Telegram, the widely used messaging platform known for its commitment to privacy and free speech, is facing renewed concerns over its security and potential exposure to Russian surveillance. A new investigation by the exiled investigative outlet IStories has revealed that the infrastructure supporting Telegram is managed by entities with direct and indirect links to Russian intelligence services.
The app’s founder, Russian-born Pavel Durov, has consistently portrayed Telegram as a stronghold for digital freedom, especially in regions ruled by authoritarian regimes. However, IStories reports that the app’s default communication settings may not be as secure as users assume.
Unlike rivals such as WhatsApp or Signal, Telegram does not enable end-to-end encryption by default. Only when users activate the “secret chat” feature are their messages fully protected. Otherwise, Telegram stores decrypted messages on its servers.
“This means that whoever controls the server can access the correspondence,” IStories stated.
According to the investigation, the company Global Network Management (GNM), based in Antigua and Barbuda, maintains the core infrastructure for Telegram and has supplied over 10,000 IP addresses to the platform. GNM is owned by Russian national Vladimir Vedeneev, who confirmed in a U.S. court that his company sets up and oversees Telegram’s infrastructure, with employees based in Russia. Court records also list Vedeneev as Telegram’s chief financial officer.
Further scrutiny revealed that many of GNM’s IP addresses were previously used by Globalnet, a telecommunications firm in St. Petersburg with documented ties to the Kremlin and Russia’s Federal Security Service (FSB). Telegram is also reported to have received 5,000 IP addresses from Electrontelecom, another St. Petersburg company identified as a contractor for the FSB. This firm has been involved in deploying secure communications for intelligence purposes.
In 2022, Globalnet reportedly installed user traffic monitoring tools at the behest of Roskomnadzor, Russia’s state communications regulator. At the time, Oleg Matveychev, deputy chair of the Russian Duma’s Information Policy Committee, stated that Telegram had agreed to a “compromise” with the FSB, implementing infrastructure that allows user monitoring in criminal investigations.
Beyond message decryption and storage, Telegram also assigns a unique device identifier—called “auth_key_id”—to each message, cybersecurity expert Michał Woźniak told IStories.
This mechanism, combined with metadata such as IP addresses and timestamps, “could be used to determine a user’s physical location and contacts,” Woźniak explained.
“If someone has access to Telegram traffic and cooperates with Russian intelligence services, this means that the device identifier becomes a really big problem — a tool for global surveillance of messenger users, regardless of where they are and what server they connect to,” he added.
In response to the investigation, Telegram issued a statement on Tuesday rejecting any allegations of unauthorized access.
“All Telegram servers belong to Telegram and are maintained by Telegram employees. Unauthorized access is impossible. Telegram has no employees or servers in Russia. Throughout its history, Telegram has never transmitted personal messages to third parties, and its encryption has never been hacked,” the company’s press service stated.
The findings, however, have raised important questions about how much control Telegram truly has over its infrastructure—and how secure its platform really is for millions of users worldwide.
