Reported by
Telegram, the wildly popular chat and messaging app, is the pride of the Russian IT industry. According to Pavel Durov, the enigmatic entrepreneur who created the service twelve years ago, it now has over a billion monthly active users around the world.
Among the reasons for this success is Telegram’s reputation for security, coupled with Durov’s image as a free speech champion who has defied multiple governments.
“Unlike some of our competitors, we don’t trade privacy for market share,” he wrote this April. “In its 12-year history, Telegram has never disclosed a single byte of private messages.”
Telegram founder Pavel Durov.
But a new investigation by OCCRP’s Russian partner, Important Stories, reveals a critical vulnerability.
When reporters investigated who controls the infrastructure that keeps Telegram’s billions of messages flowing, they found a man with no public profile but unparalleled access: Vladimir Vedeneev, a 45-year-old network engineer.
Vedeneev owns the company that maintains Telegram’s networking equipment and assigns thousands of its IP addresses. Court documents show that he was granted exclusive access to some of Telegram’s servers and was even empowered to sign contracts on Telegram’s behalf.
There is no evidence that this company has worked with the Russian government or provided any data. But two other closely linked Vedeneev companies — one of which also assigns Telegram IP addresses, and another which did so until 2020 — have had multiple highly sensitive clients tied to the security services. Among their clients is the FSB intelligence agency; a secretive “research computing center” that helped plan the invasion of Ukraine and developed tools to deanonymize internet users; and a flagship state-owned nuclear research laboratory.
Russian President Vladimir Putin speaks at the annual meeting of the FSB Board, with FSB Director Alexander Bortnikov, on February 27, 2025, in Moscow.
“If true, this reporting highlights the dangerous disconnect between what many believe about Telegram’s security and privacy features, and the reality," said John Scott-Railton, a Senior Researcher at The Citizen Lab. "When people don't know what is actually going on, but assume they have metadata privacy, they can unknowingly make risky choices, bringing danger to themselves and the people they’re communicating with. This is doubly true if the Russian government sees them as a threat."
A Ukrainian IT specialist who spoke with reporters on condition of anonymity said that the Russian military has used “man-in-the-middle” type surveillance in his country after capturing network infrastructure.
"You get physical access to the data transmission channel and install your equipment there,” he said. “In such an attack, the hackers aren’t even interested so much in the user's correspondence. They get metadata to analyze. And that means IP addresses, user locations, who exchanges data packets with whom, the kind of data it is… really, all possible information.”
Durov is currently under investigation in France after being arrested last August on charges related to the circulation of illegal content on Telegram. The company has since implemented a number of measures to crack down and step up its collaboration with the authorities. Durov has been released under judicial supervision and is allowed to travel.
He did not reply to requests for comment. Vedeneev spoke with reporters but declined to make any of his comments public.
Leaving Russia
The story of Telegram begins with another social networking site that is less well-known outside of Russia: VKontakte.
Created by Durov in 2006, when he was just 21 years old, the site quickly earned a large userbase because it duplicated many of Facebook’s popular features and provided free access to vast troves of pirated music and videos.
But VKontakte’s rise ran up against Russian President Vladimir Putin’s growing authoritarianism. When opposition groups used the site to help organize mass anti-government protests in 2012, the authorities demanded that Durov ban them.
“Armed policemen [came] to my house, tried to break in because I refused,” he told right-wing commentator Tucker Carlson in an interview last year, explaining that this episode gave him the idea of creating a new, more secure messaging service.
An anti-government rally on Moscow's Sakharov Avenue in December 2011.
Facing further pressure from the authorities, who now demanded that he disclose the personal data of Ukrainians protesting the Kremlin-aligned government in Kyiv, Durov left Russia in 2014. He sold his stake in VKontakte — which was taken over by people close to the Kremlin — and even published a manifesto: “Seven Reasons Not to Return to Russia.”
Then, along with his brother, a talented mathematician named Nikolai, Durov created Telegram — a new messenger service with an emphasis on privacy. From the beginning, he claimed that his product was “safer” than its competitors and that “messages sent through Telegram cannot be bugged by third parties.”
He has denied that Telegram had any infrastructure in Russia, and even claims never to have visited his home country since he left in 2014. “I don't go to any of the big geopolitical powers, countries like China or Russia or even the U.S.,” he told Carlson. (Last year, reporters from Important Stories revealed that this was untrue. A leaked database of border crossings showed that Durov had traveled to Russia more than 50 times between 2015 and 2021.)
In the meantime, Telegram’s reputation for privacy contributed to its massive growth. Russian users saw the messenger as a safe alternative to VKontakte. The app became a mainstay not only for pro-Kremlin propagandists and security services, but also for independent media outlets and opposition figures. Millions from other countries also joined after WhatsApp made clear that it could share certain data with its parent company, Facebook.
Telegram’s official FAQ stresses its security features and emphasizes transparency: “Anyone can check Telegram’s open source code and confirm that the app is not doing anything behind their back,” it reads.
But the reality is more nuanced. Unlike other apps like WhatsApp or Signal, Telegram chats do not use end-to-end encryption by default. The option is available for users who enable it, but as Durov’s former colleague Anton Rosenberg pointed out as far back as 2018, the vast majority do not do so, instead corresponding through regular “cloud” chats, which are stored on the company's servers.
Telegram assures users that their data is safe: “Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions,” the company’s FAQ reads. “The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. ... Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people's privacy and freedom of expression.”
But network security experts warn that even Telegram’s end-to-end encrypted chats can leave users vulnerable to being tracked. The app’s MTProto protocol, which governs how its encryption works, specifies that an unencrypted element is attached to the beginning of each encrypted message.
“The unencrypted part is called ‘auth_key_id,’” said Michał “rysiek” Woźniak, a security specialist who used to work for OCCRP as head of infrastructure and information security. “This makes it possible to identify a specific user device.”
“If I know your device’s ‘auth_key_id,’ and I can listen in on the network that handles the data … I know it is your specific device communicating with Telegram servers,” he explains. “By looking at the network packets … I also get your IP address at a given time, which tells me your rough geographic location.”
This means that whoever controls Telegram’s network traffic may be able to track users, even if the messages themselves cannot be read.
The Man in the Middle
To learn how Telegram messages travel, reporters messaged each other through the service and recorded the traffic using Wireshark, a network traffic analyzer. The results showed that the IP addresses were controlled by a company registered in Antigua and Barbuda called Global Network Management (GNM).
Analyzing additional IP ranges managed by the company, reporters found that it had leased over 10,000 IP addresses to Telegram, meaning that it plays a significant role in the messenger’s infrastructure.
Documents from an otherwise unremarkable court case in Florida — a dispute between GNM and a contractor — reveal much more.
GNM’s owner, they show, is a Russian network engineer named Vladimir Vedeneev. He tells the court that his company “is involved in the installation of client equipment — in this case for the Telegram Messenger — and further technical support of this equipment.”
According to his company’s legal filings, Vedeneev was the only person authorized to access Telegram servers in a Miami data center. He also testified that his company owns a router in the Telegram server room.
“If a company controls the routers that distribute traffic passing through Telegram servers, this means that it, or anyone to whom it grants such access, can see the identifiers of messenger users,” says Woźniak, the security specialist.
Documents from the court case also show that Vedeneev’s relationship with Durov goes beyond providing network infrastructure.
As far back as nine years ago, they show, Durov had empowered Vedeneev to sign documents as Telegram’s CFO. One contract found in the case materials empowers Vedeneev’s GNM to deal with a third-party contractor on Telegram’s behalf. It is signed by Vedeneev twice: Once as GNM’s director and once as Telegram’s CFO.
A contract signed by Vedeneev in two roles: As CFO of Telegram and as CEO of General Network Management.
In his testimony, Vedeneev describes the arrangement as “informal” and says he was never paid by Telegram as an employee. But he also tells the court that he “had a power of attorney to sign documents on behalf of Pavel Durov and on behalf of Telegram.”
Neither Elies Campo, a former partnership development manager with Telegram who spoke with reporters, nor others familiar with Telegram’s corporate structure, have ever heard of Vedeneev. Given Telegram’s secretive corporate culture — not even all of its top managers are publicly known, and the company maintains a strict “No LinkedIn” policy — this may be no surprise.
In fact, Vedeneev is a key player in the Russian telecommunications market. He is the founder of GlobalNet, a St. Petersburg backbone telecom operator that controls 18,000 kilometers of backbone infrastructure from Siberia to Western Europe in two dozen countries. (Last year, Vedeneev handed over his majority share in the company to relatives.)
Until 2020, the Telegram IP addresses now assigned by GNM were controlled by GlobalNet.
But GlobalNet is not just any network provider. Among its clients is the Main Research Computing Center of the Presidential Property Management Department of Russia (GlavNIVTS). Officially, this organization provides technical support for President Putin’s public “direct line” question-and-answer events, summits, and other high-level meetings.
But GlavNIVTS is also perhaps the most secret and little-studied special service in Russia. The agency helped plan the invasion of Ukraine, upgraded a major bot network, developed a centralized video surveillance system, and built tools to track and deanonymize internet users.
More About GlavNIVTS
According to data from Russia’s official state procurement portal, GlobalNet also provides communications infrastructure to the Kurchatov Institute, a flagship state-owned nuclear research laboratory led by Putin ally Mikhail Kovalchuk and sanctioned by the United States.
Shortly after Russia’s full-scale invasion of Ukraine in 2022, GlobalNet said it was the first Russian operator to implement a system for monitoring user traffic called Deep Packet Inspection (DPI) “according to [Russian internet regulator] Roskomnadzor rules.”
It also has a notable minority co-owner: Roman Venediktov, a Russian space forces officer.
A graduate of the elite Mozhaisky Academy, Venediktov, who owns four percent of GlobalNet’s shares, served for nearly 10 years in a defence ministry spacecraft testing center outside Moscow.
Venediktov began to cooperate with the Durov family about 15 years ago, when he became the joint co-owner of their St. Petersburg company “Peering,” which owned the traffic exchange network DATAIX and handled traffic for VKontakte. He did not respond to requests for comment.
Vladimir Vedeneev (left) and Roman Venediktov (right) featured on telecommunications supplier website Nag.ru.
Vedeneev’s GlobalNet bought DATAIX in 2018, making him, the Durov family, and the space forces officer business partners for years. He transferred his share in GlobalNet to relatives last year. GlobalNet did not respond to requests for comment.
At the same time, he also transferred his share of another company called Electrontelecom — a telecom operator that is also related to Telegram's infrastructure: the company assigned more than five thousand of the messenger’s IP addresses.
Reporters obtained the company’s internal accounting documents for 2024 which show that one of its most important government clients is the FSB.
The documents show that Electrotelecom installs and manages equipment for a system that is being used by the FSB offices in St. Petersburg and the Leningrad region for surveillance.
“I am shocked, but not surprised,” said Woźniak, the security expert, about reporters’ findings. “If someone has access to Telegram traffic and cooperates with Russian intelligence services, this means that the device identifier becomes a really big problem — a tool for global surveillance of messenger users, regardless of where they are and what server they connect to.”
With additional reporting by Ilya Lozovsky (OCCRP).