De-anonymizing Telegram: Finding User and Channel Information from Open Sources

Date: 13/07/2025

Telegram may seem anonymous, but in reality, there are numerous methods and tools for de-anonymizing messenger users, and that’s what we’ll explore in this article. We’ll look into trap bots, the use of specialized services, and various other techniques.

Trap Bots

To use this method of deanonymization, a bit of social engineering is required. The technique operates similarly to phishing: the target accesses a bot, and to continue using it, they are prompted to send their phone number (a built-in feature of the messaging app). After that, depending on the creativity of the bot’s creator, the bot may either ignore messages or perform some useful functions, but the key point is that the bot’s owner obtains the user’s phone number.

The most interesting part is that there’s no need for you to build a bot from scratch, as there are already ready-made solutions available. For instance, you can use @protestchat_bot or @Checknumb_bot.

You can obtain the result by entering the target account ID in the @TgAnalyst_bot.

Here, you can also check an ID against a database compiled using the same method by other users and the project founders.

However, it’s certainly better to write a bot yourself, and there are resources for that—repositories on GitHub. You can use them without needing to edit, which allows you to immediately create several fully functional bots “out of the box.” You can also choose from several themed bot options: boosting Instagram followers, online dating, game donations, and phone number information lookup.

warning

Collecting information about individuals’ private lives without their consent is illegal, keep this in mind. This article discusses using open source intelligence (OSINT) to find data that people have publicly shared themselves. Regardless, it’s crucial to comply with legal requirements and respect individuals’ rights to privacy. The information in this article is provided solely for informational purposes. The authors and the editorial team do not bear responsibility for any potential damage caused by the use of materials from this publication.

But remember that the main goal is to get the user to share their phone number, so there needs to be a motivation for them to do so. We tailor the motivation to each specific objective, which means the bot’s theme will likely vary. One person might share their phone number to get an appraisal of their used car, another could do it to find an interesting movie, and someone else might be interested in downloading a video from YouTube. Therefore, different bots need to be created for each case, though the core code can be reused from the referenced repositories.

Acquiring Location Data

In 2019, Telegram introduced a new feature called “People Nearby.” This feature allows users to share their location to find contacts and chats nearby. Although the ability to share exact locations was later removed, users can still share their location within a 500-meter radius.

Of course, OSINT specialists didn’t miss this intriguing opportunity and developed several tools to exploit the feature. Here’s how they work.

On a work account, the “People Nearby” feature is activated, and the coordinates where the target is likely located are set. Every 25 seconds, Telegram will send the TDLib data to all users near the specified point. This data includes the distance of each nearby user from your location. By using distances from three different points, you can triangulate and determine the location of the nearest user.

Only Telegram users who have the “People Nearby” feature enabled will be found. By default, this feature is turned off. And of course, to start, you need to have at least a general idea of the location of the person you’re interested in. You can perform searches in multiple areas if the initial area is too large.

I found three such services, and they all operate on the same principle:

Even More Search Engines

In a previous article, I discussed search engines capable of scouring chats and channels on Telegram. By entering a username, nickname, or user ID, you might find mentions of these identifiers that could provide additional information. Since these services draw from different databases, it’s worthwhile to search each one. That’s why I decided to expand this list.

  • Tgstat: Originally designed for administrators of Telegram channels, but often used as a search engine.
  • Telegramd: A search engine for the Telegram messenger.
  • Kribrum: A free tool from a major service for monitoring media and press.

There are also search engines developed by enthusiasts using Google’s capabilities. These engines search specific Telegram resources that contain messages and posts:

Archives

Now let’s move on to another aspect of investigations on Telegram—identifying the owners of Telegram channels. It’s quite common for a channel author to share certain personal information in posts, descriptions, or titles. Essentially, any details that might aid in an investigation. Later, they might delete this information due to, say, a shift in the channel’s focus or it could have been posted accidentally.

Therefore, a researcher should have tools that can save channel content and provide access to copies. In some cases, well-known online archives can assist with this:

  1. Archive.org – The largest web archive in the world. By the way, to conveniently download data from there, you can use the utility waybackpack.
  2. Archive.today – An alternative option.
  3. Archive.eu – A former European archive that recently relocated. Specify the date when searching to view archives.
  4. Webcitation – An archive that provides access to pages saved by other users.

You should also check out cached copies. Additionally, there are tools specifically designed for Telegram analytics. For instance, the website Tgstat lets you view the history of channel names, descriptions, links, and feeds. It’s an incredibly useful tool.

If you can’t find anything intriguing on Tgstat, you might want to browse through the feed of posts on alternative platforms:

De-anonymizing via Stickers

If you use stickers on Telegram, be aware that each sticker contains the author’s ID. You may have noticed that many channels create their own branded sticker packs. By having access to a sticker pack, we can determine the creator’s ID from the code of an element. The process of extraction is automated through the bot @SPOwnerBot; simply forward a sticker to it.

The obtained ID may not necessarily belong to the channel owner or someone they know; it’s possible that the sticker pack was commissioned from an external designer. This is important to keep in mind.

Exploring Hidden Content in Channel Descriptions

Finally, here’s another interesting feature. This method is useful when you have a link to a private channel that you can’t join. The only thing available to you in that situation is a preview in the browser.

However, Telegram often hides part of a channel’s description, which might contain useful information. In preview mode, you only see an incomplete version of the channel description. In reality, the full details are present but concealed within the element’s code. To view it:

  • Right-click your mouse.
  • Locate the tgme_page_description element. Its location varies depending on the browser, so you might need to expand different sections of the code to find it. For instance, in Yandex Browser, you’ll find it here:
body > div.tgme_page_wrap > div.tgme_body_wrap > div > div.tgme_page_description

This element contains a complete description of the channel, unlike the user-defined version.

Conclusions

The methods mentioned offer intriguing possibilities for de-anonymizing users and channels. However, it’s essential to remember: collecting information on individuals is illegal. Be cautious when handling personal data and do not use the information to cause harm.

Related posts:
2023.06.08 — Croc-in-the-middle. Using crocodile clips do dump traffic from twisted pair cable

Some people say that eavesdropping is bad. But for many security specialists, traffic sniffing is a profession, not a hobby. For some reason, it's believed…

Full article →
2022.04.04 — Fastest shot. Optimizing Blind SQL injection

Being employed with BI.ZONE, I have to exploit Blind SQL injection vulnerabilities on a regular basis. In fact, I encounter Blind-based cases even more frequently…

Full article →
2022.01.13 — Step by Step. Automating multistep attacks in Burp Suite

When you attack a web app, you sometimes have to perform a certain sequence of actions multiple times (e.g. brute-force a password or the second authentication factor, repeatedly…

Full article →
2023.04.19 — Kung fu enumeration. Data collection in attacked systems

In penetration testing, there's a world of difference between reconnaissance (recon) and data collection (enum). Recon involves passive actions; while enum, active ones. During recon,…

Full article →
2022.01.12 — Post-quantum VPN. Understanding quantum computers and installing OpenVPN to protect them against future threats

Quantum computers have been widely discussed since the 1980s. Even though very few people have dealt with them by now, such devices steadily…

Full article →
2023.02.21 — Herpaderping and Ghosting. Two new ways to hide processes from antiviruses

The primary objective of virus writers (as well as pentesters and Red Team members) is to hide their payloads from antiviruses and avoid their detection. Various…

Full article →
2023.07.07 — Evil Ethernet. BadUSB-ETH attack in detail

If you have a chance to plug a specially crafted device to a USB port of the target computer, you can completely intercept its traffic, collect cookies…

Full article →
2023.07.07 — VERY bad flash drive. BadUSB attack in detail

BadUSB attacks are efficient and deadly. This article explains how to deliver such an attack, describes in detail the preparation of a malicious flash drive required for it,…

Full article →
2023.07.29 — Invisible device. Penetrating into a local network with an 'undetectable' hacker gadget

Unauthorized access to someone else's device can be gained not only through a USB port, but also via an Ethernet connection - after all, Ethernet sockets…

Full article →
2022.06.01 — Cybercrime story. Analyzing Plaso timelines with Timesketch

When you investigate an incident, it's critical to establish the exact time of the attack and method used to compromise the system. This enables you to track the entire chain of operations…

Full article →