Telegram’s MTProto Design Flaw Lets Trackers Bypass VPNs and Proxies

1. Technical analysis: what is auth_key_id

MTProto (Mobile Protocol) is Telegram’s proprietary messaging protocol. Each MTProto frame begins with a 64‑bit auth_key_id field, which is the low 64 bits of the SHA‑1 hash of a 2048‑bit authorization key generated at account registration and stored permanently on the device. The key never traverses the network, yet the identifier is placed in the external header of every message in plaintext.

On Android, the client runs over plain TCP with a lightweight XOR obfuscation layer that the documentation admits is only meant to defeat "naïve protocol detection" and provides no cryptographic protection. Consequently, auth_key_id appears in clear text in every MTProto packet.

Desktop clients (macOS/Windows/Linux) connect to port 443, but traffic is not HTTPS. Tests using TLS fingerprint analysis, certificate verification, packet‑structure inspection, and selective traffic blocking showed no TLS handshake; the protocol simply uses TCP on port 443 to bypass firewalls that allow only HTTPS traffic.

2. Tracking experiment: VPN and IP changes ineffective

Symbolic Software performed systematic tracking tests under various conditions: app restart, DHCP IP renewal, Wi‑Fi ↔ cellular switch, Tor routing, switching to a different Telegram server within the same data center, and prolonged observation over days‑weeks. In every scenario the auth_key_id remained unchanged, demonstrating that it is a persistent device fingerprint that survives all network‑level changes.

3. Why Perfect Forward Secrecy (PFS) does not help

Telegram supports Perfect Forward Secrecy, which limits damage after a key is compromised. However, the report notes that PFS only addresses "post‑compromise decryption" and does not protect against real‑time traffic analysis or device tracking. When PFS is enabled, the visible identifier becomes a temporary auth_key_id derived from a short‑lived key (typically valid for 24 hours). The key‑rotation event itself is observable on the network, allowing an attacker to link the old and new identifiers.

Security researcher Michał "rysiek" Woźniak observed that the probability of a client’s IP address changing simultaneously with a temporary auth_key_id is extremely low, turning the rotation into a network‑visible event chain rather than a privacy safeguard.

4. Who can track you

ISPs on the network path

Mobile carriers’ deep‑packet‑inspection systems

Enterprise or institutional network administrators

Public Wi‑Fi operators

Internet exchange points (IXPs) or transit providers

Malicious hotspot operators

State surveillance projects

Any passive eavesdropper with physical or wireless access to the transmission medium

No active attack, certificate forgery, or man‑in‑the‑middle manipulation is required—simple traffic capture and the lightweight de‑obfuscation steps described in the report are sufficient to extract the persistent identifier from any Telegram flow.

5. Secret chats do not defend this layer

Telegram’s "secret chat" feature provides end‑to‑end encryption of the application‑layer payload, but the auth_key_id resides in the MTProto external header beneath that layer. Thus, while the content of the conversation is encrypted, the identifier that reveals who is speaking remains visible to traffic analysts.

6. Telegram’s official response

Telegram claimed that auth_key_id is rotated regularly and does not leak user information. Empirical testing by Symbolic Software showed the opposite: across app restarts, network changes, and extended observation periods, no rotation was observed. Effective rotation would require (a) a frequency higher than an adversary’s analysis window and (b) network‑invisibility of the rotation—conditions the current deployment fails to meet.

7. Domestic impact

The Great Firewall (GFW) can passively extract auth_key_id from cross‑border Telegram traffic to build long‑term tracking databases, even when users employ VPN exits. Broadband and mobile operators can record the identifier over months, reconstructing users’ communication timelines and behavior patterns. Linking the extracted identifier with known identities enables persistent identification of journalists, activists, and other high‑risk users.

8. Root problem: privacy abandonment by design

The report concludes that the flaw is not a technical mistake but a deliberate omission of transport‑layer encryption, representing a fundamental abandonment of user privacy. Implementing proper TLS encryption would be technically trivial and have negligible performance impact, yet Telegram has not adopted it. Until such a fix is deployed, users have no effective client‑side mitigation; VPNs only change the IP address, and switching devices merely generates a new auth_key_id while the old one remains recorded. The only reliable protection is to migrate communications to a protocol that does not expose a persistent identifier.