Security Researcher Michal Wozniak: "Telegram Is Indistinguishable From an Intelligence Honeypot"

Security researcher Michal Wozniak has published a detailed technical analysis arguing that Telegram, by design, is functionally indistinguishable from a surveillance honeypot operated by intelligence services. The claim rests not on speculation but on a specific, reproducible finding in Telegram's MTProto 2 protocol: every message sent by a Telegram client carries a cleartext 64-bit device identifier, unchanged regardless of where in the world you connect from.

The Core Finding: auth_key_id in Cleartext

When a Telegram client installs and logs in for the first time, it negotiates an authorization key with Telegram's servers. This key is unique per device. Telegram generates a 64-bit fingerprint of this key called the auth_key_id.

The auth_key_id is prepended to every single MTProto 2 message — in cleartext, before any encryption. It is not a session token that rotates; it is a long-term device identifier. The same auth_key_id value appears whether you connect from home, from a coffee shop, from Iceland, from Poland, or over Tor.

Wozniak's conclusion: "Anyone with the ability to observe all traffic entering and leaving Telegram's infrastructure could track people worldwide by watching their cleartext auth_key_ids added to encrypted messages."

MTProto 2 "Obfuscation" — Trivially Reversible

Telegram applies a layer of obfuscation to MTProto 2 traffic to prevent easy identification by deep packet inspection. The mechanism is as follows:

• Each packet begins with 8 bytes of random data
• Bytes 8–39 contain the AES key
• Bytes 40–55 contain the AES initialization vector
• The payload is AES-CTR encrypted using these values

The critical flaw: the AES key and IV are transmitted in the packet itself, in plaintext, before the encrypted payload. This is not encryption; it is obfuscation. Any observer who captures the packet has everything needed to decrypt it immediately. Wozniak published a deobfuscation tool to demonstrate this.

Once deobfuscated, the packet structure reveals:

• The ef:ef:ef:ef marker indicating abridged transport format
• The message length field
• The cleartext auth_key_id — for example: 64:0a:8a:ff:3a:83:75:54
• The encrypted message body (which, for non-secret chats, is encrypted only to Telegram's servers)

Test Methodology

The analysis was conducted with full reproducibility in mind:

• Platform: QubesOS with isolated virtual machines for network capture
• Client: Telegram for Android v11.9.2 (build 5901)
• Traffic analysis: Wireshark
• Geographic variation: connections from Iceland and Poland
• IP variation: direct connections and Tor-routed connections

Across all test conditions — different countries, different IP addresses, with and without Tor — the same auth_key_id value appeared in every captured packet. The identifier is immutable for the lifetime of the device's Telegram installation.

Perfect Forward Secrecy Does Not Help

Telegram supports Perfect Forward Secrecy (PFS) through temporary authorization keys, which rotate approximately every 24 hours. One might expect this to mitigate the tracking risk. It does not, for two reasons:

1. During the renegotiation of a temporary key, the old auth_key_id appears in cleartext alongside the new one, allowing trivial correlation of sessions across key rotations.
2. Even with temporary keys, the long-term device identifier is used during the initial handshake and during any session where a temporary key has expired.

PFS protects message content from retrospective decryption if the long-term key is later compromised. It does not protect device identity from real-time network observation.

The Infrastructure Dimension

The protocol-level finding is compounded by infrastructure concerns. Investigative outlet iStories has reported that Telegram's network traffic routes through infrastructure with connections to Russian intelligence services. Wozniak is careful to note that infrastructure reporting involves attribution challenges, but the combination is what makes the situation particularly alarming:

"Two decisions by Telegram — infrastructure provider selection and plaintext device identifier attachment — significantly amplify surveillance capabilities beyond either alone."

If both findings are accurate, a single entity would have: (1) the ability to observe all Telegram network traffic, and (2) a persistent, cleartext identifier in every packet linking that traffic to a specific device. The result is global real-time tracking of all 950 million Telegram users.

Comparison to Signal and WhatsApp

The contrast with competing secure messaging platforms is stark:

• Signal uses standard TLS with certificate pinning for transport. No application-layer cleartext identifiers appear in the observable traffic. Device identity is not exposed to network observers.
• WhatsApp uses the Noise Pipes protocol — a modern, well-analyzed cryptographic protocol. Like Signal, it avoids cleartext device identifiers in the transport layer.
• Telegram chose to design its own protocol (MTProto) rather than adopting TLS or Noise, and in doing so introduced a surveillance primitive that neither TLS nor Noise would have permitted.

The researcher frames this as an engineering choice with severe consequences: "reinventing TLS and getting mediocre results."

End-to-End Encryption: The Opt-In Problem

Telegram's end-to-end encryption — "Secret Chats" — is opt-in and inconvenient. By 2018, an analysis found that 98% of all Telegram communication lacked end-to-end encryption. Regular chats, group chats, and channels are all encrypted only to Telegram's servers — meaning Telegram (and anyone with access to its infrastructure) can read them.

This is the opposite of Signal's design, where end-to-end encryption is mandatory and applies to all communications by default. For most users, Telegram functions as a cleartext messaging service with a security-theater brand.

Who Is at Risk

With 950 million active users globally (2024 figures), the potential scope of surveillance includes:

• Political dissidents in authoritarian countries who chose Telegram specifically because they believed it to be secure
• Military personnel, particularly those in conflict zones, who use Telegram for operational coordination
• Activists, journalists, and human rights workers operating in hostile environments
• Politicians and government officials who use Telegram for sensitive communications

The irony, as Wozniak notes, is that Telegram's reputation as a "secure" platform has led exactly the highest-risk users — those who most need genuine security — to concentrate on it.

The Core Critique

Wozniak's critique is ultimately about misplaced security analysis. The information security community spent years debating MTProto's cryptographic strengths and weaknesses — whether the encryption algorithms were sound, whether the key exchange was secure, whether nonce reuse was possible. These are real questions. But they are the wrong questions.

"Security professionals focused on encryption strength while overlooking obvious metadata-based surveillance visible in raw packet dumps."

You do not need to break the encryption to track Telegram users globally. You just need to capture network traffic and read the first eight bytes after the transport header. The identifier is right there, in plaintext, in every packet, forever.

The full technical report, deobfuscation tool, and packet capture methodology are available in Wozniak's published research.