As part of the investigation, I have looked closely at Telegram's protocol and analyzed packet captures provided by IStories.

I have also done some packet captures of my own.

I dive into the nitty-gritty technical details of what I found and how I found it on my blog:

Telegram is indistinguishable from an FSB honeypot
https://rys.io/en/179.html

Yes, my packet captures and a small Python library I wrote in the process are all published along.

#Telegram #InfoSec #Privacy #Surveillance #Russia

> Telegram has neither employees nor servers in Russia.

There we go with the servers again!

Regarding employees – okay, so was Vedeneev a contractor? In the story he himself says that that the arrangement was "informal".

Telegram tries to pull a "Schrödinger's Vedeneev" here. He's an "employee" when handling the hardware in Florida, but not an "employee" in Russia? I guess?

Regardless, all that is beside the point, which is: traffic analysis and cleartext device identifier.

🧵

#Telegram

> All Telegram servers are Telegram’s property maintained by Telegram employees.

👉 First: the story is not about the servers, it's about whose infrastructure the traffic flows through.

👉 Secondly: Vedeneev, the Russian owner of the infrastructure provider GNM used by Telegram, had signed documents as Telegram's CFO (would that qualify as "employee"?), and presented himself in Florida court as the person authorized to handle Telegram's servers.

🧵

#Telegram#FSB

Telegram has responded to IStories' piece:

> All Telegram servers are Telegram’s property maintained by Telegram employees. Unauthorized access is not possible. Telegram has neither employees nor servers in Russia. In the entire history of Telegram, it has never handed over private messages to third parties, and its encryption has never been hacked
https://vot-tak.tv/87198696/fsb-chitaet-telegram

This answers exactly zero of the crucial points raised by the story.

Let's dissect it! 🔍

🧵

#Telegram#FSB

Remarkable investigation into Telegram by IStories (in Russian):
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

English version by OCCRP:
http://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy