This story matters to one billion people, each of whom, including likely you, is unaware of the Trojan horse lurking in their phone. People in Russia, Ukraine, the USA, India, and countless other countries entrust their secrets to it. Terrorists use it to plan attacks, while Russian intelligence services recruit agents for sabotage abroad. One of the main reasons hundreds of millions worldwide trust Telegram is the image crafted by its founder, Pavel Durov, as an unwavering champion of freedom, guarding user privacy and facing persecution from Russian and other authorities for it. But what really lies behind this legend of the “secure messenger”?
Important Stories conducted an investigation and uncovered how Telegram is linked to the FSB—and what this means for you personally. As a seasoned journalist tracking digital threats and geopolitics for years, I dug deeper into this issue. The result is a shocking picture: a messenger marketed as a fortress of privacy may actually be a backdoor for Russian intelligence. This isn’t conspiracy—it’s facts backed by court documents, experiments, and expert testimony. Let’s break it down step by step to understand why your “secure” chat might be a surveillance tool.
The Myth of the Outcast: Pavel Durov—Not a Victim, but a Kremlin Guest
Pavel Durov, Telegram’s founder, loves to portray himself as a modern-day Dante Alighieri—an exile from Russia fighting a totalitarian regime. In 2014, after a scandal with VKontakte, where he refused to delete opposition groups, Durov fled the country, publishing a manifesto titled “Seven Reasons Not to Return to Russia.” It’s a story that inspired millions: a hero against the system, a messenger as a weapon of freedom.
But the reality? Important Stories’ investigation reveals Durov visited Russia over 50 times since 2014—especially when funds ran low. After the U.S. banned his TON cryptocurrency in 2019, Durov amassed a $2 billion debt to investors, including Russian oligarchs, GRU agent Jan Marsalek, and companies tied to illegal exports from occupied Ukrainian territories. In 2020, when Roskomnadzor suddenly stopped blocking Telegram, Durov “coincidentally” was in St. Petersburg. A coincidence? Or a deal behind closed doors?
These weren’t tourist trips. According to leaks from the FSB’s border service, Durov crossed the border regularly when Telegram needed “friendship” with authorities. Cybersecurity expert Michal “Rysiek” Woźniak, with 20 years of experience, notes: “Durov crafted an image of a fighter, but his actions suggest compromises.” And compromises with the FSB aren’t abstract. They involve real servers, traffic, and data that can fall into the hands of intelligence services.
The Illusion of Security: Why Your Messages Are Like Letters in an Open Envelope
Telegram boasts about encryption, but it’s a marketing ploy. By default, the messenger doesn’t use end-to-end encryption—only in “secret chats,” used by fewer than 2% of users. The other 98% of messages are stored unencrypted on servers. Anton Rosenberg, an analyst at BFM.ru, explains: “Messages sit on servers in plain text, ready to be read.”
Worse still, Telegram’s protocol transmits an unencrypted auth_key_id: a unique device identifier. It’s like a label on your phone, visible to all. Important Stories journalists conducted an experiment with Wireshark: traffic analysis in Russia and Europe showed that auth_key_id is sent in plain text, even in secret chats. Combined with IP addresses, this enables tracking a user’s location, device, and connections.
In Russia and occupied Ukrainian territories, the SORM system—Operational-Investigative Measures—requires providers to grant the FSB access to traffic. Woźniak warns: “If someone has access to Telegram’s traffic and cooperates with the FSB, auth_key_id becomes a tool for global surveillance—regardless of where you are or which server you connect to.” Examples? The FSB has read activists’ “secret chats,” monitored interactions with Ukrainian bots like “Crimean Wind” or “Military Oracle.” Police have quoted messages they couldn’t have accessed without physical device access.
Durov himself criticized Signal for “backdoors,” but experts found none in Signal. Telegram, however, has vulnerabilities tailor-made for authoritarian regimes.
Hidden Connections: Telegram’s Infrastructure in the FSB’s Grasp
The core issue is infrastructure. Telegram’s traffic flows through IP addresses linked to companies tied to Russian intelligence. The main player is Global Network Management (GNM) in Antigua and Barbuda, controlling over 10,000 IPs for Telegram. Its owner, Vladimir Vedeneev from Tolyatti, is Telegram’s former CFO, who signed contracts on Durov’s behalf and has sole authorized access to servers in Miami. Half of GNM’s staff are in Russia, with an office in St. Petersburg.
Previously, these IPs belonged to “Globalnet,” Vedeneev’s Russian company with 18,000 km of fiber optics. It served 90% of Ukraine’s telecom market (until 2019) and 100% in Belarus, plus state enterprises like the Kurchatov Institute and the Presidential Administration’s Main Computing Center—entities linked to defense and the FSB. In 2022, Globalnet implemented Deep Packet Inspection (DPI) for Roskomnadzor—a tool for censorship and surveillance.
Another link is “Elektrontelecom,” also Vedeneev’s, managing 5,000 IPs for Telegram. According to 2024 financial documents, one of its key clients is the FSB, for installing and maintaining “special information transmission complexes” for operational measures. Roman Venediktov, a 4% co-owner of Globalnet, graduated from the Mozhaysky Military Space Academy and served in the Defense Ministry’s Main Space Testing Center—a direct intelligence connection.
Oleg Matveev, a Putin advisor, boasted: “Telegram and the FSB reached an agreement on monitoring dangerous subjects.” This isn’t hearsay—it’s backed by 2018 Miami court documents where Vedeneev admitted to servicing Telegram’s equipment.
Telegram’s Response: Denials Without Evidence
Durov’s company responded swiftly. Its press service told the BBC: “Telegram contracts with dozens of providers worldwide, but none have access to data or sensitive infrastructure. All servers belong to Telegram and are maintained by its employees. Unauthorized access is impossible. Telegram has no employees or servers in Russia. In its history, we’ve never shared messages with third parties, and encryption has never been broken.” Vedeneev added to Varlamov News: “Telegram’s equipment is isolated and managed by Telegram Messenger. We don’t analyze, filter, or monitor traffic.”
But where’s the proof? Why does traffic flow through FSB-linked IPs? Why is Durov silent about his Russia visits? Critics like SOTA call the investigation “baseless” but fail to refute key facts, ignoring SORM and unencrypted data.
What This Means for You: From Chats to Global Surveillance
For Ukrainians, this isn’t abstract. Telegram is a primary news channel during the war, but the FSB monitors bots with intelligence data. Activists in occupied territories risk arrest over “secret chats.” In the U.S. or India, journalists coordinating investigations are at risk.
Globally, one billion users are a potential database for the FSB. Woźniak: “This is a global surveillance tool.” Terrorists plan attacks, but so are you—with your photos, addresses, and contacts—in the danger zone.
Telegram isn’t a fortress—it’s a Trojan horse. Durov sold you a dream of privacy but also sold your data through infrastructure feeding the FSB. Important Stories’ investigation shatters the legend: he’s not a fighter but a compromiser. The recommendation? Switch to Signal. Or at least enable secret chats. Because the next message you send might not only reach its recipient but also a Kremlin analyst.
This article is based on Important Stories’ investigation and open sources. If you’re a Telegram user, think twice before your next “secure” chat.