Unveiling the True Identity on Telegram: A Closer Look at De-Anonymization Techniques

Telegram, often touted as a bastion of anonymity, may not be as private as it seems. In reality, there exist numerous methods and tools designed to de-anonymize users of this messenger platform. This article delves into these techniques, exploring traps set by bots, specialized services, and other methodologies.

Bot Traps

One effective method involves a touch of social engineering. Operating akin to phishing schemes, these bots prompt unsuspecting users to input their phone numbers (a built-in feature of Telegram) to continue using the bot’s services. Depending on the bot’s design, it may either ignore subsequent messages or perform useful functions. Crucially, the bot’s creator gains access to the user’s phone number.

Interestingly, one need not create such a bot from scratch; existing solutions like @protestchat_bot or @Checknumb_bot already fulfill this role. For results, simply enter the target account’s ID into @TgAnalyst_bot.

Moreover, these bots can cross-reference IDs within a database compiled by other users and project founders. While creating a bot from scratch is preferable, repositories on GitHub offer templates that facilitate straightforward bot creation. These repositories cover various thematic bot variants, from Instagram follower boosting to online dating and gaming donations.

Location Data Extraction

In 2019, Telegram introduced the “People Nearby” feature allowing users to share their locations to find contacts and chats nearby. Although precise location pinpointing was subsequently disabled, approximate locations within a 500-meter radius can still be shared.

This feature hasn’t escaped the notice of OSINT (Open-Source Intelligence) specialists who have developed tools exploiting this functionality. These tools operate by enabling the “People Nearby” function on a work account and specifying coordinates approximating the target’s location. Every 25 seconds, Telegram’s TDLib transmits the distance from these coordinates to nearby users, enabling trilateration to determine the closest user’s location.

Tools like Geogramint, Telegram-nearby-map, and Telegram-Trilateration exemplify such services, focusing on users who have activated the “nearby” feature.

Expanded Search Capabilities

Building upon previous capabilities, dedicated search engines now facilitate deeper dives into Telegram chats and channels. By inputting usernames, nicknames, or IDs, these engines can extract additional information stored across various sources. Notable platforms include Tgstat, primarily for Telegram channel admins but often used as a general search system; Telegramd, another comprehensive search engine; and Kribrum, a free tool underpinning media and social monitoring.

Additionally, enthusiast-built search engines utilizing Google’s capabilities — such as Telegago and custom Google Custom Search Engines — extend search functionalities to specific Telegram resources.

Archival Methods

Now let’s turn to another aspect of Telegram investigations: de-anonymizing the owners of Telegram channels. It’s not uncommon for channel authors to publish specific personal information in posts, descriptions, or titles that could aid in investigations. Later, they may delete this information due to channel reorientation or because it was inadvertently published.

Therefore, investigators need tools that preserve channel content and provide access to copies. In some cases, well-known online archives can be of assistance:

• Archive.org — the largest web archive globally. By the way, to conveniently download information from there, you can use the waybackpack utility.
• Archive.today — an alternative option.
• Archive.eu — formerly a European archive that recently relocated. When searching, specify the date to view archives.
• Webcitation — an archive providing access to pages saved by other users.

It’s also worth checking cached copies. Additionally, solutions specifically oriented towards Telegram exist. For instance, the Tgstat website allows viewing the history of channel names, descriptions, links, and feeds — a tremendously useful tool.

If nothing of interest is found on Tgstat, you can browse through the feed of posts on alternative services:

• Linkbaza
• Tgoop
• Telemetr

Sticker De-Anonymization

Telegram’s sticker usage also presents a unique avenue for identification. Each sticker pack contains an author ID, accessible through automated extraction tools like @SPOwnerBot. While these IDs may not always lead directly to the channel owner, they provide valuable clues, especially when the sticker pack is outsourced to third-party designers.

Exploring Hidden Channel Descriptions

And finally, here’s another interesting feature. This method is useful when you have a link to a private channel where you cannot join. In such cases, the only option available is to preview it in your browser.

However, Telegram often hides part of the channel description that may contain valuable information. So, in preview mode, you’ll see an incomplete description of the channel. Yet, the information is actually fully present but hidden in the code of the element. To reveal it:

• Right-click on the page.
• Locate the element tgme_page_description. Depending on your browser, it may be found in different places, so expand various sections of the code to uncover it. For instance, in Yandex Browser, it is located here:

body > div.tgme_page_wrap > div.tgme_body_wrap > div > div.tgme_page_description

In conclusion, while these methods unlock intriguing possibilities for user and channel de-anonymization on Telegram, a cautionary note prevails: gathering personal information without consent is illegal. Exercise discretion and ethical judgment when handling such data, ensuring it is used responsibly and not to harm individuals or violate privacy rights.