A new journalistic investigation into Telegram’s ties to Russian security services has once again reignited debate over the risks of this widely used messaging app.
The arrest of Pavel Durov in August 2024 and the serious charges brought against the head of Telegram have done little to affect the company’s image or the platform’s popularity in Ukraine. Telegram still presents itself as a secure communication tool, while Ukrainian authorities seem to have stopped listening to activists who continue to raise the alarm about the dangers of using it.
IStories on Telegram servers, the FSB, and user data
On 10 June 2025, the independent Russian outlet Important Stories (IStories) published an investigation revealing links between the company managing Telegram’s servers and Russia’s security services.
The report found that some of Telegram’s traffic is routed through servers owned by Russian-origin companies with close ties to the intelligence services. These firms service classified FSB facilities — from special data transmission stations in St Petersburg to data analysis and video surveillance centres. In other words, the same technical staff who maintain Telegram’s infrastructure are also supporting systems used by the Russian state security apparatus. The group’s head, Vladimir Vedeneev, once served as Telegram’s chief financial officer. Companies connected to him have also provided technical services to the FSB and other Russian intelligence agencies, including the installation of surveillance tools such as SORM — equipment that all Russian telecom providers are legally required to implement.
According to the IStories report, Vedeneev’s companies not only provided services to Telegram but also worked with clients directly connected to Russian intelligence. Among them was a covert research centre that forms part of Russia’s broader cyber operations ecosystem. The investigation concludes that Telegram’s technical infrastructure is not just vulnerable — it may be actively used by Russian intelligence.
One of the key concerns around the accessibility of Telegram user data is the presence of a unique identifier called auth_key_id, which is attached to every chat — even encrypted secret chats. The report’s authors argue that anyone handling Telegram’s traffic could potentially access detailed user information, including device identifiers, message timestamps, and more. Cybersecurity experts included a technical breakdown of how auth_key_id works.
Telegram’s defence — and who else may access user data
In response to a BBC inquiry, Telegram said that only its own employees manage its servers. It added that none of the third-party contractors it works with have access to user data. The platform also reiterated that it has never shared user messages or data with third parties, and that its encryption has never been breached.
The first claim — that data centre staff working with Telegram don’t have access to server contents or user data — is true. When servers or IP addresses are rented for any online service or website, employees of the hosting provider (which supplies the infrastructure) generally cannot access the data stored on those servers.
However, Telegram’s claim about never sharing user data with authorities doesn’t hold up. After Durov’s arrest, the platform reportedly complied with 900 requests from the U.S. government for user data. In total, it has shared information on more than 10,000 users in response to requests from law enforcement agencies in various countries. Unlike other major tech companies, though, Telegram does not publish transparency reports — meaning it offers no public insight into how or when it cooperates with governments.
At the same time, it’s important to keep in mind that Russia has a highly developed system for monitoring internet traffic, meaning its security services already have access to a significant amount of online activity. With the Telegram user identifier known as auth_key_id, it’s possible to track what someone posts in public chats or comments across different channels. The lack of two-factor authentication makes it easier to hack Telegram accounts, so it’s not particularly difficult for security agencies to clone a user’s profile, download all their messages onto a new device (something Telegram’s platform allows), and access the rest of their conversations.
It’s also worth noting that Telegram does not use end-to-end encryption by default. This level of protection is available only in secret chats, which relatively few users actually use. As a result, gaining access to public chats isn’t particularly complicated due to the way Telegram is built. Regular (non-secret) chats are stored on Telegram’s servers. While it’s unlikely that hosting company staff can access those directly, Russia’s extensive internet surveillance system makes it hard to rule out the possibility that such access could be technically achievable.
Telegram’s vulnerabilities explained
There’s no shortage of stories about how Russian security services have used Telegram data. International media have reported on it, and The Ukrainian Week has also covered cases of surveillance targeting Ukrainians through the platform. For Ukraine—a country at war—this reliance on Telegram carries particular risks, especially given that the company has previously “accidentally” blocked bots that were crucial for the state. After Pavel Durov’s arrest, such stories became less frequent, as the company’s founder realised that a tarnished reputation could damage both him personally and his business, which depends on attracting investor funding.
Still, just days before the IStories investigation came out, another report slipped largely under the radar in Ukraine’s media landscape. Human rights activists pointed to several examples, including Crimean Wind, Viyskovyi Vishchun (“Military Soothsayer”), and many other similar cases.
According to representatives of the First Department project, the FSB has access to Russians’ messages and uses this information to identify individuals—often leading to criminal charges of state treason. Human rights defenders say that in many of these cases, the FSB already had access to the defendants’ correspondence by the time of their arrest. How exactly this data was obtained remains unclear. And it’s this lack of transparency that’s especially troubling: the access could come from undisclosed cyber-espionage tools or direct access to Telegram messages—whether through possible cooperation from the platform or entirely independently. There’s also the possibility that the security services set up bait chats or used other tactics to lure and expose users.
This story, shared by the authors of the First Department channel, underscores not just the risks of the app itself, but a deeper concern: that Telegram’s infrastructure and security model can be exploited by state authorities for surveillance and persecution—especially in politically sensitive contexts.
“In our work, we’ve seen a significant number of cases where Telegram materials make up a large portion of the evidence,” human rights defenders told Novaya Gazeta. “In most instances, this can be explained by users compromising their own devices. But there are also cases where no clear technical explanation exists for how access to their messages was obtained.”
The revelations published by IStories, just four days after the First Department’s report, appear to shed light on how such access might be technically possible—despite Telegram’s denials and the defence mounted by its supporters.
Opacity and risk revisited
These revelations bring a long-standing issue back into focus: Telegram remains a deeply opaque platform, with many unanswered questions surrounding its internal workings, security features, and the protection of user data. Experts have long raised concerns about the app’s reliance on its own encryption protocols and the absence of default end-to-end encryption. Now, another troubling point has been added to the list — the control of key infrastructure by entities directly or indirectly linked to Russian intelligence services.
Telegram’s architecture, which enables user anonymity, also makes it a powerful tool for spreading disinformation. At the same time, the platform’s lack of transparency around subscriber data, post reach, and how content circulates makes it extremely difficult to monitor or counter malicious activity.
All of this once again highlights the risks Telegram poses — not only for Ukrainians, but for anyone who values privacy and security. The involvement of Russian-linked entities among its investors and the murky ownership structure of the platform should be enough to end any debate about whether Telegram is safe — or, more accurately, how unsafe it really is. Perhaps the time has come to start seriously considering tighter restrictions on its use in Ukraine.
