As part of the investigation, I have looked closely at Telegram's protocol and analyzed packet captures provided by IStories.
I have also done some packet captures of my own.
I dive into the nitty-gritty technical details of what I found and how I found it on my blog:
Telegram is indistinguishable from an FSB honeypot
https://rys.io/en/179.html
Yes, my packet captures and a small Python library I wrote in the process are all published along.
Telegram has responded to IStories' piece:
> All Telegram servers are Telegram’s property maintained by Telegram employees. Unauthorized access is not possible. Telegram has neither employees nor servers in Russia. In the entire history of Telegram, it has never handed over private messages to third parties, and its encryption has never been hacked
https://vot-tak.tv/87198696/fsb-chitaet-telegram
This answers exactly zero of the crucial points raised by the story. 
Let's dissect it! 🔍
🧵
> All Telegram servers are Telegram’s property maintained by Telegram employees.
👉 First: the story is not about the servers, it's about whose infrastructure the traffic flows through.
👉 Secondly: Vedeneev, the Russian owner of the infrastructure provider GNM used by Telegram, had signed documents as Telegram's CFO (would that qualify as "employee"?), and presented himself in Florida court as the person authorized to handle Telegram's servers.
🧵
> Unauthorized access is not possible.
Unauthorized access to… what exactly? To the servers, which the story is not about? To data on the servers, which again, the story is not about?
Or do they mean the traffic? Because if they mean the traffic here, then GNM's access to it, as the networking provider, would be totally authorized after all.
So, either they are talking about something irrelevant (servers), or they make a statement that looks good but does not actually contradict the story.
🧵
> Telegram has neither employees nor servers in Russia.
There we go with the servers again!
Regarding employees – okay, so was Vedeneev a contractor? In the story he himself says that that the arrangement was "informal".
Telegram tries to pull a "Schrödinger's Vedeneev" here. He's an "employee" when handling the hardware in Florida, but not an "employee" in Russia? I guess?
Regardless, all that is beside the point, which is: traffic analysis and cleartext device identifier.
🧵
> In the entire history of Telegram, it has never handed over private messages to third parties
🚨 Sneaky use of "private messages"!
Remember, Telegram has end-to-end encrypted "Secret Chats", which almost nobody uses; and then it has "Cloud Chats" for everything else.
They decided to add "private" here, as if "less private" non-Secret-Chat messages had been provided to third parties? ..
Yes, there are indications of just that if you're wondering:
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
🧵
This is a bonfire demo instance for testing purposes
