Black & White Path

May 23, 2026 · Information Security

Telegram’s MTProto Design Flaw Lets Trackers Bypass VPNs and Proxies

A technical review reveals that Telegram’s MTProto protocol exposes a permanent 64‑bit device identifier (auth_key_id) in clear text, enabling passive observers—including ISPs, mobile carriers, and state surveillance—to track users across app restarts, IP changes, VPNs, and even Tor, rendering secret chats and PFS ineffective.