance #Russia

> Telegram has neither employees nor servers in Russia.

There we go with the servers again!

Regarding employees – okay, so was Vedeneev a contractor? In the story he himself says that that the arrangement was "informal".

Telegram tries to pull a "Schrödinger's Vedeneev" here. He's an "employee" when handling the hardware in Florida, but not an "employee" in Russia? I guess?

Regardless, all that is beside the point, which is: traffic analysis and cleartext device identifier.

🧵

#Telegram

> All Telegram servers are Telegram’s property maintained by Telegram employees.

👉 First: the story is not about the servers, it's about whose infrastructure the traffic flows through.

👉 Secondly: Vedeneev, the Russian owner of the infrastructure provider GNM used by Telegram, had signed documents as Telegram's CFO (would that qualify as "employee"?), and presented himself in Florida court as the person authorized to handle Telegram's servers.

🧵

#Telegram#FSB

Telegram has responded to IStories' piece:

> All Telegram servers are Telegram’s property maintained by Telegram employees. Unauthorized access is not possible. Telegram has neither employees nor servers in Russia. In the entire history of Telegram, it has never handed over private messages to third parties, and its encryption has never been hacked
https://vot-tak.tv/87198696/fsb-chitaet-telegram

This answers exactly zero of the crucial points raised by the story.

Let's dissect it! 🔍

🧵

#Telegram#FSB

As part of the investigation, I have looked closely at Telegram's protocol and analyzed packet captures provided by IStories.

I have also done some packet captures of my own.

I dive into the nitty-gritty technical details of what I found and how I found it on my blog:

Telegram is indistinguishable from an FSB honeypot
https://rys.io/en/179.html

Yes, my packet captures and a small Python library I wrote in the process are all published along.

#Telegram #InfoSec #Privacy #Surveillance #Russia

Remarkable investigation into Telegram by IStories (in Russian):
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

English version by OCCRP:
http://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy

Time to ditch #Telegram:

Telegram announces partnership with Musk's xAI - BBC News

https://www.bbc.com/news/articles/cdxvr3n7wlxo