Anonymity Deanon in Telegram: Non-obvious Things.


Fixxx

Fixxx

Moder
Joined
20.08.24
Messages
1,082
Reaction score
4,171
Points
113
1773986353532.png

Initially, the Telegram company allegedly didn't hand over encryption keys to law enforcement agencies. This formed the basis for a marketing campaign as a messenger that won't betray you. A significant portion of the shadow business (dealers, scammers, service providers, etc.) settled in Telegram. The feeling of impunity dulls the mind and you start to feel invulnerable while sitting in this messenger. If we consider secret chats (which only 1% of users utilize), Telegram supposedly has no issues with user confidentiality and for violating terms they only delete your account (so far). Feeling invulnerable, users lose vigilance and make numerous mistakes while working in Telegram. The longer you maintain an account, the higher the likelihood of your de-anonymization. Your Telegram profile history becomes richer and more relevant with each new month. Your interests, geo-location, mentions, your messages, username history, linked numbers, almost any activity - all are parsed and recorded in databases that will be updated in the next information aggregators. AI is used to create digital profiles of accounts, find similar accounts, find circles of communication and so on. Let's break it down step by step.


Telegram ID


The cornerstone of your account is the Telegram ID. This is the foundation of your profile. Its sequential number (which can determine the approximate date of account creation). Any activity you log is tied to your Telegram ID. You entered any bot - the bot registered and remembered your ID. You entered a group - your activity is recorded and attributed to your ID (if the group has a parser). Even if you don't have a username, you can be found and checked by ID. In short, the essence is clear: no matter how many times you change your photo, usernames, names - the ID remains unchanged.


Usernames


From ancient times, humans have been compelled to write their names on every fence. Usernames are no exception. Using accounts for years, users usually change their username every 6-12 months. It's hard to remember which username you had 2-3 years ago and why would you need to remember it, right? The catch is that all your usernames are also parsed and checked and you probably have not just one account, but rather around 4-10, sometimes 20-40. Each such account stores a history of usernames and if you decide to set a username on a new account that you used on other accounts before - you create a direct link. Especially if your username is unique, which no one else would set. Having just one username, you can find many of your other Telegram accounts. In case you change 1-2 characters in the username, hoping it won't work - some bots also display a list of very similar usernames. So, we have a chain of your usernames, several of their variations and IDs. What's next?


Parsing Interests


Being in different groups, even if you haven't written a single message (and "Alex entered the chat" is formally a message written by you, tied to your ID) - you reveal a lot about yourself. Parsing by interests is the best thing in Telegram de-anonymization. This analysis greatly simplifies de-anonymization; creating a user portrait happens in one click, immediately understanding who the person is, where they live, what they are interested in and how long they have been interested in it. Your presence alone says a lot. Example:
  • Account age: 3 years
  • Medicine: Neurobiology [approximately one week]
  • Hobbies: De-anonymization / identity exposure [approximately one week]
  • Blockchain: TON / TONcoin [frequently, approximately one month]
  • Blockchain platform [frequently, over a year] / Mining [about a year]
  • Illegal: Selling accounts [frequently, over a year]
  • Darknet: Fraud/Scam [approximately one week]
  • Social media: Boosting visits/comments/subscribers [over a year]
  • Games: Computer games / Cyber sports [frequently, several months]
  • Gambling: Bonus hunting / Online casino [over a year]
  • Investments: Trading [frequently, about six months]
  • Finance: Currency exchange/fiat [frequently, over a year]
  • Geo: London [approximately one week]
  • Work: Earning money online [frequently, over a year]
  • Communities: Hackers / School kids [approximately one week]
  • Skills: Network reconnaissance search / OSINT [approximately one week]
From this summary, it's clear what the person is like, where they live, how they earn money, what they are interested in and many other details useful for de-anonymization. At this stage, it becomes clear why this person's de-anonymization was ordered, who they might have offended and so on - all from just one query. There's no need to beat around the bush; go through the example and draw your own conclusions.


Parsing Groups/Messages


More than your presence in groups can be said by your messages in them. Everything is parsed in a similar way. Even if you delete a message - it has likely already been backed up. Closed group? Don't worry! From experience, if a group has more than 100 people, there's already a parser. Who and why they do it? No idea, but it's very convenient. By checking your ID, you can get a list of groups sorted by principles like "Member but doesn't write", "Actively writes, left the group", etc. You can follow hyperlinks to reread your messages (even if the group is closed, parsers save invite links). AI also analyzes what you wrote and automatically creates your digital portrait (not an exaggeration; it understands where the wallet is in the message, where the talk about your age is, etc). If we talk about the simplest methods, you can enter any group, search for messages by the user and Telegram will provide everything in a convenient order. It's enough to just look at the summary of which groups you were in, how many text/voice messages/circles and what meaning they contained (AI literally analyzes the meaning of what you wrote and attaches it to your ID as a result of the analysis and what it is based on).


Parsing Phone Numbers


Even hidden numbers are parsed (in 35-45% of cases). It's unclear where and how, but there are unique databases that provide the phone number, even if it was almost always hidden. I don't know where and how they get them, but in case of de-anonymization, we clearly know that if the number is not in those databases, it doesn't exist anywhere. The tool provides an incredible number of uniquely parsed usernames and Telegram numbers that don't exist anywhere else. When the details become known, we'll add the source of the leak.


When Telegram Becomes Non-Anonymous?


De-anonymization becomes possible if you:
  • Didn't set privacy settings immediately after creating the account
  • Use the account for a long time
  • Use many usernames
  • Enter groups/channels
  • Write in groups/channels
  • Share your number/geo with bots
  • Open links/files from bots or unverified individuals
  • Lose vigilance
Remember that proxies or VPNs only prevent Telegram from seeing your IP address; the rest depends on your activity. We'll just mention the well-known methods to determine the ID of someone who created stickers or generated an invite link to a group/channel (works only on old invite links). Such verification methods should also be kept in mind while working in Telegram. Conclusion: In terms of anonymity, Telegram is getting closer to social networks.
 
You must log in or register to reply here.
Top Bottom