TZUTC: -0500   
   MSGID: 1977.consprcy@1:2320/105 2dce39e7   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Security researchers warn Telegram links can doxx you  even with a VPN   
      
   Date:   
   Wed, 14 Jan 2026 14:57:51 +0000   
      
   Description:   
   A simple click on a disguised link could reveal your real IP address to   
   attackers. Researchers warn that this Telegram flaw overrides internal proxy   
   and VPN settings, putting privacy-focused users at risk.   
      
   FULL STORY   
      
   Security researchers have uncovered a new one-click vulnerability that forces   
   the Telegram mobile app to leak your real IP address. Even using the best VPN   
   apps might not be enough to stop it if your settings aren't watertight.    
      
   The flaw, identified by security researcher 0x6rss , affects both Android and   
   iOS versions of the app. It revolves around how Telegram handles proxy   
   settings, a feature often used by people in restrictive regions to bypass   
   censorship.    
      
   By disguising a malicious proxy link as a harmless username or website URL,   
   attackers can trick the app into "pinging" a server they control. This   
   connection happens automatically and, critically, occurs outside of the   
   encrypted tunnel users rely on to stay anonymous.   
      
   How Telegram's 'one-click' leak works   
      
   The vulnerability is triggered the moment a user clicks a specially crafted   
   t.me link. While these links can look like standard user profiles, they   
   actually point to a proxy configuration. When clicked, Telegram attempts to   
   verify the quality of the proxy connection by sending a test request (a   
   "ping") to the server.    
      
   The researcher found that this specific request bypasses all configured   
   proxies and tunnels within the app. As a result, the connection is made via   
   the device's native network stack, directly from the user's device, instantly   
   logging their real IP address on the attackers server.   
      
   The proof-of-concept code is now publicly available on GitHub .    
      
   What makes this particularly dangerous is the "one-click" nature of the   
   exploit. There is no second confirmation screen or warning before the ping is   
   sent. Once the link is tapped, the damage is done.    
      
   For activists, journalists, and whistleblowers who rely on Telegram for   
   anonymity, this exposes their approximate physical location and ISP details    
   to potential bad actors.   
      
   Can a VPN protect you?    
      
   The researcher noted that the request "bypasses all configured proxies,"   
   ignoring active SOCKS5, MTProto, or VPN setups specifically configured within   
   the Telegram app settings.    
      
   Because the app initiates this specific connection request directly through   
   the device's network interface, it can potentially leak data even when   
   protective tools are active.    
      
   While a system-wide VPN with a strict kill switch should theoretically catch   
   this traffic, the specific behavior of this flaw creates a significant risk   
   that traffic could slip through the net, particularly if the user relies on   
   split-tunneling features.   
      
   Telegram's response    
      
   Telegram has historically downplayed similar findings, often stating that    
   "any website or proxy owner can see the IPs" of visitors, framing it as a   
   standard function of how the internet works.    
      
   However, following scrutiny over this specific bypass, the company told   
   Bleeping Computer that it intends to address the user interface aspect of the   
   flaw.    
      
   Telegram is expected to add a warning prompt to these specific links in a   
   future update, allowing users to spot disguised proxies and decline the   
   connection before the automatic ping is sent.   
      
   What you can do    
      
   Until Telegram releases a patch to fix this automatic pinging behavior, users   
   are advised to be extremely cautious when clicking links from unknown    
   sources, even if they appear to be internal Telegram usernames. Avoid    
   clicking t.me links from strangers or in public channels. Check link previews   
   carefully before tapping. Ensure your system-wide VPN is active and    
   configured to block all non-VPN traffic (Kill Switch enabled) rather than   
   relying solely on Telegrams internal proxy settings.    
      
   Telegram has yet to issue a formal date for this fix, but as scrutiny mounts,   
   a security update is likely on the horizon. For now, the safest course of   
   action is to treat every link with suspicion.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/security-researchers-warn-t   
   elegram-links-can-doxx-you-even-with-a-vpn   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426