Telegram CEO Pavel Durov recently announced that Telegram would be handing over user data (such as phone numbers and IP adresses) to the authorities. Now it turns out that it has been doing so since 2018.

My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

To reduce confusion, last week, we streamlined and unified our privacy policy across different countries.

Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.

Full text of the post.

📰 My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

🌐 Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

⚖️ Whenever we received a properly formed legal request via relevant communication lines, we would verify it and disclose the IP addresses/phone numbers of dangerous criminals. This process had been in place long before last week.

🤖 Our @transparency bot demonstrates exactly that. This bot shows the number of processed requests for user data.

✉️ For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

📈 In Europe, there was an uptick in the number of valid legal requests we received in Q3. This increase was caused by the fact that more EU authorities started to use the correct communication line for their requests, the one mandated by the EU DSA law. Information about this contact point has been publicly available to anyone who viewed the Telegram website or googled “Telegram EU address for law enforcement” since early 2024.

🤝 To reduce confusion, last week, we streamlined and unified our privacy policy across different countries. But our core principles haven’t changed. We’ve always strived to comply with relevant local laws — as long as they didn’t go against our values of freedom and privacy.

🛡 Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.

    • @[email protected]
      link
      fedilink
      62 months ago

      I’ve been calling this out for years.

      And every time, some commenter goes, “Nu uh, look at their website bro! It’s super private!”

    • Pika
      link
      fedilink
      English
      2
      edit-2
      2 months ago

      In terms of end-to-end encryption I don’t mind if they have my phone number or not, if it’s done right.

      Let’s use signal for example, because honestly they do it pretty decently, the most information that you can obtain from signal in a data information request is the date and time that an account is created, and the last time the account went online.

      Actual content such as the user’s contact list, the people that user was talking with(including groups), and of course the messages that you sent are fully end to end encrypted meaning that signal does not have access to it meaning that they cannot give that information out in a data information request as they never had it in the first place.

      The most that signal is able to confirm in a data information request, is yes this specific account ID has a signal account and this is the last time they went online.

      • @[email protected]
        link
        fedilink
        02 months ago

        Are you mad? The phone number tells you what phone company to call. In most countries, that tells them your name and government ID.

        The phone number is the thing that tells them everything about you.

        • Pika
          link
          fedilink
          English
          4
          edit-2
          2 months ago

          and what is that going to give them? The information that they have is yes, they have an account, and that’s also saying that they used an actual number and not a VOIP number for registration. but if they are asking via phone number, they will already have that information at hand. They won’t get any information about what chats that number is part of, or even any info really at all, anything about the account is encrypted and not visible.

          If they are able to provide my phone number without knowing the info you said there, there is some other leak already involved, and either way they won’t get anything but a “yes he has an account and he was last connected on X”

        • @Willifire
          link
          1
          edit-2
          1 month ago

          If somebody is that paranoid (or in a situation where that level of secrecy is necessary) they would not use a number that is traceable to them… So it doesn’t matter if they have your phone number or not.

          • @[email protected]
            link
            fedilink
            01 month ago

            Most people live in countries where they cannot legally buy phone numbers that are not traceable to them

            Check your privilege.

            • @Willifire
              link
              11 month ago

              You wouldn’t concern yourself with the legality, if your threat vector includes the traceability of the phone number.

              And regarding your (in this context) nonsensical privilege remark: I live in such a country. Yet I have used such numbers.

    • @[email protected]
      link
      fedilink
      12 months ago

      Doesn’t signal allow signups without a phone now?

      Also second SimpleX that the other person mentioned.

      • @[email protected]
        link
        fedilink
        12 months ago

        No, it gives usernames in addition to phone numbers. They refuse to remove the phone number requirement. How else could they help the feds identify your account?