Review Confirms Telegram Tracking Vulnerability

An independent review obtained by Important Stories found Telegram clients expose a persistent identifier ('auth_key_id') in cleartext or easily deobfuscatable form, enabling passive observers to correlate device identifiers with network locations, timestamps, and traffic patterns and potentially track users across sessions and geographies; the report also references allegations of ties between a Telegram executive and Russian security services, while Telegram disputes the vulnerability and those connections.