“Telegram Will Betray Us 100%”: Actors Engaging in Illicit Activity React to the Recent Privacy Policy Update
Written by Anastasia Sentsova ✍️
Earlier this week, Telegram updated its privacy policy, stating that it will share IP addresses and phone numbers with relevant judicial authorities if it is confirmed that the individual is a suspect in criminal activities. This decision is related to the recent arrest of Telegram founder Pavel Durov, who was charged by French authorities for allegedly enabling illicit activity on the platform.
Additionally, any shared data will be included in a quarterly transparency report, publicly available at https://t.me/transparency. When we attempted to interact with the bot, we received the message: “We are updating this bot with current data. Please come back within the next few days.” Pavel Durov also posted a message, assuring users that the Telegram is dedicating additional resources, including moderators and leveraging AI, to combat illicit activity.
"Telegram will betray us 100%," said one user, a member of a chat associated with a prominent channel known for publicly sharing stolen data. With the widespread presence of illicit activity on the platform, it's likely that other malicious actors share similar concerns. With all the ongoing adjustments and efforts to combat cybercrime, the question arises: will these measures solve the problem, and how will the recent changes reshape the cybercriminal landscape on Telegram?
Recommended by LinkedIn
At first glance, providing IP addresses and phone numbers seems like a valuable contribution to the investigation of suspected cybercriminals. However, these artifacts are only useful if operational security (OpSec) is compromised. Cybercriminals can easily mask their real IP addresses using VPNs and other anonymizing tools. Moreover, the Fragment service - a no-SIM signup feature that allows users to register Telegram accounts without a physical SIM card - has long been a valuable tool for those seeking anonymity.
Another critical question is how Telegram defines and classifies "malicious activity," and what criteria are used to justify the takedown of groups and channels involved in such activities. For instance, consider hacktivist-like groups, which have become increasingly active on Telegram over the past 2.5 years, with pro-Russia actors dominating the scene. The activities of these groups are multifaceted, blending cyberattacks with information warfare, impacting both the physical and informational security of their targets.
These groups engage in a wide range of actions, from launching cyberattacks to publishing the personal information including influence operations designed to undermine the credibility of targeted entities. This raises additional concerns about where Telegram draws the line between legitimate activism and harmful behavior, especially in the complex landscape of geopolitically motivated cybercrime.
Analyst1 continues to monitor Telegram landscape.