Is Telegram Really Anonymous? Let’s Be Honest.

Dark Master — Tue, 28 Apr 2026 12:51:16 +0000

There’s this idea floating around — in tech circles, activist groups, even among regular people who just “heard it somewhere” — that Telegram is the anonymous, private messaging app. The one that governments can’t touch, hackers can’t crack, and cops can’t trace.

I want to gently push back on that. Not because Telegram is bad. It’s not. But because anonymous is a very specific word, and Telegram earns it only in very specific situations.

First, what does “anonymous” even mean?
There’s a difference between private and anonymous. Private means your content is hidden. Anonymous means your identity is unknown. You can have one without the other. Telegram promises a version of privacy. It mostly does not promise anonymity — and that matters.

The phone number problem
To use Telegram, you need a phone number. That’s it — that’s the conversation starter right there. Your phone number is your identity. It’s linked to a SIM card, which is linked to your name in most countries (especially in Pakistan, where NADRA ties every SIM to your CNIC).

Yes, you can hide your number from other users. But Telegram still knows it. And if someone subpoenas them, or a government agency sends a valid legal request to the country Telegram operates from at that moment — they have your number. And with your number, they have you.

The registration phone number is never truly hidden. It’s a persistent link between your real identity and your account — regardless of what name or photo you use.

What about “Secret Chats”?
Here’s where Telegram actually does something right. Secret Chats use end-to-end encryption (E2EE) via the MTProto 2.0 protocol. That means only you and the recipient can read those messages. Not Telegram, not their servers, not anyone intercepting traffic.

But here’s the catch most people miss: regular chats are NOT end-to-end encrypted. Your normal conversations — the ones in groups, channels, and standard DMs — are encrypted in transit and at rest, but Telegram holds the keys. That means they can technically read them. Or hand them over.

Secret chats

End-to-end encrypted
No cloud backup
Self-destruct timers
Device-to-device only
Regular chats

Cloud-stored by Telegram
Telegram holds the keys
Can be legally requested
No E2EE by default
Most people never touch Secret Chats. They use the default chat mode, sync across devices, and enjoy the convenience. That’s fine — but they shouldn’t call it anonymous.

The metadata issue
Even if your messages were perfectly encrypted, metadata is a whole other beast. Who you talk to, when, how often, from what IP address — this is metadata. Telegram collects some of it. And in intelligence and law enforcement, metadata is often more useful than content. It builds a map of your relationships, habits, and patterns.

Has Telegram actually handed over data?
Yes. After years of claiming they’d never comply, Telegram updated their privacy policy in late 2024 and acknowledged they can — and do — share user data with law enforcement under valid legal requests. This followed the arrest of Telegram’s CEO Pavel Durov in France in August 2024, which put significant pressure on the platform’s policies.

This isn’t a gotcha. It’s just reality. No company operating at Telegram’s scale can exist in a legal vacuum forever.

Real-world case

In 2024, following Durov’s arrest, Telegram disclosed that it had provided IP addresses and phone numbers of users to authorities in response to court orders — something they had previously implied would never happen.

So when IS Telegram relatively safe?
To be fair — and fairness matters here — Telegram is genuinely useful for certain threat models:

If you’re worried about a random hacker intercepting your traffic on public Wi-Fi, Telegram handles that fine. If you’re avoiding casual corporate surveillance or don’t want your messages sitting in a Google or Meta server, Telegram is better than WhatsApp for that. If you’re using Secret Chats for sensitive one-on-one conversations, the E2EE is solid.

Where it fails as an anonymity tool is against nation-state actors, legal subpoenas, or any adversary who can obtain your phone number and trace it back to you.

What should you use instead?
If actual anonymity is your goal — not just privacy, but real you-can’t-find-me anonymity — the honest answer involves tools like Signal (E2EE by default, minimal metadata, open source), Session (no phone number required, decentralized), or for the highest-risk situations, Briar or Cwtch over Tor.

Telegram is not in that category. It’s a feature-rich, fast, convenient messaging app with optional strong encryption. That’s a genuinely useful thing. Just don’t confuse convenience with anonymity.

Final verdict
Telegram is private-ish, not anonymous. It has good security features if you deliberately use them. It’s built by people who care about privacy more than, say, Meta does. But it’s not a shield against a determined, legally-equipped adversary.

The next time someone tells you “just use Telegram, they can’t track you” — you’ll know what to say.

Written from the perspective of someone who runs a Tor bridge, tests apps for F-Droid, and has spent way too many late nights reading privacy architecture docs. Take it with appropriate context.

I Built a File Encryption App in Rust. Here’s What I Learned About Trust.

Dark Master — Thu, 16 Apr 2026 10:17:55 +0000

I’m 17. I live in Karachi. I have 8GB of RAM and a laptop that throttles if you look at it wrong.

And I just shipped a desktop encryption app in Rust.

Not because someone asked me to. Because I needed it to exist.

Why Rust

I could’ve done this in Python in a weekend. But Python wouldn’t give me what I actually wanted — control. When you’re encrypting someone’s files, you don’t want a garbage collector making decisions behind your back. You don’t want mystery allocations. You want to know exactly what’s in memory and when it leaves.

Rust forces that conversation. The borrow checker is annoying until it saves you from a mistake you didn’t know you were making.

It took longer. It was worth it.

The Stack

AES-256-GCM-SIV for encryption. Argon2id for key derivation. HKDF-SHA512 to stretch the key material. egui for the UI because I didn’t want to ship an Electron app that weighs 200MB to encrypt a text file.

Each of these choices was deliberate. GCM-SIV over plain GCM because nonce reuse is a real-world failure mode, not a theoretical one. Argon2id because it’s memory-hard and scrypt has a worse story on GPUs. HKDF because you should never use a password directly as a key.

Security isn’t one big decision. It’s a hundred small ones.

18 Bugs

The first version had 18 bugs. I’m not hiding that. UTF-8 panics on non-ASCII filenames. The NSIS installer writing to the wrong path. A title bar gap being counted twice in the layout.

Become a Medium member
Most of them were embarrassing in hindsight. None of them were unfixable.

I used AI tooling heavily — Roo Code, Jules — to move through them faster. The AI didn’t replace the thinking. It replaced the typing. I still had to understand every change before it merged.

That distinction matters.

Why This Project, Really

Here’s the honest answer.

I live in a part of the world where privacy is not a default. Where your data going somewhere you didn’t intend is normal. Where you can’t always trust the platform, the app store, or the company behind the software you’re using.

I’m also Muslim. There’s a word in Arabic — amanah — it means a trust. Something given to you that you are responsible for. I think about that a lot when I think about other people’s files, other people’s messages, other people’s data.

If you handle someone’s information, that’s an amanah. Most software treats it like a liability.

I wanted to build something that treats it like what it actually is.

What’s Next

The app is called Neuron-Encrypt. It’s on GitHub. It’s GPL-v3 because I don’t want it locked behind anyone’s business model.

Version 1 works. It encrypts. It installs. It doesn’t phone home.

Version 2 will do more. But I’d rather ship something honest and small than something bloated and impressive-looking.

If you’re a developer who cares about this stuff — not the buzzwords, the actual problem — I’d like to hear from you.

Ubaid ur Rehman is a DAE Electronics student in Karachi building FOSS privacy tools. GitHub: darkmaster0345.

DEV Community: Dark Master

Is Telegram Really Anonymous? Let’s Be Honest.

I Built a File Encryption App in Rust. Here’s What I Learned About Trust.