Telegram, GNM, auth_key_id

This page addresses inaccurate claims about Telegram’s infrastructure, the auth_key_id parameter, and Global Network Management Inc. (GNM).

GNM is a respected global infrastructure provider, and neither GNM nor its owner Mr. Vedeneev is connected to the FSB. The auth_key_id parameter changes regularly and does not reveal user information, message contents, recipients, or private data. Any observer able to see it would already have access to more reliable network-level signals for tracking. Telegram owns its infrastructure, which is configured, managed and controlled exclusively by Telegram’s internal engineering teams.

1. GNM is a respected global infrastructure provider

Mr. Vedeneev and his company, Global Network Management Inc. (GNM), are being portrayed as “connected to the FSB” solely because the same founder previously owned a different telecom company that, unlike GNM, operated in Russia and complied with local law, including FSB requests.

That is no different from claiming Telegram shares data with Russian authorities because Pavel Durov’s previous company, VK, does so now.

Mr. Vedeneev neither lives in Russia nor operates businesses there. GNM’s clients include dozens of international companies, including Google, Cloudflare, Roblox, and Telecom Italia. Suggesting that all of them are somehow tied to the FSB is technically illiterate and logically absurd.

GNM is not connected to the FSB. It does not have, and cannot have, access to users’ private data, regardless of the technical details related to the auth_key_id parameters.

No careful arrangement of Mr. Vedeneev’s words out of context can change that.

In any case, since 2021, neither GNM nor any other company affiliated with Mr. Vedeneev has provided services in the Telegram data center that stores information of Russian and European citizens. This fact alone makes the entire FSB–Vedeneev conspiracy theory inconsistent with reality.

2. Dynamic identifiers like auth_key_id add no meaningful tracking power

Regarding the unpublished article, we reject its conclusions. To use the auth_key_id parameter for tracking, an attacker would need a level of sophistication and visibility that makes the parameter redundant, because they would already have better ways to identify you that are outside Telegram's control.

That is like claiming someone can track your car using pigeon poop on the windshield when they can already see the color, model, direction, speed, and approximate location of any car.

The parameter described in the report changes regularly, contains no user information, and reveals nothing about who communicates with whom. Message contents and recipient data remain encrypted inside the protocol.

Any observer who can see your auth_key_id can also see your IP address, the server names you connect to, your traffic patterns, your DNS queries, and more. Hiding a frequently rotating identifier closes one window in a building made mostly of glass.

TLS, the protocol used by most web services and recommended in the article, itself allows a much easier way to link connections from the same user: whenever your browser reconnects to a site over TLS, it typically presents a session ticket in cleartext. This is standard behavior across much of the web.

3. Telegram owns its infrastructure, and its architecture precludes third-party access by design

Claims that Mr. Vedeneev — or any third-party hardware-support contractor — had "unprecedented access" to Telegram’s infrastructure or user traffic are false, technically illiterate, and misrepresent standard industry practice.

That is like claiming an electrician can read your books because they replaced fuses in the box outside your apartment.

Telegram's global network is designed from the ground up on a zero-trust model engineered so that physical proximity to hardware grants no access to any data residing within it and, specifically, NO access to:

• user data
• application-layer traffic
• encryption keys
• internal systems or configurations.

Notably, Telegram owns its infrastructure, including all of its servers. 

All servers, network devices, and application infrastructure are configured, managed, and controlled exclusively by Telegram’s internal engineering teams. All storage and network systems utilize hardware and software encryption, as well as logical isolation — traffic and data are encrypted in transit and at rest.