UPD: In response to a request from «Vot Tak»**, «Telegram» stated that none of the service providers for the messenger ever had access to confidential data, and the company itself has never transferred personal messages to third parties.
The «Telegram» messenger of the most famous Russian IT entrepreneur Pavel Durov has over a billion active users, with more than 70% of the population in Russia using it, as there was a long-standing myth about its security and secrecy. «Important Stories» found out that this is far from the case, and recent criminal cases show that law enforcement officers gain access to correspondence without contact with the devices themselves.
Last year, the publication discovered that numerous statements by Durov about not visiting his homeland do not correspond to reality. From an FSB border service leak, it was found that he visited Russia more than 50 times since his departure in 2014.
Durov especially actively traveled to Russia when he faced serious financial problems: in 2019, the US Securities Commission banned the issuance of his cryptocurrency TON, with which he hoped to cover expenses for purchasing servers and other equipment for «Telegram». Durov owed nearly 2 billion dollars to investors, including Russian oligarchs, as well as GRU agent Jan Marsalek and companies trading illegally exported raw materials from occupied territories of Ukraine. Immediately after his first visit to Russia in several years, he pledged to pay part of the debts, and by 2021, he raised a billion dollars in funding with the help of the Russian state bank VTB, Mikhail Fridman's «Alfa Capital», and the investment group «Aton».
The secrecy of correspondence in «Telegram» has long been debunked by many experts. End-to-end encryption is used only in secret chats, which need to be activated separately. According to Durov's former colleague Anton Rosenberg, 98% of messenger users communicate in regular chats. All messages from them are decrypted and stored on «Telegram» servers. This means that whoever controls the server can access the correspondence.
Moreover, Durov's application has another significant difference from other messengers. «The «Telegram» protocol works in such a way that when the application on your phone or computer creates an encrypted message, an unencrypted device identifier called auth_key_id is added at the beginning. This applies to all chats, not only cloud-based but also secret ones, — explains digital security expert with 20 years of experience Michal «Rysiek» Wozniak.
According to Wozniak, this identifier is used on the «Telegram» server side to determine the device and select the key for decrypting messages. However, Durov's messenger somehow sends this identifier unencrypted, as plain text. «Other messengers have long used TLS or similar tools to protect the connection between the device and the server. And there's no reason why «Telegram» couldn't do the same», — Wozniak believes.
In practice, this means that whoever the messenger's traffic passes through can track device identifiers and, combined with other data, such as IP addresses (a unique number that allows devices to find each other on the internet), as well as the time messages are sent, determine a person's location and obtain other valuable information: for example, which devices are exchanging data, which ultimately allows building a network of connections between «Telegram» users.
Meanwhile, in Russia, every internet provider must install SORM (a system used by Russian special services to monitor phone calls and internet activity of users) in their infrastructure. Thus, the special services have access to the traffic passing through the provider.
«Important Stories» managed to find out that the confidentiality of hundreds of millions of «Telegram» users from other countries may also be at risk. This is because Pavel Durov handed over the arrangement of the entire messenger infrastructure to one company, de facto located in Russia.
A significant role in the messenger's infrastructure is played by a little-known company from the Caribbean islands of Antigua and Barbuda — Global Network Management (GNM). The owner of the company — a native of Tolyatti, Vladimir Vedeneev. «GNM installs client equipment — in this case for the «Telegram» messenger — and provides subsequent technical support for this equipment», — he stated in one of the legal proceedings with a data center from Miami. Also, according to him, half of the GNM employees are in Russia, where the company has an office in St. Petersburg.
Meanwhile, from the Miami process materials, it became known that Vladimir Vedeneev — not only the owner of the company servicing almost the entire «Telegram» infrastructure, at the same time he was the financial director of the messenger, having the right of signature along with Durov.
Despite Vladimir Vedeneev being a key person for the «Telegram» infrastructure, his former colleagues, as well as other interlocutors of «Important Stories» familiar with Durov, have never heard Vedeneev's name.
Until 2020, the IP addresses of «Telegram», which are now controlled by GNM, belonged to a company from St. Petersburg «Globalnet». Until recently, the beneficiary of «Globalnet» was the same Vladimir Vedeneev, but in 2024 he transferred it to his relatives: they control 96% of the company. Another 4% belongs to Roman Venediktov, who graduated from the Mozhaisky Military Space Academy. This is an elite forge of engineers for the Russian military industry, intelligence, and astronautics. For almost 10 years, Venediktov served at the Main Testing and Control Center for Space Assets of the Ministry of Defense in the military town of Shchelkovo-7.
Almost simultaneously with «Globalnet» installing traffic analysis equipment, Deputy Chairman of the State Duma Committee on Information Policy Oleg Matveychev directly stated that «Telegram» and the FSB reached an agreement: «Durov found a compromise with the FSB. Requests within the framework of operational activities are transferred there if terrorists or someone is under control. «Telegram» installed equipment to be able to monitor all dangerous subjects».
In addition, «Globalnet» provides communication services to several Russian state enterprises, including those working in the defense sector: the Kurchatov Institute, which is under Western sanctions, and the Main Scientific Research Computing Center of the Presidential Administration of Russia (MainNIVC), which conducts mass surveillance of Russians on the internet and promotes Kremlin propaganda on social networks using bots.
«Globalnet» — is not the only company of Vedeneev in Russia. Until recently, he was the beneficiary of «Electrontelecom» from St. Petersburg (in 2024, Vedeneev transferred it to relatives). According to data from the European internet registrar RIPE, «Electrontelecom» is also related to the «Telegram» infrastructure: the company transferred more than 5 thousand IP addresses to the messenger.
«Important Stories» obtained internal financial documentation of «Electrontelecom» for 2024 and found out that one of the company's most important state customers is the FSB. The company provides the special service with installation and technical maintenance services for «a complex for transmitting special information from stationary objects of the FSB of Russia in St. Petersburg and the Leningrad region, used for conducting operational-search activities for the purpose of fulfilling the state defense order».
This means that the server infrastructure of «Telegram» is managed by those who at the same time service the secret complexes of the FSB used for surveillance of citizens, investigators note.
In 2023, the publication The Wired published stories of several Russian activists who were persecuted for participating in anti-war protests and discussing resistance actions. According to them, messages in «secret» chats were read, although the recipients did not open them. In one case, a police officer quoted to a detainee her messages sent to comrades in «Telegram» shortly before the search.
A few days ago, the human rights project «First Department»**, which provides assistance to those accused of state treason, reported that the FSB gained access to messages that Russians sent to bots of Ukrainian telegram channels — including «Crimean Wind», «Military Prophet», and others. According to documents provided to «Important Stories» by the project's lawyers, the special services began tracking users' correspondence with administrators of Ukrainian channels at least a year before the criminal case was initiated. This practically excludes the possibility that access was obtained through the devices of the accused themselves. And the fact that users lived in different regions of Russia indicates the likely monitoring of telegram bots and channels by the security forces themselves — with the recording of all appeals from Russian citizens.
* Recognized in Russia as a «foreign agent» and «undesirable» organization.
** Declared in the Russian Federation as a «foreign agent».
Illustration: Inforpost