Details for fact-checkers
This document contains some of the comments provided by Telegram to Wired fact-checkers.
1. Maria Matsapulina's story
WIRED: In March 2022, Marina Matsapulina was arrested after FSB officers came to her home. Later, officers told her that they knew she was home because they had located her SIM, and they knew she was chatting with friends in a Telegram chat room. Matsapulina recounted the events on her Twitter account. In the thread, she concluded that since she had ruled out the possibility that her correspondents had cooperated with Russian officials, there were two possible explanations for what had happened. One explanation was that the officers had installed spyware on her phone, which she doubted. The second explanation was that Telegram was actively cooperating with the FSB. Then in late April, Matsapulina told WIRED, a Telegram customer support account contacted her on Telegram. Matsapulina told us that the customer support agent apologized to Matsapulina and informed her that Telegram would investigate her claims. Later, Matsapulina said the support agent informed her that only two authenticated devices had access to her Telegram messages: her phone and her computer. The agent also informed her that there had been a failed login attempt after her detention in March. The agent found that Telegram had not granted anyone else access to Matsapulina’s private messages, and concluded that either someone had taken “physical possession” of the phone while it was unlocked, or that the people Matsapulina had been messaging were compromised. Matsapulina then asked Telegram to check the logs of her correspondents, with their permission. She said Telegram checked and concluded that their accounts had also not been compromised. Does Telegram have any comment about Matsapulina’s theories regarding the app’s role in her arrest? Is Matsapulina’s accounting of her communications with Telegram’s customer support agent accurate? Does Telegram have any comment on the agent’s findings?
TELEGRAM: We can confirm that the message tweeted here is a real message from an official Telegram support account: https://twitter.com/matsapulina/status/1524328013911015424.
It is also correct that after investigating Ms. Matsapulina's case, our specialists had concluded that her account had only been accessed from her usual devices. No suspicious activity has been registered on the accounts of the other members of the group she was in.
An unsuccessful login attempt happened shortly after Ms. Matsapulina's arrest, but was prevented by her password. As stated by Ms. Matsapulina, the conversation where officers claimed to have had access to her messages happened 3 hours after she had been detained and her phone confiscated. Given the above, the most likely scenario is that, following the unsucessful login attempt, Ms. Matsapulina's locked phone had finally been unlocked using Cellebrite software (or similar tools; see https://www.haaretz.com/israel-news/security-aviation/2022-10-21/ty-article/.premium/russia-still-using-israeli-tech-to-hack-detainees-cellphones/00000183-eb6c-d15c-a5eb-ff6cf86e0000) that would have granted officers access to the entire contents of the device, including her chats in any messaging application. Such tools only work if the attacker has physical access to the device of the victim.
This theory fits the officers' statements as reported by Matsapulina here (https://twitter.com/matsapulina/status/1518186039973666816) and here (https://twitter.com/matsapulina/status/1518186041567555584). The first one mentions tools that allow one to "precisely map cell phone activity to a certain location", the second could be referring to the messages she was sending at the time (the content of which became known after the confiscated phone had been unlocked) as examples of cellular activity that allowed the tools to map her location.
WIRED: [Thank you] for the time spent providing detailed explanations, such as your helpful answer to #29 [this question]. We have adjusted some of the text in the story to reflect your responses.
2. Secret Chats
"Secret chat messages marked as read"
WIRED: We spoke to a number of Telegram users who claimed the messages they sent in a secret chat were showing up as “read” before their recipient actually opened the messages. Is this possible? If so, what is causing this?
TELEGRAM: The issue could be attributed to a misunderstanding or a bug in the client app unrelated to security (messages are not marked as read automatically – to mark them as read, the receiving app needs to send a special service message).
Secret chats are protected by E2E encryption and Telegram can't access their contents. Official Telegram clients are open source and support reproducible builds – researchers and developers can independently verify our E2E implementation and confirm that the apps they download were built from the exact same code that we publish (see https://core.telegram.org/reproducible-builds).
A common way of accidentally marking messages as read is to leave your phone unlocked with the chat open – so that messages you receive are displayed on the screen and marked as read. After a time the phone’s screen might lock automatically and you wouldn’t notice that you had the chat open.
"Ending the secret chat session"
WIRED: It is my understanding that after a user closes a secret chat and ends the session, the messages disappear and are no longer accessible. But, WIRED spoke to Telegram users who claimed that after closing a secret chat and ending the session, they were able to re-open that chat and see all their messages. Is this possible? What might explain this?
TELEGRAM: The premise is incorrect. A closed secret chat can't be used to communicate, but it is not necessarily deleted for both sides. Most clients offer the option to close the chat without affecting the other party's history – this is clearly stated in a popup that allows choosing to remove the chat only for you or for both parties.
If the secret chat was used to share heavy media, the person who deleted it may at times be able to access it for a short while as the client finishes wiping its contents. Note that this is rare – an accidental tap on the "undo" button is more likely (see https://telegram.org/blog/permissions-groups-undo#undo-clearing-history-and-deleting-chats).
If by “ending the session” you mean logging out of Telegram, this action only removes secret chats for you and not for the other party (see https://telegram.org/faq#q-how-do-i-log-out).
3. Location Data
WIRED: In early 2022, multiple developers and researchers noted that people were able to use Telegram’s open API to locate any user within a 2-mile radius who had turned on their location service, with an accuracy of about two meters. Does Telegram have any comment on this? After this became public, did Telegram adjust the API to remove this capability?
TELEGRAM: No, it was never possible to determine users' exact locations, let alone with such accuracy.
Developers and researchers could only do what any other Telegram user on an official app could – check the approximate location of users who expressly wished to share their location by navigating to Contacts > People Nearby, pressing "Make Myself Visible" and confirming an alert with a warning that their account will become visible to others. Less than 0.01% ever opted into this feature.
Even those who did opt in only shared their approximate location. Until February 2022, the interface was additionally offsetting the distance to the opt-in users' approximate location by 100 meters. After February 2022, the distances were further offset by 700 meters.
For more information, kindly see this part of the Telegram FAQ:
https://telegram.org/faq#q-what-is-people-nearby
WIRED: (Update on the previous response about People Nearby) I wanted to elaborate. These developers claim they used the API and trilateration to figure out users' locations, and claimed that many other developers would be able to do the same. Here is a post about it: https://github.com/jkctech/Telegram-Trilateration. Does Telegram have a comment on this?
TELEGRAM: Yes, in my previous comment I was referring to that exact post. These developers were operating on a fundamentally wrong premise – they assumed that the API was providing distances to the exact current location of the user.
This is not and has never been the case. The API provides approximate distances to a random point located in the approximate whereabouts of the user (within 100-150 meters at the time of publication of the post, currently within 700-750 meters). For this reason, trilateration (which would also compound the errors) never allowed a bad actor to calculate anything close to an accurate location.
(Just in case, again: all of this only concerns users who expressly wished to share their location by navigating to Contacts > People Nearby, pressing "Make Myself Visible" and confirming an alert with a warning that their account will become visible to others. As I mentioned, less than 0.01% ever opted into this feature.)
A review of the repository reveals that the vast majority of the developers’ code attempts to "sneakily" obtain data that has always been freely available through simple API methods. It's likely that the authors assumed those methods would not exist because he misunderstood this feature from the get-go – in truth, it has always been working as intended.
4. Telegram API
WIRED: Does Telegram have an open application programming interface?
TELEGRAM: Yes. Telegram offers two distinct APIs:
- The general API allows developers to build their own customized Telegram apps.
- The Bot API can be used for building small programs that use Telegram as their interface. See: https://core.telegram.org/bots
"API Availability"
WIRED: Can researchers and developers access the API with an access key? Is the access key for Telegram’s API available to any user who requests one?
TELEGRAM: Yes. However, their communication with the API ultimately happens on behalf of a Telegram account which they use to log in. The server limits which data accounts are allowed to access as well as the frequency of API requests. This is identical to accessing the API through official Telegram apps.
"API Limits"
WIRED: Does Telegram’s API enable any user to automatically index any number of public channels and group chats?
TELEGRAM: Each API request has rate limits to prevent abuse. However, ultimately users can access information to which they would have access via a regular Telegram app, including messages in public channels and public group chats.
"Publicly available data"
WIRED: Does the open API allow developers and researchers to pull out Telegram data? Does the data developers can access via Telegram’s API include the text contents and metadata from any public group chats or channel, lists of the public groups and channels that any user belongs to, and records of when users were last online as well as their locations?
TELEGRAM: No. Developers could use the API to receive the same data that would be obtainable by using an official Telegram app.
From what is mentioned in your question, this data includes:
- Messages in public groups and public channels.
- *If* a user chose to make that information publicly available (see: https://telegram.org/blog/privacy-revolution), it is possible to check when that user was last seen on Telegram. [Note: Continuously checking this status for a large number of users is not possible and would quickly result in an automatic ban.]
The data does NOT include:
- Channel member lists.
- The list of all channels a user belongs to.
- Channel post authors.
- The list of all groups a user belongs to.
- Group member lists of groups where admins restrict access to their list of members.
- User location data (for more on this, see the answer to question 15).
"Automated bots"
WIRED: Did the API allow people to create automated bots on Telegram?
Yes. In the Bot API, "bots" are programs that use Telegram as their interface – this lets users perform virtually any task within the app (e.g., playing games, browsing shops, etc. – see https://core.telegram.org/bots for more information). These bots have access to very limited information, significantly less than a normal user.
In the general API, a "bot" could be defined as a custom client performing automated actions on behalf of a user – in any case, the user would have to actively log in to the custom client and the automation wouldn't extend the standard rate limits or grant any additional data access.
"Services like TGStat"
WIRED: Has Telegram verified that the information published about it on TGStat is accurate?
TGStat is a third-party service. We can't confirm that any of the data published there is accurate.
TGStat or similar sites aren't monitoring the full public Telegram ecosystem, just a smaller subset of public channels and groups. For this reason, the data they post cannot be anything more than a gross approximation. Since this subset is not equally distributed across language groups, topics or any other meaningful criteria, the statistical relevance of the data should also be questioned.
"Aggregating data from many groups"
WIRED: Would someone using TGStat be able to find users’ telephone numbers and the groups they are members of by aggregating the member lists of many groups, or chat histories recorded by TGStat?
TELEGRAM: No, they wouldn't. By default, a user's phone number is only visible to their personal contacts – and this can be further restricted in Settings.
Historically, there have been attempts to create databases of Telegram phone numbers in countries like Iran by uploading massive lists of “contacts” to abuse the contact discovery feature. Telegram employs much stricter rate limits than other apps and uses special algorithms to prevent such “scraping” attacks. Telegram users can also control who is allowed to identify their accounts through contact sync. (see https://telegram.org/blog/scheduled-reminders-themes#new-privacy-settings)
However, users can invalidate the protection offered by Telegram if they make their data available to others. For example, by interacting with third-party bots (that use the Bot API) or unofficial Telegram apps (that use the General API):
- If users choose to share their phone numbers with a third-party bot, it will become available to its developer who’s Privacy Policy might be different from Telegram’s.
- If a group admin chooses to add a “moderator” bot to their group, they will be giving the bot access to messages in that group (note: but *not* to the members’ phone numbers).
- Similarly, if a user logs in using an unofficial app, they are giving the developer of that app an opportunity to save the data they are viewing.
While we disable bots and apps that violate the Telegram API Terms of Use (see https://core.telegram.org/api/terms), Telegram cannot guarantee the good intentions of third-party developers using its platform. For this reason, we only recommend using official Telegram apps and official Telegram bots.