Reported by
Telegram, the encrypted messaging app that presents itself as a champion of privacy, has rejected the findings of an investigative report linking its backend infrastructure to companies with long-standing ties to Russian intelligence services.
Founded by Russian tech entrepreneur Pavel Durov, Telegram has long claimed to operate independently from any government.
The revelations, published on June 10 by Russian outlet IStories and the Organized Crime and Corruption Reporting Project (OCCRP), have triggered a response from Telegram and its infrastructure partner, Global Network Management (GNM), amid mounting concerns from cybersecurity experts.
In the investigation, reporters detailed how GNM — a company owned by Vladimir Vedeneev, a founder of several Russian telecom firms — plays a central role in managing Telegram’s global routing infrastructure.
Citing U.S. court documents and leaked business records, the report indicated that GNM operates Telegram-related infrastructure outside of Russia.
“It means Vedeneev — or anyone with access to his equipment — sees Telegram user traffic worldwide,” said Roman Anin, editor-in-chief of IStories, in an interview following the report. “That’s one billion users. India. The U.S. Everyone.”
Leaked documents cited in the report show that Russian companies founded by Vedeneev have surveillance contracts with the FSB, Russia’s main domestic intelligence service, and other sensitive agencies, raising questions about his role in Telegram’s network.
Also troubling, researchers say, is a feature of Telegram’s messaging protocol that has gone unaddressed for years: an unencrypted device identifier, called auth_key_id, is attached to every message. Even when Telegram’s end-to-end encryption protects message content, metadata remains exposed — a vulnerability experts argue is critical, particularly in high-risk regions like occupied Ukraine.
Anin was blunt in his assessment: “Despite years of criticism, the protocol remains unchanged. No other so-called secure messenger does this.”
Telegram quickly pushed back on the investigation. In statements to BBC Russia and mobile video platform Vot Tak, the company said it operates all servers internally and insisted that “no unauthorized access is possible.” Telegram also claimed it has “never shared personal messages” or “encryption keys” with third parties.
GNM, the infrastructure provider named in the report, issued a detailed rebuttal circulated to Russian media outlets. The company denied any involvement in surveillance, dismissed Vedeneev’s role in Telegram as purely nominal, and threatened legal action against journalists. It acknowledged complying with Russia’s SORM surveillance regulations but argued that such compliance is mandatory for all telecom operators and “does not constitute cooperation with security agencies.”
“The authors of the report are not telecom engineers,” GNM stated, accusing OCCRP and IStories of “technological incompetence” and misunderstanding routing and encryption.
Anin said Vedeneev spoke at length to reporters during the investigation but later retroactively declared all comments off the record. His formal response came only after publication.
“You have these proven facts,” Anin said. “And then you have Durov and Vedeneev saying, ‘Trust us, we don’t cooperate.’ But why should a billion users be forced to play a game of believe-it-or-not?”
A follow-up analysis by Russian outlet Meduza included further warnings from security experts. Investigative journalist Andrei Zakharov told the outlet that even without message content, surveillance systems like SORM can extract meaningful intelligence by analyzing Telegram’s metadata — including message timestamps, IP addresses, and device identifiers.
The core issue, experts said, is not whether Telegram shares messages — but whether its infrastructure and protocol expose users to tracking and identification.
