14.1 C
New York
Monday, April 15, 2024

The Kremlin Has Entered Your Telegram Chat

Updated 4/27/2023 3:00 pm et: This story has been updated with additional comments provided by Telegram.


On the chilly, clear afternoon of February 24, 2022—the day Vladimir Putin’s forces launched their full-scale invasion of Ukraine—a handful of Russian opposition politicians gathered in front of Saint Petersburg’s palatial Law, Order, and Security building. They had come to officially request permission to hold a rally opposing the war, which they knew would be denied. Among the group was Marina Matsapulina, the 30-year-old vice chair of Russia’s Libertarian Party. Matsapulina understood that the gathering was a symbolic gesture—and that it posed serious risks.

Nine days later, Matsapulina was awoken around 7 am by someone banging at her apartment door. She crept up to the entrance but was too frightened to look through the peephole, and she retreated back to her bedroom. The pounding continued for two hours, as Matsapulina kept seven friends from her party apprised in a private Telegram group chat. “They’re unlikely to bust it down,” she wrote, wishfully.

But at 9:22 am, she heard a much louder noise. She had just enough time to lock her phone before the door caved in. Eight people surrounded Matsapulina’s bed. They included, she recalls, two city police officers, a two-person SWAT team wielding guns and shining flashlights in her face, and two agents from either the Center for Combating Extremism or the Federal Security Service or the FSB—the successor to the KGB. The officers told her to lie on the floor facedown.

They told Matsapulina she was suspected of emailing a police station with a false bomb threat. But when she was taken into the Ministry of Internal Affairs’ investigation department, she says, a police officer asked whether she knew the real reason she’d been arrested. She guessed that it was for her “political activities.” He nodded and asked, “Do you know how we knew you were home?”

“How?”

He told her that the FSB has equipment that can pinpoint a phone’s location to within one meter, which didn’t surprise her—Russia’s state-owned telecoms often cooperate with security forces, allowing them to track Russian SIM cards. Then the officer said something that left her stunned.

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

“There you were, sitting there, writing to your friends in the chat room,” she recalls him saying. He proceeded to dispassionately quote word for word several Telegram messages she had written from her bed. “‘They’re unlikely to bust it down,’” he recited.

“And so,” he said, “we knew that you were there.”

Matsapulina was speechless. She tried to hide her shock, hoping to learn more about how they’d accessed her messages. But the officer didn’t elaborate.

When she was released two days later, Matsapulina learned from her lawyer that on the morning she was arrested, police had searched the houses of some 80 other people with opposition ties and had arrested 20, charging each with terrorism related to the alleged bomb threat. A few days later, Matsapulina gathered her belongings and boarded a flight to Istanbul.

In April, after having made it safely to Armenia, Matsapulina recounted the episode in a Twitter thread. She ruled out the chance that anyone in her close-knit group had been cooperating with security forces (they’d all also left Russia by then), which left two conceivable explanations for how the officers had read her private Telegram messages. One was that they had installed some kind of malware, like the NSO Group’s infamous Pegasus tool, on her phone. Based on what she’d gathered, the expensive software was reserved for high-level targets and was not likely to have been turned on a mid-level figure in an unregistered party with about 1,000 members nationwide.

The other “unpleasant” explanation, she wrote, “is, I think, obvious to everyone.” Russians needed to consider the possibility that Telegram, the supposedly antiauthoritarian app cofounded by the mercurial Saint Petersburg native Pavel Durov, was now complying with the Kremlin’s legal requests. Telegram would later posit a third possible explanation: That in the few hours after Matsapulina’s arrest and before she was questioned, FSB officers had extracted her messages using a phone-hacking tool like Cellebrite.

Matsapulina’s case is hardly an isolated one, though it is especially unsettling. Over the past year, numerous dissidents across Russia have found their Telegram accounts seemingly monitored or compromised. Hundreds have had their Telegram activity wielded against them in criminal cases. Perhaps most disturbingly, some activists have found their “secret chats”—Telegram’s purportedly ironclad, end-to-end encrypted feature—behaving strangely, in ways that suggest an unwelcome third party might be eavesdropping. These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it’s impossible to tell what’s really happening to people’s accounts—whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it’s such an inherently unsafe platform that the latter is merely what appears to be going on.

In the decade since its founding in Russia, Telegram has grown to become one of the biggest social networks in the world, with 700 million users—yet only about 60 core employees. “For us, Telegram is an idea,” Durov has said. “It is the idea that everyone on this planet has a right to be free.”

The platform, now based in Dubai, has minimal content moderation aside from a stated commitment to taking down illegal pornography, IP rights violations, scams, and calls for violence. Often described in the press as an “encrypted” or “secure” messaging app, Telegram has fashioned itself as a refuge for safe, anonymous communication, but in fact it requires users to go out of their way to set a chat as “secret”; unlike on WhatsApp or Signal, end-to-end encryption is not the default. Still, Durov has repeatedly managed to benefit from the stumbles of other tech giants, particularly when user privacy is at stake. In January 2021, a PR crisis surrounding WhatsApp’s data-sharing with Facebook helped drive millions of people to Telegram, an exodus Durov called possibly the “largest digital migration in human history.”

In the US, Telegram has been relatively slow to catch on, though in the wake of Donald Trump’s ban from Facebook and Twitter in January 2021, it has increasingly become a hotbed for far-right groups like the Proud Boys and followers of QAnon. But in many parts of the world, Telegram is mainstream. In Brazil, where the app has been downloaded on more than half of the country’s smartphones, much of the January 2023 insurrection was planned on the platform. Telegram has also been crucial for pro-­democracy activists in Hong Kong and in countries under Russia’s thumb, like Belarus and Ukraine. In the latter, it has become the preferred app for disseminating government advice for avoiding air strikes—as well as for Russian disinformation.

But it is in Russia itself that Telegram has become nearly indispensable over the past year, thanks to the Putin regime’s wartime clampdown against Western tech. Since the conflict began, Russian authorities have branded Telegram’s main rival, Meta, an “extremist” organization, in part for permitting certain users in Ukraine to post calls for violence against the Russian military. Russia then blocked Meta’s Facebook (which had some 70 million users in the country) and Instagram (80 million). Telegram’s Russian user base has soared from 30 million in 2020 to nearly 50 million today, surpassing WhatsApp as Russia’s most used messaging platform. (The Kremlin controls all of the most popular internet companies based in Russia, including ­VKontakte, a ­Facebook-like social network cofounded by Durov in 2006 that has nearly 70 million users.)

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

As soon as the war began, cyber­security experts raised concerns about Telegram users’ exposure to Russian authorities—even users who are outside Russia. On February 24, Moxie Marlin­spike, the cofounder of Telegram’s US rival Signal, posted on Twitter, “Telegram is the most popular messenger in urban Ukraine. After a decade of misleading marketing and press, most people there believe it’s an ‘encrypted app.’ The reality is the opposite.” Aside from “secret chats,” Telegram’s messages are accessible to people inside the company. “Every msg, photo, video, doc sent/received for the past 10 yrs; all contacts, group memberships, etc are all available to anyone w/ access to that database,” Marlinspike tweeted. Elies Campo, who says he directed Telegram’s growth, business, and partnerships for several years, confirmed this general characterization to WIRED, as did a former Telegram developer. In other words, Telegram has the capacity to share nearly any confidential information a government requests. Users just have to trust that it won’t.

But in many ways, Russian authorities may not even need Telegram’s cooperation to monitor users at scale. That’s because Telegram has effectively built that capability into its generous application programming interface. An API is a software portal through which app developers and researchers can essentially jack into a platform and pull data out of it for their own projects. In Telegram’s case, that data includes the text contents and metadata from any public group chat or channel, and even a record of when users were last online.

Like most APIs, Telegram’s requires a key for access; but those are available to any user who requests one. For years, Durov touted the platform’s open API as an emblem of Telegram’s commitment to transparency, allowing anyone to inspect Telegram’s source code or create automated bots that can, among other functions, broadcast news briefs, process payments, or pass commands to any internet-connected device. But it also makes Telegram a potentially powerful tool for mass surveillance.

Campo, who’s now a fellow at Citizen Lab, a research facility that specializes in spyware, says the app’s API enables any user to automatically save and catalog a vast number of public channels and group chats, a function that isn’t possible on platforms like WhatsApp and Instagram. This would explain, he says, how authorities might have scraped even small channels by indexing at scale. “Telegram could create security measures to make this more difficult, especially if it suspects the Kremlin is doing this and wants to counteract it—for example, more barriers to bots; barriers that identify whether users joining groups or channels are human or not.” (A Telegram spokesperson says that the company’s server “limits the frequency of requests and which data accounts are allowed to access.”)

(Campo was quoted extensively in a 2022 WIRED story about Telegram’s global rise. The company claimed, after that story’s publication, that Campo had never been employed by Telegram, was only briefly a volunteer, and “was never authorized to sign any agreements on behalf of the company." Campo provided WIRED with documentation from 2016 to 2021 that included copies of email correspondence he carried on, using a Telegram address, with executives at Apple, Spotify, and Stripe on behalf of Telegram, and copies of contracts between Telegram and other companies with Campo’s signature. Durov was also included in the correspondence.)

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

As for the access its API offers to public channels, “Telegram gives you pretty much anything,” says Jordan Wildon, an investigator at the Institute for Strategic Dialogue, a think tank that tracks disinformation and extremism. The API has been invaluable to Wildon’s research, he says, but “there are obvious risks with it. It can be abused.” At the start of the war, for instance, he and another researcher found that it was possible to spoof Telegram’s locations API to pinpoint any user within a 2-mile radius if they had recently turned on the "Find People Nearby" location feature. Countless users were “accidentally setting [themselves] as a homing beacon,” Wildon says. (Telegram says that the feature is “impossible to turn on by accident” and that “less than 0.01 percent of Telegram users ever used it.”) He was able to locate four people near Chernobyl with an accuracy of 1 yard just as Russian forces were trying to seize the area. Telegram disputes this level of accuracy, but shortly after Wildon’s research partner went public with their methods, Telegram altered its code to decrease the feature's accuracy. But Wildon has found it’s still possible to locate other users with an accuracy of around 600 yards. Although it would make his research more difficult, Wildon believes accessing data about Telegram’s users should be as “hard as possible.” Currently, he says, “with enough willpower, decent servers, and enough API keys, you could archive nearly the lot of Telegram”—every one of the hundreds of billions of texts, audio files, and images shared publicly on the platform. (Telegram says “public messages are only a minor part of Telegram.”)

Indeed, some private companies have archived significant swaths of Telegram. TGStat, for instance, is a Russian firm that provides metrics about Telegram channel and user growth in different countries. In its privacy policy, TGStat states clearly that it is obliged by law to hand over data to the “state authorities of the Russian Federation.” Because the company has been archiving publicly available data for years, Wildon says, security forces could hypothetically go directly to TGStat to obtain a striking amount of information about a user without any direct assistance from Telegram. Data such as a user’s telephone number and the groups they are members of could be obtained, the latter by aggregating the member lists of many groups or chat histories. “If you can identify a single user and have enough chats on record,” says Wildon, “it’s also possible to generate a file containing every message a user has sent into any [public] group.”

In an email to WIRED, TGStat founder Yury Kizhikin wrote, “The situation in Russia and the world has no influence on the activities of TGStat.” He confirmed that data can be transferred to Russian authorities but said that “all companies operating in Russia have a similar clause in their policies” and that TGStat had not received any requests from authorities or law enforcement agencies.

Stanislav Seleznev, a lawyer for Agora, a human rights group that has represented thousands of people who’ve come under Kremlin scrutiny since 2005, says he has “absolutely no doubt” the Kremlin is exploiting Telegram’s API at scale. Russia has spent lavishly to track its citizens on Telegram and other platforms. In September 2021, Reuters reported that the Kremlin was projected to spend $425 million on tools to bolster its internet infrastructure, including those that automatically search for illegal content on social media platforms. Seleznev says the Kremlin is also working with Russian tech firms like SeusLab, which processes a billion social networking pages and instant messaging chats a day, to produce detailed profiles of users based on their “political activity.” SeusLab director Evgeny Rabchevsky told Reuters that “authorities use the product to assess social tensions, identify problematic issues of interest [and] adjust their activities.”

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

A burgeoning pro-war open source intelligence community has also built an army of bots on Telegram to search for users via username and see which public groups they’re in and which channels they follow, making them easier to identify. According to Ksenia Ermoshina, a researcher at Citizen Lab and the Center for Internet and Society, people who know how to navigate the system can sometimes get a fairly detailed portrait of a user’s public activities just by entering their Telegram ID, “which is quite scary.”

According to a report in Reuters, one member of that open source intel community is a pro-Putin NGO called the Center for the Study and Network Monitoring of the Youth Environment, which has developed an AI tool to scan social media for what it describes as socially dangerous content. The system, founder Denis Zavarzin has said, is “constantly monitoring” about 1.5 million accounts.

But those tools, however powerful, can peer only into Telegram’s public chats and channels. To access private chats like Marina Matsapulina’s exchange with her friends the day the SWAT team banged down her door—let alone end-to-end encrypted “secret chats”—Telegram’s API is not enough. To reach into those chats, the Kremlin seems to have found other methods and, perhaps, other accomplices.

On March 4, 2022, the day before the police detained Matsapulina for “terrorism,” Vladimir Putin signed into law a bill that introduced prodigious jail terms and fines for anyone who published “knowingly false information” about the Russian military. In effect, anyone criticizing the war in Ukraine on social media could face up to 15 years in prison. The law quickly became the basis for a mounting series of arrests and prosecutions. When Telegram emerged as one of the last remaining oases of information and discussion for Russians, it also became a kind of funnel for Kremlin agents. Agora’s Seleznev believes that Telegram’s API allows investigators to monitor public groups at a large scale and then zero in on potential suspects, who can subsequently be pursued into private channels by undercover agents—or perhaps via a court order to Telegram.

In early April, a music producer and bus driver in Russia named Richard Rose posted a video on Instagram that accused Russian troops of murdering hundreds of Ukrainian civilians in Bucha—an event that has been internationally condemned as a massacre. According to the independent Russian outlet Meduza, the video quickly gained the attention of an FSB officer in Rose’s home city of Kirov. In the days that followed, Rose also sent messages on Telegram asking about ways to help Ukrainian soldiers. Rose suspects that at times he was communicating with FSB officers. In a written message to WIRED through his lawyer, Rose says his suspicions escalated when these interlocutors began to persuade him to take certain actions. “I regarded this as an inducement to commit a terrorist act,” Rose says.

Agora believes that police infiltration of Telegram is widespread. In neighboring Belarus, security services work from a manual that describes “tools and methods” for “deanonymizing” users on Telegram, including tips for infiltrating groups. Ermoshina suspects that much the same is happening in Russia, judging from the uptick in criminal cases that cite a suspect’s Telegram activity—a development she blames partly on the platform. “Telegram could have become a place where Russian authorities are not welcome,” she says. A Telegram spokesperson writes, “Like ordinary users, representatives of police organizations around the world are likely to use every available internet service for communication. Telegram is not aware of any cases where we could have influenced their choices.”

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

On April 13, the FSB was reported to have secured a court order to monitor Rose’s phone calls and read his messages. (Telegram says it is not aware of this order, and “in any case, would never have shared any messages with the FSB.”)The next day, Rose and his wife, who had also posted the video about Bucha, were arrested on charges of spreading “knowingly false information,” with investigators citing Telegram messages Rose had sent to an unknown person with a Latvian phone number in which he asked about evacuating his family from Russia. While in pretrial detention, Rose learned that Russian authorities had labeled him an “extremist.”

As Meduza reported, it’s unclear whether investigators accessed Rose’s messages before or after they arrested him. A Telegram spokesperson told WIRED that the company has never shared user information or messages with the FSB or the Kremlin. It’s possible that Rose’s Latvian interlocutor was an undercover agent or that investigators physically accessed Rose’s messages when he was forced to give up his phone during interrogation. (According to recent reporting from the Israeli newspaper Haaretz, Russian authorities possess software that allows them to get around passcodes on locked phones.)

Even more mystery surrounds some ghostly activity that dissidents have encountered in Telegram’s most secure settings. The platform claims its end-to-end encrypted “secret chats” feature (from which messages cannot be forwarded) is “safe for as long as your device is safe in your pocket.” But in early May, the opposition activist Ania Kurbatova realized that both her regular messages and secret chats were showing up as “read” when she knew the recipient had not read them. She also noticed at times that when she logged out of a secret chat, the session would still be marked “open” and messages could still be read. This should have been impossible: Each chat receives a unique encryption key that disappears once a session is over. To continue the conversation, users need to start a new chat and receive a new encryption key. The private conversations, Kurbatova says, included one with “a Ukrainian journalist who was looking for information about people who were taken to Russia from the filtration camps from the Donetsk and Luhansk region.” There was also “an important chat” with Kurbatova’s partner, Ivan Astashin, an activist who in 2009 was sentenced to 10 years in prison for throwing a Molotov cocktail at an FSB office. Kurbatova says Astashin noticed the same oddities in his own secret chats.

Kurbatova and Astashin sought help from Ermoshina, who asked them to check the app’s “active sessions” feature, which shows the other devices they have the app open in. Nothing turned up. Then she had them reinstall the app. Even after these precautions, secret chats continued to show as read, and old sessions could still be reopened. Ermoshina was at a loss for a technical explanation but noted that, as a well-known activist couple, Kurbatova and Astashin are a valuable target for the Kremlin. And their case isn’t isolated. In August, Yana Teplit­skaya, a human rights activist who has investigated the alleged torture of Russian prisoners, says she noticed that many of her secret chats were erroneously marked as read. (Telegram explained that messages may be accidentally marked as read if a user leaves their phone unlocked with the chat open. A spokesperson said that, “after a time the phone’s screen might lock automatically and you wouldn’t notice that you had the chat open.” Kurbatova and Astashin say their messages appeared as read even though they hadn’t left the chat open on any other device. The company also claims that it has never found any “security flaws that would enable a third-party to intercept of decrypt Secret Chats.”)

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

While it’s possible spyware was involved, such cases have turned dissidents’ suspicions to Telegram itself. For many activists, this represents a precipitous loss of faith.

What happened to Marina Matsapulina in her apartment eerily mirrors something that once happened to Pavel Durov—an event that serves as the founding myth of Telegram. In December 2011, in the wake of a highly controversial round of parliamentary elections, Durov, then the 27-year-old CEO of VKontakte, received a request from the FSB to take down the pages of opposition groups. Durov refused, then theatrically taunted the government on Twitter. As he later told The New York Times, a SWAT team soon arrived at his apartment. As they pounded on his door, Durov called his older brother but quickly realized he had no secure means of communication. In that moment, Durov claimed, he saw the need for a platform that could skirt authoritarian surveillance. “That’s how Telegram started.”

For more than a decade, “Russia’s Mark Zuckerberg” has taken pains to maintain a larger-than-life persona as a brash, black-clad, libertarian crusader against authoritarian surveillance, whose primary foil has been the Russian state. But as Matsapulina suggested in her Twitter thread last April, Telegram’s relationship with the Russian state seems to have changed markedly over the past few years.

As she reminded her followers, relations between the platform and authorities were at a low point in 2018. That April, Durov refused an order from the FSB to hand over the encryption keys of Russian users. In response, the Kremlin banned Telegram from Russia, and telecom regulator Roskomnadzor set about blocking access to Telegram from the Russian internet.

Thousands of people protested the decision in Saint Petersburg, some brandishing posters that depicted Durov as a glowing religious icon holding Telegram’s paper-plane logo. Adding to the defiant-hero narrative, Durov’s staff hid Telegram behind Google’s and Amazon’s hosting services to disguise and constantly change its web addresses. In a brief bit of collateral damage, Roskomnadzor accidentally blocked some 16 million IP addresses in Russia, including much of Twitter and Facebook. Telegram, for most users, kept running.

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

But in June 2020, Russia suddenly announced it had reached an agreement with Telegram to unblock the app, the exact terms of which remain undisclosed despite requests for transparency from cybersecurity researchers, journalists, and human rights groups. (A Telegram spokesperson said that "no deals were made to inspire the unblocking of Telegram. That decision was made solely by the authorities in Russia.”) Most Russians, Matsapulina noted in her thread, laughed off the possibility that Telegram had made any concessions to the Kremlin. But when Russian authorities announced the agreement, she wrote, they “literally stated” that the two sides had reached it “in the context of terrorism,” the very context invoked in the arrest of Matsapulina and others. In fact, the fuller story surrounding Telegram’s ban and reinstatement does raise the question of whether Moscow has gained some leverage over Durov.

Back in 2018, while playing cat and mouse with Roskomnadzor, Telegram was also working to develop something it had always lacked: a means of making money. As the platform had never hosted ads or offered subscriptions, the company set out to build an entire economy on top of Telegram, creating the Telegram Open Network, or TON, a blockchain platform with its own cryptocurrency, called grams, that would be integrated into the main app. Like many blockchain startups, it would raise money through an initial coin offering, allowing investors to buy grams. Ambitions were high: Two weeks before Roskomnadzor blocked the app, Telegram announced that the ICO had raised $1.7 billion, the largest in history at the time. (Much of the investment, as independent Russian media reported, came from oligarchs, including a rumored possible $300 million from key Putin ally Roman Abramovich. Telegram says Abramoavich’s investment “didn’t exceed $10 million.”)

But in 2019, disaster struck. Just as TON was set to launch, the US Securities and Exchange Commission charged Telegram with illegally failing to register the crypto­currency and claimed the company had appropriated funds designated for TON to pay its bills. Durov fought the SEC’s emergency action for a year but bitterly announced the end of TON in May 2020.

Forced to pay back investors and saddled with Telegram’s soaring server costs, Durov needed a massive influx of cash. At that moment, Telegram’s relationship with Russia began to thaw. A few weeks after the TON project ended, two pro-Kremlin party deputies in Russia’s parliament proposed that the ban on Telegram be lifted, arguing that it could be an important communications tool for the government in times of crisis. Durov posted his support of their proposal on Telegram, arguing that the company’s presence in Russia could help bolster the country’s technological innovation and “national security.” He also claimed that since 2018 his team had improved “methods for detecting and removing extremist propaganda,” as well as “mechanisms that allow preventing terrorist attacks around the world” while still protecting user privacy. He didn’t elaborate on how this was possible.

On June 18, Roskomnadzor lifted the ban. To Western users and media at the time, the détente seemed to show that Durov’s antiauthoritarian cunning had prevailed. Telegram, one expert told The Washington Post, “seems to have won a staring contest with Putin and the security state.”

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

But who actually blinked? What terms had Telegram and Roskomnadzor agreed to? Both sides offered sparse explanations.

In a statement, the regulator praised Durov’s new, helpful attitude: “We commend the readiness expressed by Telegram’s founder to combat terrorism and extremism.” Unnamed government sources told the Russian news agency Interfax that Telegram had agreed to cooperate with security services in specific cases. Those sources also noted that technological developments had rendered the need for encryption keys “irrelevant” but didn’t explain further. Telegram disputes these claims. A spokesperson told WIRED: “Telegram’s understanding is that the statements by the Russian authorities were referring to a post by Pavel Durov where he mentioned Telegram had expanded its moderation efforts globally to better address public calls to violence. Durov’s post itself was a response to Russian officials who publicly suggested the block be ended due to it being unenforceable and hurtful for the "prestige" of the state.” In a Telegram post after the decision, Durov assured Russian users there’d be “no changes in terms of the safety of personal data.” Putin himself celebrated the announcement on live TV a year later during his annual Direct Line Q&A. “We have reached an agreement with Telegram,” he said. “You can see that everything is working fine.”

According to a government source familiar with the June 2020 agreement, the Russian state-owned bank VTB, which has close ties with the Kremlin, was also involved in the negotiations. In January 2021, reporting came out that VTB had estimated the company’s value: as high as $124 billion by 2022. Telegram also said it would start selling five-year bonds. VTB would help shop them around to investors. (When WIRED asked about the terms of the agreement, a Telegram spokesperson wrote: “We never discussed anything related to unbanning Telegram with anyone working at VTB.” VTB did not respond to requests for comment.) By March 2021, Telegram had raised more than $1 billion from these backers. Although little is known about their identities—Durov wrote on his Telegram channel only that they were “some of the largest and most knowledgeable investors all over the world”—The Moscow Times reported that the investments included $75 million from a joint partnership between an Abu Dhabi state fund and a Kremlin sovereign wealth fund. (The Abu Dhabi fund Mubadala said in a statement that the Kremlin fund had participated through “the Russia-UAE joint investment platform." Telegram told Bloomberg at the time that the Kremlin fund hadn’t participated in the original sale, and “appears to have bought a small quantity of funds on the secondary market.”)

Three weeks after Russia unblocked Telegram, the company’s vice president, Ilya Perekopsky, appeared at a conference outside Kazan to talk about growing Russia’s IT industry and both he and prime minister Mikhail Mishustin made pledges to fight the dominance of American tech. Introducing a speech by Perekopsky in which he noted Telegram’s “Russian roots,” deputy prime minister Dmitry Chernyshenko also stated that it was “great news” that Telegram was operating in Russia once more. Human rights groups, opposition activists, and independent Russia media found this sudden harmony between once bitter foes as fascinating as it was concerning. Several noted the fortuitous timing.

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

Since Russia’s invasion of Ukraine, Telegram and the Kremlin have appeared even more in sync. Allowed to remain standing in a decimated internet sector, Telegram has become useful not only to security services but also to the state’s propaganda machine. Blanket censorship of Russian media has made Telegram a vital source of information for Russians, with Meduza and other outlets sharing reports via public channels on the platform. But pro-Kremlin disinformation far outpaces journalism. “Telegram now is the central backbone for Russian disinformation machinery,” says Jānis Sārts, director of the NATO Strategic Communications Centre of Excellence. “It’s also the way they overcome all the roadblocks built by Western platforms.” Two weeks before Facebook was banned, a post on the Russian government’s Telegram channel summarized a meeting between deputy prime minister Dmitry Chernyshenko and IT industry leaders in which Chernyshenko stated that “government agencies are recommended to create accounts on Telegram and VKontakte.” Telegram is now the platform of choice for Kremlin officials. (A Telegram spokesperson said: “Creators of government-sponsored propaganda often artificially inflate the number of subscribers and views using a large number of fake accounts, perhaps with the aim to receive additional state funding. However, given that Telegram does not use any content recommendation algorithms, such as those employed by Facebook or Twitter, such actions have no chance of affecting what is seen by real users.”)

The relationship between Telegram and VTB has also grown: A few months after the invasion began and Apple and Google had removed VTB’s app from their stores, the company announced it was launching a digital bank on Telegram “to overcome restriction of sanctions for customers.”

In addition to Roskomnadzor’s press office, WIRED contacted three current and former employees from the regulator about the agreement, as well as one current and one former government minister thought to be familiar with it. None agreed to speak. WIRED messaged, via Telegram, the deputy head of Roskomnadzor, Vadim Subbotin, about the 2020 agreement; he said to direct questions to the regulator’s press office, and then deleted the chat history. Vadim Ampelonsky, a former spokesperson for the regulator, responded, “I am a vatnik”—literally a quilted jacket, slang denoting a devout follower of government propaganda. He added that “in the current situation, participating in research for an American publication is zapadlo”—vulgar slang that means beneath one’s dignity. He signed off: “Take care of yourself!”

At the end of Matsapulina’s April 2022 Twitter thread, she said that she and her colleagues had moved from Telegram to Signal. “I don’t want to spread panic, I don’t want to pretend I’m some kind of expert on this issue, but I want to urge everyone to be careful what they say on Telegram. It is possible that this is no longer the safe space everyone used to think it was.”

According to Ksenia Ermoshina, much of the Russian opposition movement has likewise abandoned Telegram. To widespread dismay, she says, pro-war channels started posting activists’ personal information with impunity—“compiling databases of Russian anti-war activists with their faces and links to their [social media], and sometimes even home addresses and other personal data.” When users reported these incidents, she says, Telegram’s initial response was slow or nonexistent.

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

Many chats and groups where users organized opposition movements have been shut down. “No one has organized anything on Telegram since February,” Ermoshina says, describing a “digital migration” of Russia’s opposition movement from Telegram. “People moved out of Russia in exile,” she says, “and they moved out of Telegram in exile!”

Natalia Krapiva, a lawyer at the digital rights group Access Now, notes that Telegram has never responded to requests for clarity, including an open letter sent by her organization and a coalition of groups asking for dialog on “safety and security issues plaguing” the app. Regarding concerns that the platform is facilitating state surveillance, she says, “Telegram hasn’t done much to demonstrate that, in fact, they’re not cooperating” with the authorities.

Meanwhile, cases of Telegram cooperating with governments outside Russia have emerged. In January 2022, after Telegram ignored multiple requests from German authorities to stanch a wave of violent anti-Covid-­lockdown protests that had been coordinated on the platform, the German government debated banning it. By June, Der Spiegel reported, Telegram had provided German federal police with personal data of users suspected of terrorism and child abuse. And in India, where there are more than 100 million Telegram users, the company in November provided the Delhi High Court with the names, phone numbers, and IP addresses of users accused of illegally sharing a teachers’ copyrighted course materials on the platform.

Pavel Durov has not given an interview to Western media since 2017. He declined to speak on the record for this story. But in a video call last fall, one of Durov’s associates offered insights into the mindset of Telegram’s founder. Georgy Lobushkin used to be VK’s head of PR and remains in contact with his old boss, having attended Durov’s 38th birthday in Dubai in October. He often posts unofficial information about goings-on at the company on his Telegram channel: “​​Sometimes in Russia people call me the gray cardinal of Telegram because I say things on behalf of Telegram, but I’m not formally part of the team.”

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

“The Russian market is very important to Durov,” Lobushkin said, noting that it represents about 7 percent of Telegram’s 700 million users, not to mention its symbolic importance. Sure, Durov has said he will never cooperate with Russian authorities and would leave the market if push came to shove, Lobushkin says, but that might be “a bluff” since Russia holds such a significant percentage of the platform’s users.

Lobushkin says he has no special information about why Telegram was unblocked in 2020. But he believes the Kremlin saw potential in the platform. “The Russian propaganda machine learned how to use Telegram effectively and efficiently,” Lobushkin says.

Pavel Cherkashin, a Russian-born venture capitalist based in San Francisco who invested in the TON project before its collapse, argues that Durov is comfortable operating in a gray zone—willing to turn a blind eye to the Kremlin because the relationship is good for growth. “Putin becomes a great ally for developing his business, and he accepts this as a serendipity,” Cherkashin says. He adds that because Putin controls which platforms can operate in Russia, “he’s forcing all of the business—all of that is now on Telegram.”

It’s true that a huge number of Russians continue to depend on Telegram, and its growth in the country and globally has been spurred by the war in Ukraine rather than deterred—even The New York Times opened a Telegram channel to disseminate news about the war. “People still trust Telegram for some reason,” says Andrei Soldatov, an independent journalist who has investigated Russian security services for more than 20 years. “But I don’t know why.”

In late April 2022, three days after posting her thread, Matsapulina received an anonymous message through Telegram’s official support account. She later took to Twitter to recount the exchange. “We read your story on Twitter,” it began. “We’d like to express our sympathy with your case and share the results of an investigation our team did.” The message said that only two authenticated devices had access to her Telegram messages: her phone and her computer. It also noted a failed login attempt “after your detention.” Someone, whom Matsapulina presumed to be a police officer, had correctly entered an SMS verification code but incorrectly entered her password. “From Telegram’s side, access to your private messages has not been granted.” The message concluded there were two most likely scenarios. One was that someone had taken physical possession of her device. This seemed highly improbable to Matsapulina, given the short time between her arrest and when her messages were recited back to her. (Telegram later disputed this with WIRED, claiming that a hacking tool like Cellebrite could have been used to quickly extract her messages, and that “no app can defend against such a scenario.”) The other possibility, the message noted, was that her friends in the group chat had been compromised.

Matsapulina and her friends then asked Telegram to check their logs. She says the company reported that they hadn’t been compromised either. This left Matsapulina back where she began: How did the officers read her messages?

Most PopularBusinessThe End of Airbnb in New York

Amanda Hoover

BusinessThis Is the True Scale of New York’s Airbnb Apocalypse

Amanda Hoover

CultureStarfield Will Be the Meme Game for Decades to Come

Will Bedingfield

GearThe 15 Best Electric Bikes for Every Kind of Ride

Adrienne So

After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.

Matsapulina has since started using Telegram again. For one, she says, even if Russian security services were tracking her account, she has already left the country. It’s also her only way of reaching friends and family: For Matsapulina and millions of Russians alike, the cipher of a platform remains indispensable.

Additional reporting by Vadim Smyslov.


Let us know what you think about this article. Submit a letter to the editor at mail@wired.com.

Related Articles

Latest Articles