Nine days later, Matsapulina was awoken around 7 am by someone banging at her apartment door. She crept up to the entrance but was too frightened to look through the peephole, and she retreated back to her bedroom. The pounding continued for two hours, as Matsapulina kept seven friends from her party apprised in a private Telegram group chat. “They’re unlikely to bust it down,” she wrote, wishfully. But at 9:22 am, she heard a much louder noise. She had just enough time to lock her phone before the door caved in. Eight people surrounded Matsapulina’s bed. They included, she recalls, two city police officers, a two-person SWAT team wielding guns and shining flashlights in her face, and two agents from either the Center for Combating Extremism or the Federal Security Service or the FSB—the successor to the KGB. The officers told her to lie on the floor facedown. They told Matsapulina she was suspected of emailing a police station with a false bomb threat. But when she was taken into the Ministry of Internal Affairs’ investigation department, she says, a police officer asked whether she knew the real reason she’d been arrested. She guessed that it was for her “political activities.” He nodded and asked, “Do you know how we knew you were home?” “How?” She says the officer told her that investigators had been following along with her private Telegram chats as she wrote them. “There you were, sitting there, writing to your friends in the chat room,” she recalls him saying. He proceeded to dispassionately quote word for word several Telegram messages she had written from her bed. “‘They’re unlikely to bust it down,’” he recited. “And so,” he said, “we knew that you were there.” Matsapulina was speechless. She tried to hide her shock, hoping to learn more about how they’d accessed her messages. But the officer didn’t elaborate. When she was released two days later, Matsapulina learned from her lawyer that on the morning she was arrested, police had searched the houses of some 80 other people with opposition ties and had arrested 20, charging each with terrorism related to the alleged bomb threat. A few days later, Matsapulina gathered her belongings and boarded a flight to Istanbul. In April, after having made it safely to Armenia, Matsapulina recounted the episode in a Twitter thread. She ruled out the chance that anyone in her close-knit group had been cooperating with security forces (they’d all also left Russia by then), which left two conceivable explanations for how the officers had read her private Telegram messages. One was that they had installed some kind of malware, like the NSO Group’s infamous Pegasus tool, on her phone. Based on what she’d gathered, the expensive software was reserved for high-level targets and was not likely to have been turned on a mid-level figure in an unregistered party with about 1,000 members nationwide. The other “unpleasant” explanation, she wrote, “is, I think, obvious to everyone.” Russians needed to consider the possibility that Telegram, the supposedly antiauthoritarian app cofounded by the mercurial Saint Petersburg native Pavel Durov, was now complying with the Kremlin’s legal requests. In the decade since its founding in Russia, Telegram has grown to become one of the biggest social networks in the world, with 700 million users—yet only about 60 core employees. “For us, Telegram is an idea,” Durov has said. “It is the idea that everyone on this planet has a right to be free.” The platform, now based in Dubai, has minimal content moderation aside from a stated commitment to taking down illegal pornography, IP rights violations, scams, and calls for violence. Often described in the press as an “encrypted” or “secure” messaging app, Telegram has fashioned itself as a refuge for safe, anonymous communication, but in fact it requires users to go out of their way to set a chat as “secret”; unlike on WhatsApp or Signal, end-to-end encryption is not the default. Still, Durov has repeatedly managed to benefit from the stumbles of other tech giants, particularly when user privacy is at stake. In January 2021, a PR crisis surrounding WhatsApp’s data-sharing with Facebook helped drive millions of people to Telegram, an exodus Durov called possibly the “largest digital migration in human history.” In the US, Telegram has been relatively slow to catch on, though in the wake of Donald Trump’s ban from Facebook and Twitter in January 2021, it has increasingly become a hotbed for far-right groups like the Proud Boys and followers of QAnon. But in many parts of the world, Telegram is mainstream. In Brazil, where the app has been downloaded on more than half of the country’s smartphones, much of the January 2023 insurrection was planned on the platform. Telegram has also been crucial for pro-­democracy activists in Hong Kong and in countries under Russia’s thumb, like Belarus and Ukraine. In the latter, it has become the preferred app for disseminating government advice for avoiding air strikes—as well as for Russian disinformation. But it is in Russia itself that Telegram has become nearly indispensable over the past year, thanks to the Putin regime’s wartime clampdown against Western tech. Since the conflict began, Russian authorities have branded Telegram’s main rival, Meta, an “extremist” organization, in part for permitting certain users in Ukraine to post calls for violence against the Russian military. Russia then blocked Meta’s Facebook (which had some 70 million users in the country) and Instagram (80 million). Telegram’s Russian user base has soared from 30 million in 2020 to nearly 50 million today, surpassing WhatsApp as Russia’s most used messaging platform. (The Kremlin controls all of the most popular internet companies based in Russia, including ­VKontakte, a ­Facebook-like social network cofounded by Durov in 2006 that has nearly 70 million users.) But in many ways, Russian authorities may not even need Telegram’s cooperation to monitor users at scale. That’s because Telegram has effectively built that capability into its generous application programming interface. An API is a software portal through which app developers and researchers can essentially jack into a platform and pull data out of it for their own projects. In Telegram’s case, that data includes the text contents and metadata from any public group chat or channel, and even a record of when users were last online. Like most APIs, Telegram’s requires a key for access; but those are available to any user who requests one. For years, Durov touted the platform’s open API as an emblem of Telegram’s commitment to transparency, allowing anyone to inspect Telegram’s source code or create automated bots that can, among other functions, broadcast news briefs, process payments, or pass commands to any internet-connected device. But it also makes Telegram a potentially powerful tool for mass surveillance. Campo, who’s now a fellow at Citizen Lab, a research facility that specializes in spyware, says the app’s API enables any user to automatically save and catalog a vast number of public channels and group chats, a function that isn’t possible on platforms like WhatsApp and Instagram. This would explain, he says, how authorities might have scraped even small channels by indexing at scale. “Telegram could create security measures to make this more difficult, especially if it suspects the Kremlin is doing this and wants to counteract it—for example, more barriers to bots; barriers that identify whether users joining groups or channels are human or not.” (Campo was quoted extensively in a 2022 WIRED story about Telegram’s global rise. The company claimed, after that story’s publication, that Campo had never been employed by Telegram and was only briefly a volunteer. Campo provided WIRED with documentation from 2016 to 2021 that included copies of email correspondence he carried on, using a Telegram address, with executives at Apple, Spotify, and Stripe on behalf of Telegram, and copies of contracts between Telegram and other companies with Campo’s signature. Durov was also included in the correspondence.) Indeed, some private companies have archived significant swaths of Telegram. TGStat, for instance, is a Russian firm that provides metrics about Telegram channel and user growth in different countries. In its privacy policy, TGStat states clearly that it is obliged by law to hand over data to the “state authorities of the Russian Federation.” Because the company has been archiving publicly available data for years, Wildon says, security forces could hypothetically go directly to TGStat to obtain a striking amount of information about a user without any direct assistance from Telegram. Data such as a user’s telephone number and the groups they are members of could be reverse engineered by aggregating the member lists of many groups or chat histories. “If you can identify a single user and have enough chats on record,” says Wildon, “it’s also possible to generate a file containing every message a user has sent into any group.” In an email to WIRED, TGStat founder Yury Kizhikin wrote, “The situation in Russia and the world has no influence on the activities of TGStat.” He confirmed that data can be transferred to Russian authorities but said that “all companies operating in Russia have a similar clause in their policies” and that TGStat had not received any requests from authorities or law enforcement agencies. Stanislav Seleznev, a lawyer for Agora, a human rights group that has represented thousands of people who’ve come under Kremlin scrutiny since 2005, says he has “absolutely no doubt” the Kremlin is exploiting Telegram’s API at scale. Russia has spent lavishly to track its citizens on Telegram and other platforms. In September 2021, Reuters reported that the Kremlin was projected to spend $425 million on tools to bolster its internet infrastructure, including those that automatically search for illegal content on social media platforms. Seleznev says the Kremlin is also working with Russian tech firms like SeusLab, which processes a billion social networking pages and instant messaging chats a day, to produce detailed profiles of users based on their “political activity.” SeusLab director Evgeny Rabchevsky told Reuters that “authorities use the product to assess social tensions, identify problematic issues of interest [and] adjust their activities.” According to a report in Reuters, one member of that open source intel community is a pro-Putin NGO called the Center for the Study and Network Monitoring of the Youth Environment, which has developed an AI tool to scan social media for what it describes as socially dangerous content. The system, founder Denis Zavarzin has said, is “constantly monitoring” about 1.5 million accounts. But those tools, however powerful, can peer only into Telegram’s public chats and channels. To access private chats like Marina Matsapulina’s exchange with her friends the day the SWAT team banged down her door—let alone end-to-end encrypted “secret chats”—Telegram’s API is not enough. To reach into those chats, the Kremlin seems to have found other methods and, perhaps, other accomplices. On March 4, 2022, the day before the police detained Matsapulina for “terrorism,” Vladimir Putin signed into law a bill that introduced prodigious jail terms and fines for anyone who published “knowingly false information” about the Russian military. In effect, anyone criticizing the war in Ukraine on social media could face up to 15 years in prison. The law quickly became the basis for a mounting series of arrests and prosecutions. When Telegram emerged as one of the last remaining oases of information and discussion for Russians, it also became a kind of funnel for Kremlin agents. Agora’s Seleznev believes that Telegram’s API allows investigators to monitor public groups at a large scale and then zero in on potential suspects, who can subsequently be pursued into private channels by undercover agents—or perhaps via a court order to Telegram. In early April, a music producer and bus driver in Russia named Richard Rose posted a video on Instagram that accused Russian troops of murdering hundreds of Ukrainian civilians in Bucha—an event that has been internationally condemned as a massacre. According to the independent Russian outlet Meduza, the video quickly gained the attention of an FSB officer in Rose’s home city of Kirov. In the days that followed, Rose also sent messages on Telegram asking about ways to help Ukrainian soldiers. Rose suspects that at times he was communicating with FSB officers. In a written message to WIRED through his lawyer, Rose says his suspicions escalated when these interlocutors began to persuade him to take certain actions. “I regarded this as an inducement to commit a terrorist act,” Rose says. Agora believes that police infiltration of Telegram is widespread. In neighboring Belarus, security services work from a manual that describes “tools and methods” for “deanonymizing” users on Telegram, including tips for infiltrating groups. Ermoshina suspects that much the same is happening in Russia, judging from the uptick in criminal cases that cite a suspect’s Telegram activity—a development she blames partly on the platform. “Telegram could have become a place where Russian authorities are not welcome,” she says. A Telegram spokesperson writes, “Like ordinary users, representatives of police organizations around the world are likely to use every available internet service for communication. Telegram is not aware of any cases where we could have influenced their choices.” As Meduza reported, it’s unclear whether investigators accessed Rose’s messages before or after they arrested him. A Telegram spokesperson told WIRED that the company has never shared user information or messages with the FSB or the Kremlin. It’s possible that Rose’s Latvian interlocutor was an undercover agent or that investigators physically accessed Rose’s messages when he was forced to give up his phone during interrogation. (According to recent reporting from the Israeli newspaper Haaretz, Russian authorities possess software that allows them to get around passcodes on locked phones.) Even more mystery surrounds some ghostly activity that dissidents have encountered in Telegram’s most secure settings. The platform claims its end-to-end encrypted “secret chats” feature (from which messages cannot be forwarded) is “safe for as long as your device is safe in your pocket.” But in early May, the opposition activist Ania Kurbatova realized that both her regular messages and secret chats were showing up as “read” when she knew the recipient had not read them. She also noticed at times that when she logged out of a secret chat, the session would still be marked “open” and messages could still be read. This should have been impossible: Each chat receives a unique encryption key that disappears once a session is over. To continue the conversation, users need to start a new chat and receive a new encryption key. The private conversations, Kurbatova says, included one with “a Ukrainian journalist who was looking for information about people who were taken to Russia from the filtration camps from the Donetsk and Luhansk region.” There was also “an important chat” with Kurbatova’s partner, Ivan Astashin, an activist who in 2009 was sentenced to 10 years in prison for throwing a Molotov cocktail at an FSB office. Kurbatova says Astashin noticed the same oddities in his own secret chats. Kurbatova and Astashin sought help from Ermoshina, who asked them to check the app’s “active sessions” feature, which shows the other devices they have the app open in. Nothing turned up. Then she had them reinstall the app. Even after these precautions, secret chats continued to show as read, and old sessions could still be reopened. Ermoshina was at a loss for a technical explanation but noted that, as a well-known activist couple, Kurbatova and Astashin are a valuable target for the Kremlin. And their case isn’t isolated. In August, Yana Teplit­skaya, a human rights activist who has investigated the alleged torture of Russian prisoners, noticed that many of her secret chats were erroneously marked as read. What happened to Marina Matsapulina in her apartment eerily mirrors something that once happened to Pavel Durov—an event that serves as the founding myth of Telegram. In December 2011, in the wake of a highly controversial round of parliamentary elections, Durov, then the 27-year-old CEO of VKontakte, received a request from the FSB to take down the pages of opposition groups. Durov refused, then theatrically taunted the government on Twitter. As he later told The New York Times, a SWAT team soon arrived at his apartment. As they pounded on his door, Durov called his older brother but quickly realized he had no secure means of communication. In that moment, Durov claimed, he saw the need for a platform that could skirt authoritarian surveillance. “That’s how Telegram started.” For more than a decade, “Russia’s Mark Zuckerberg” has taken pains to maintain a larger-than-life persona as a brash, black-clad, libertarian crusader against authoritarian surveillance, whose primary foil has been the Russian state. But as Matsapulina suggested in her Twitter thread last April, Telegram’s relationship with the Russian state seems to have changed markedly over the past few years. As she reminded her followers, relations between the platform and authorities were at a low point in 2018. That April, Durov refused an order from the FSB to hand over the encryption keys of Russian users. In response, the Kremlin banned Telegram from Russia, and telecom regulator Roskomnadzor set about blocking access to Telegram from the Russian internet. Back in 2018, while playing cat and mouse with Roskomnadzor, Telegram was also working to develop something it had always lacked: a means of making money. As the platform had never hosted ads or offered subscriptions, the company set out to build an entire economy on top of Telegram, creating the Telegram Open Network, or TON, a blockchain platform with its own cryptocurrency, called grams, that would be integrated into the main app. Like many blockchain startups, it would raise money through an initial coin offering, allowing investors to buy grams. Ambitions were high: Two weeks before Roskomnadzor blocked the app, Telegram announced that the ICO had raised $1.7 billion, the largest in history at the time. (Much of the investment, as independent Russian media reported, came from oligarchs, including a rumored $300 million from key Putin ally Roman Abramovich.) But in 2019, disaster struck. Just as TON was set to launch, the US Securities and Exchange Commission charged Telegram with illegally failing to register the crypto­currency and claimed the company had appropriated funds designated for TON to pay its bills. Durov fought the SEC’s emergency action for a year but bitterly announced the end of TON in May 2020. Forced to pay back investors and saddled with Telegram’s soaring server costs, Durov needed a massive influx of cash. At that moment, Telegram’s relationship with Russia began to thaw. A few weeks after the TON project ended, two pro-Kremlin party deputies in Russia’s parliament proposed that the ban on Telegram be lifted, arguing that it could be an important communications tool for the government in times of crisis. Durov posted his support of their proposal on Telegram, arguing that the company’s presence in Russia could help bolster the country’s technological innovation and “national security.” He also claimed that since 2018 his team had improved “methods for detecting and removing extremist propaganda,” as well as “mechanisms that allow preventing terrorist attacks around the world” while still protecting user privacy. He didn’t elaborate on how this was possible. On June 18, Roskomnadzor lifted the ban. To Western users and media at the time, the détente seemed to show that Durov’s antiauthoritarian cunning had prevailed. Telegram, one expert told The Washington Post, “seems to have won a staring contest with Putin and the security state.” But who actually blinked? What terms had Telegram and Roskomnadzor agreed to? Both sides offered sparse explanations. According to a government source familiar with the deal, the Russian state-owned bank VTB, which has close ties with the Kremlin, was also involved in the negotiations. In January 2021, reporting came out that Telegram had hired VTB to estimate the company’s value: as high as $124 billion by 2022. Telegram also said it would start selling five-year bonds. VTB would help shop them around to investors. By March 2021, Telegram had raised more than $1 billion from these backers. Although little is known about their identities—Durov wrote on his Telegram channel only that they were “some of the largest and most knowledgeable investors all over the world”—The Moscow Times reported that the investments included $75 million from a joint partnership between an Abu Dhabi state fund and a Kremlin sovereign wealth fund. When WIRED asked about the terms of the agreement, a Telegram spokesperson wrote: “We never discussed anything related to unbanning Telegram with anyone working at VTB.” He added, “We can confirm that no deals were made to inspire the unblocking of Telegram. That decision was made solely by the authorities in Russia.” (VTB did not respond to requests for comment.) Three weeks after the deal to unblock Telegram, the company’s vice president, Ilya Perekopsky, appeared at a conference outside Kazan to talk about growing Russia’s IT industry and joined prime minister Mikhail Mishustin in a pledge to fight the dominance of American tech. Introducing a speech by Perekopsky in which he noted Telegram’s “Russian roots,” deputy prime minister Dmitry Chernyshenko also stated that it was “great news” that Telegram was operating in Russia once more. Human rights groups, opposition activists, and independent Russia media found this sudden harmony between once bitter foes as fascinating as it was concerning. Several noted the fortuitous timing. Since Russia’s invasion of Ukraine, Telegram and the Kremlin have appeared even more in sync. Allowed to remain standing in a decimated internet sector, Telegram has become useful not only to security services but also to the state’s propaganda machine. Blanket censorship of Russian media has made Telegram a vital source of information for Russians, with Meduza and other outlets sharing reports via public channels on the platform. But pro-Kremlin disinformation far outpaces journalism. “Telegram now is the central backbone for Russian disinformation machinery,” says Jānis Sārts, director of the NATO Strategic Communications Centre of Excellence. “It’s also the way they overcome all the roadblocks built by Western platforms.” Two weeks before Facebook was banned, a post on the Russian government’s Telegram channel summarized a meeting between deputy prime minister Dmitry Chernyshenko and IT industry leaders in which Chernyshenko stated that “government agencies are recommended to create accounts on Telegram and VKontakte.” Telegram is now the platform of choice for Kremlin officials. In addition to Roskomnadzor’s press office, WIRED contacted three current and former employees from the regulator about the deal, as well as one current and one former government minister thought to be familiar with it. None agreed to speak. WIRED messaged, via Telegram, the deputy head of Roskomnadzor, Vadim Subbotin, about the 2020 deal; he said to direct questions to the regulator’s press office, and then deleted the chat history. Vadim Ampelonsky, a former spokesperson for the regulator, responded, “I am a vatnik”—literally a quilted jacket, slang denoting a devout follower of government propaganda. He added that “in the current situation, participating in research for an American publication is zapadlo”—vulgar slang that means beneath one’s dignity. He signed off: “Take care of yourself!” At the end of Matsapulina’s April 2022 Twitter thread, she said that she and her colleagues had moved from Telegram to Signal. “I don’t want to spread panic, I don’t want to pretend I’m some kind of expert on this issue, but I want to urge everyone to be careful what they say on Telegram. It is possible that this is no longer the safe space everyone used to think it was.” According to Ksenia Ermoshina, much of the Russian opposition movement has likewise abandoned Telegram. To widespread dismay, she says, pro-war channels started posting activists’ personal information with impunity—“compiling databases of Russian anti-war activists with their faces and links to their [social media], and sometimes even home addresses and other personal data.” When users reported these incidents, she says, Telegram’s response was slow or nonexistent. Many chats and groups where users organized opposition movements have been shut down. “No one has organized anything on Telegram since February,” Ermoshina says, describing a “digital migration” of Russia’s opposition movement from Telegram. “People moved out of Russia in exile,” she says, “and they moved out of Telegram in exile!” Natalia Krapiva, a lawyer at the digital rights group Access Now, notes that Telegram has never responded to requests for clarity, including an open letter sent by her organization and a coalition of groups asking for dialog on “safety and security issues plaguing” the app. Regarding concerns that the platform is facilitating state surveillance, she says, “Telegram hasn’t done much to demonstrate that, in fact, they’re not cooperating” with the authorities. Meanwhile, cases of Telegram cooperating with governments outside Russia have emerged. In January 2022, after Telegram ignored multiple requests from German authorities to stanch a wave of violent anti-Covid-­lockdown protests that had been coordinated on the platform, the German government debated banning it. By June, Der Spiegel reported, Telegram had provided German federal police with personal data of users suspected of terrorism and child abuse. And in India, where there are more than 100 million Telegram users, the company in November provided the Delhi High Court with the names, phone numbers, and IP addresses of users accused of illegally sharing a teachers’ copyrighted course materials on the platform. “The Russian market is very important to Durov,” Lobushkin said, noting that it represents about 7 percent of Telegram’s 700 million users, not to mention its symbolic importance. Sure, Durov has said he will never cooperate with Russian authorities and would leave the market if push came to shove, Lobushkin says, but that might be “a bluff” since Russia holds such a significant percentage of the platform’s users. Lobushkin says he has no special information about why Telegram was unblocked in 2020. But he believes the Kremlin saw potential in the platform. “The Russian propaganda machine learned how to use Telegram effectively and efficiently,” Lobushkin says. Pavel Cherkashin, a Russian-born venture capitalist based in San Francisco who invested in the TON project before its collapse, argues that Durov is comfortable operating in a gray zone—willing to turn a blind eye to the Kremlin because the relationship is good for growth. “Putin becomes a great ally for developing his business, and he accepts this as a serendipity,” Cherkashin says. He adds that because Putin controls which platforms can operate in Russia, “he’s forcing all of the business—all of that is now on Telegram.” It’s true that a huge number of Russians continue to depend on Telegram, and its growth in the country and globally has been spurred by the war in Ukraine rather than deterred—even The New York Times opened a Telegram channel to disseminate news about the war. “People still trust Telegram for some reason,” says Andrei Soldatov, an independent journalist who has investigated Russian security services for more than 20 years. “But I don’t know why.” In late April 2022, three days after posting her thread, Matsapulina received an anonymous message through Telegram’s official support account. She later took to Twitter to recount the exchange. “We read your story on Twitter,” it began. “We’d like to express our sympathy with your case and share the results of an investigation our team did.” The message said that only two authenticated devices had access to her Telegram messages: her phone and her computer. It also noted a failed login attempt “after your detention.” Someone, whom Matsapulina presumed to be a police officer, had correctly entered an SMS verification code but incorrectly entered her password. “From Telegram’s side, access to your private messages has not been granted.” The message concluded that, most likely, someone had taken physical possession of her device—which seemed highly improbable to her, given the short time between her arrest and when her messages were recited back to her—or her friends in the group chat had been compromised. After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone. Matsapulina has since started using Telegram again. For one, she says, even if Russian security services were tracking her account, she has already left the country. It’s also her only way of reaching friends and family: For Matsapulina and millions of Russians alike, the cipher of a platform remains indispensable. Additional reporting by Vadim Smyslov. Let us know what you think about this article. Submit a letter to the editor at mail@wired.com.

The Kremlin Has Entered Your Telegram Chat - 84The Kremlin Has Entered Your Telegram Chat - 34The Kremlin Has Entered Your Telegram Chat - 50The Kremlin Has Entered Your Telegram Chat - 5The Kremlin Has Entered Your Telegram Chat - 50The Kremlin Has Entered Your Telegram Chat - 2The Kremlin Has Entered Your Telegram Chat - 40