TZUTC: -0500
MSGID: 1977.consprcy@1:2320/105 2dce39e7
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Security researchers warn Telegram links can doxx you  even with a VPN

Date:
Wed, 14 Jan 2026 14:57:51 +0000

Description:
A simple click on a disguised link could reveal your real IP address to
attackers. Researchers warn that this Telegram flaw overrides internal proxy
and VPN settings, putting privacy-focused users at risk.

FULL STORY

Security researchers have uncovered a new one-click vulnerability that forces
the Telegram mobile app to leak your real IP address. Even using the best VPN
apps might not be enough to stop it if your settings aren't watertight. 

The flaw, identified by security researcher 0x6rss , affects both Android and
iOS versions of the app. It revolves around how Telegram handles proxy
settings, a feature often used by people in restrictive regions to bypass
censorship. 

By disguising a malicious proxy link as a harmless username or website URL,
attackers can trick the app into "pinging" a server they control. This
connection happens automatically and, critically, occurs outside of the
encrypted tunnel users rely on to stay anonymous.

How Telegram's 'one-click' leak works

The vulnerability is triggered the moment a user clicks a specially crafted
t.me link. While these links can look like standard user profiles, they
actually point to a proxy configuration. When clicked, Telegram attempts to
verify the quality of the proxy connection by sending a test request (a
"ping") to the server. 

The researcher found that this specific request bypasses all configured
proxies and tunnels within the app. As a result, the connection is made via
the device's native network stack, directly from the user's device, instantly
logging their real IP address on the attackers server.

The proof-of-concept code is now publicly available on GitHub . 

What makes this particularly dangerous is the "one-click" nature of the
exploit. There is no second confirmation screen or warning before the ping is
sent. Once the link is tapped, the damage is done. 

For activists, journalists, and whistleblowers who rely on Telegram for
anonymity, this exposes their approximate physical location and ISP details 
to potential bad actors.

Can a VPN protect you? 

The researcher noted that the request "bypasses all configured proxies,"
ignoring active SOCKS5, MTProto, or VPN setups specifically configured within
the Telegram app settings. 

Because the app initiates this specific connection request directly through
the device's network interface, it can potentially leak data even when
protective tools are active. 

While a system-wide VPN with a strict kill switch should theoretically catch
this traffic, the specific behavior of this flaw creates a significant risk
that traffic could slip through the net, particularly if the user relies on
split-tunneling features.

Telegram's response 

Telegram has historically downplayed similar findings, often stating that 
"any website or proxy owner can see the IPs" of visitors, framing it as a
standard function of how the internet works. 

However, following scrutiny over this specific bypass, the company told
Bleeping Computer that it intends to address the user interface aspect of the
flaw. 

Telegram is expected to add a warning prompt to these specific links in a
future update, allowing users to spot disguised proxies and decline the
connection before the automatic ping is sent.

What you can do 

Until Telegram releases a patch to fix this automatic pinging behavior, users
are advised to be extremely cautious when clicking links from unknown 
sources, even if they appear to be internal Telegram usernames. Avoid 
clicking t.me links from strangers or in public channels. Check link previews
carefully before tapping. Ensure your system-wide VPN is active and 
configured to block all non-VPN traffic (Kill Switch enabled) rather than
relying solely on Telegrams internal proxy settings. 

Telegram has yet to issue a formal date for this fix, but as scrutiny mounts,
a security update is likely on the horizon. For now, the safest course of
action is to treat every link with suspicion. 

======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/security-researchers-warn-t
elegram-links-can-doxx-you-even-with-a-vpn

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426