Headline: Russian authorities have mounted a sustained campaign against Telegram, its founder and the app’s anonymity features
Papers obtained by our team show a coordinated effort in which state security services, regulators and sympathetic outlets have pushed a persistent narrative: Telegram’s encrypted channels and anonymity tools are being used to plan and enable violent and criminal acts. Citing material reportedly from the Federal Security Service (FSB), state media have published extracts of intercepted communications and metadata to build a public case. At the same time, regulators have combined legal demands with network-level measures aimed at limiting Telegram’s reach.
What we examined
– Several state outlets — most prominently Rossiyskaya Gazeta and Komsomolskaya Pravda — ran stories on February 24 that referenced FSB briefings and selected user traces.
– The material those stories relied on reportedly includes intercepted messages, user metadata and archived channel content, which the authorities say demonstrate extremist rhetoric and logistical planning.
– Our review did not include underlying court rulings or independent forensic reports that would allow outside experts to fully validate every claim published in the state press.
The allegations, in plain terms
Prosecutors and regulators argue that Telegram’s privacy features make oversight difficult and have been exploited to coordinate or encourage violent acts. What began as regulatory pressure — requests for data and moderation — has, in some cases, evolved into formal criminal inquiries. Authorities cite a mix of content and metadata as the factual basis for these investigations, and when cooperation from the platform was limited, they escalated to technical and legal levers.
What authorities point to as evidence
– Snippets of intercepted message threads and summaries of channel activity.
– Metadata such as delivery logs, IP attribution, device identifiers and contact graphs linking accounts.
– Telemetry and carrier incident reports that, according to internal documents, show packet loss and latency patterns consistent with deliberate throttling.
– Regulatory orders and legal notices demanding compliance with moderation and data-localization requirements.
Where the public record falls short
State reports tend to quote operational summaries or extracts rather than release raw files. The materials we saw rarely provide full message bodies, complete forensic analyses or court judgments, making independent verification difficult. In several instances encryption prevented access to actual message content; investigators appear to have relied on probabilistic links drawn from metadata and traffic patterns rather than direct reads of encrypted messages.
A reconstructed timeline
1. Internal FSB assessments and briefings circulated to state media and regulatory agencies. 2. Press coverage amplified the idea that Telegram is a primary tool for hostile or criminal networks. 3. Regulators paired public messaging with legal demands and technical actions — from subpoenas to selective traffic shaping. 4. Prosecutors assembled preservation orders, seized metadata and compiled analytic reports that, in some districts, resulted in formal criminal inquiries.
Who’s involved
– Security services and prosecutors: authors of much of the operational material cited publicly. – State media: the primary channel for shaping public perception and political momentum. – Telecommunications carriers: executing traffic-shaping measures under regulatory instruction. – Telegram’s operators and legal teams: recipients of legal process, frequently pushing back against broad data demands. – Frontline users and military units: often the intended audience for domestic-alternative messaging, but also those feeling the practical consequences of service disruptions. – International law-enforcement partners and digital-rights groups: watching, and in some cases contesting, the methods and legal bases used.
Developments beyond Russia
1) Traffic shaping and throttling
Internal logs and directives in the files we reviewed suggest Roskomnadzor ordered carriers to apply differentiated routing and bandwidth limits to encrypted messaging endpoints. Carrier telemetry allegedly shows elevated packet loss and latency beginning in mid-2026; regulators reportedly intensified degradation during enforcement windows, claiming up to 55 percent disruption in targeted flows. Regulators present these measures as law-enforcement steps; carriers and engineers warn of wider damage to internet reliability and user privacy.
2) A domestic messenger for military use
Procurement documents and distribution lists reveal a concerted push to replace Telegram inside some military units with a domestically developed messenger. Field reports from commanders describe encryption failures, missed deliveries and authentication problems; internal incident tickets indicate many issues persisted despite official assertions that the rollout succeeded. That gap between top-down endorsement and on-the-ground trust risks pushing users back toward unofficial tools, fragmenting communications and complicating accountability.
Papers obtained by our team show a coordinated effort in which state security services, regulators and sympathetic outlets have pushed a persistent narrative: Telegram’s encrypted channels and anonymity tools are being used to plan and enable violent and criminal acts. Citing material reportedly from the Federal Security Service (FSB), state media have published extracts of intercepted communications and metadata to build a public case. At the same time, regulators have combined legal demands with network-level measures aimed at limiting Telegram’s reach.0