Does Telegram have ties with Russia's security service? The messaging app rejects new report’s allegations

• Telegram has rejected allegations of potential ties with Russia's Federal Security Service (FSB)
• According to a new investigation, Telegram's server network may be controlled by a man whose firms have links to Russian intelligence services
• Telegram is one of the few social platforms still available in Russia

Telegram has rejected recent allegations that the popular messaging app may have ties with Russian Intelligence services.

This comes as an investigation carried out by the Russian independent investigative outlet Important Stories (IStories) claims to have found evidence suggesting Telegram's server infrastructure is under the control of a man whose firms have links to Russia's Federal Security Service (FSB).

While Telegram hasn't issued any public responses at the time of writing, the company's spokesperson Remi Vaughn told TechRadar: "All Telegram servers are owned by Telegram and maintained by Telegram employees. Unauthorized access to any data is impossible."

It's worth mentioning that Telegram is one of the few online platforms that isn't blocked in Russia, meaning that citizens can access it without using one of the best VPN services.

What does the investigation say?

According to the IStories investigation – which was supported by the Organized Crime and Corruption Reporting Project (OCCRP) – over 10,000 IP addresses within Telegram's technical infrastructure are managed by a company registered in Antigua and Barbuda called Global Network Management (GNM).

As per documents from a Florida court case accessed by IStories reporters, the owner of this company is a Russian network engineer named Vladimir Vedeneev, who allegedly told the court that he had been involved in the installation of Telegram Messenger and further technical support.

Florida's court documents seem to reveal more details of the relationship between Vedeneev and Pavel Durov, Telegram's Founder and CEO. This includes Vedeneev telling the court, "he had the power of attorney to sign documents on behalf of Pavel Durov and on behalf of Telegram."

Telegram also reportedly operates 5,000 IP addresses provided by another St. Petersburg-based company, Electrontelecom, which IStories said to have found evidence to be an FSB contractor.

Things get even more intricate as the IStories investigation claims that Vedeneev is also the founder of GlobalNet, a major Russian backbone telecom operator, which allegedly controlled Telegram's IP addresses, now managed by GNM, until 2020.

"But GlobalNet is not just any network provider. Among its clients is the Main Research Computing Center of the Presidential Property Management Department of Russia (GlavNIVTS). Officially, this organization provides technical support for President Putin’s public 'direct line' question-and-answer events, summits, and other high-level meetings," ISStories claims.

In 2022, GlobalNet launched the first filter and traffic monitoring systems based on Deep Packet Inspection (DPI) at the request of Roskomnadzor, the Russian internet watchdog tasked with enforcing online restrictions.

What does Telegram say?

As mentioned earlier, Telegram rejects these accusations.

In a written comment sent to TechRadar, Telegram's spokesperson Remi Vaughn said: "As a global company, Telegram has contracts with dozens of different service providers around the world. However, none of these service providers have access to Telegram data or sensitive infrastructure.

"All Telegram servers belong to Telegram and are maintained by Telegram employees. Unauthorized access to any data is impossible. Throughout its entire history, Telegram never disclosed any private messages to a third party – and its encryption has never been breached."

A response that, according to IStories reporters, "contradicts facts established in a US court."

Is Telegram safe to use?

Launched in 2013, Telegram markets itself "as a messaging app with a focus on speed and security."

Its Founder and CEO, Pavel Durov, is a Russian-born billionaire, popular among free speech fighters for refusing to give away Telegram's users' identities to law enforcement requests.

Some countries have blocked access to Telegram over the years for this reason, with France issuing an arrest warrant against him for illicit activities that occurred on the platform. Yet, the company is one of the few mainstream online platforms still available in Russia at the time of writing.

That said, Telegram doesn't offer the same level of security as the likes of Signal and WhatsApp, which encrypt all messages and calls by default. On the contrary, only Telegram's secret chats are end-to-end encrypted, and users have to actively turn on this extra protection themselves.

Talking to IStories, Michał "Rysiek" Woźniak, a security specialist who used to work for OCCRP as head of infrastructure and information security, warns that this system could leave users vulnerable to tracking, even if their messages remain inaccessible.

He said: "If I know your device’s ‘auth_key_id,’ and I can listen in on the network that handles the data … I know it is your specific device communicating with Telegram servers. By looking at the network packets … I also get your IP address at a given time, which tells me your rough geographic location."

According to Woźniak, this could become a real problem if Russian intelligence services actually have access to Telegram traffic. "A tool for global surveillance of messenger users, regardless of where they are and what server they connect to."

Whether a link between Telegram and the Russian FSB is yet to be confirmed, the investigation still highlights that protecting the content of communications isn't enough, as metadata privacy matters, too. I invite anyone concerned about their privacy to use solutions that minimize metadata exposure, like Signal and Session.

You might also like

• Telegram is adding xAI's Grok chatbot to its app
• Telegram pledges to exit the market rather than "undermine encryption with backdoors"
• Experts warn against recent VPN disappearances in Russia