In this article, I’m talking mostly about Telegram, although the problem also applies to a number of other messengers using username, and although the mobile phone is tied to an account, it remains hidden for users outside the contact list. This creates an imaginary feeling of anonymity, because the number is safely hidden, and nothing can be figured out by the username. But actually, it is not.
Imagine yourself the owner of the messenger, you created a messenger and for effective promotion you introduce the ability to check which user contacts have already installed your program in order to immediately connect the interlocutors, and also to notify users if someone from the contact list registers with your messenger.
Law enforcement agencies and hackers use this and create devices, where all phone numbers will be added to contacts. Your messenger processes this data and informs which username it belongs to.
But you, as the owner of the messenger, understand that this will negatively affect the reputation, and make an absolutely logical decision to limit the number of contacts to one account. Let it be the number 10,000. It is unlikely that even the most sociable person will have more than ten thousand numbers in the phone book, even if they have several telephones.
Now, in order to create a tool for checking an account-linked number, for example, in Russia, it is necessary to split millions of telephone numbers by 10,000 each and write software to simulate mobile devices. Complicated? It is definitely not easy, but nothing is impossible.
You must understand that it is impossible to defend against this threat. It is possible to complicate the task with restrictions, but for special services or serious companies it will not become insoluble. But hackers and private researchers will not be able to do this due to lack of resources, although perhaps there are other ways of obtaining data that I don’t know about.
Indeed, in addition to software solutions, we need a base of active phone numbers, otherwise, going through all the possible values will lead to billions of combinations.
What should you learn from this chapter? Only one thing that a phone number tied to a Telegram or an account in a similar messenger is not difficult to be identified if we are talking about law enforcement or special services. To get the number, it is enough to know your username.
The network recommends that Telegram should close access to contacts to protect against the threat of receiving a number. I hope you understand that this will not help in any way, as Telegram knows your number regardless of access to contacts. The only protection is the use of virtual numbers, which is a technique used by cybercriminals for a long time and various kinds of fraudsters when creating accounts in Telegram. You can find quite a few similar services.
The second popular trend is the use of foreign mobile numbers. If your malefactors have a database of telephone numbers from Russia, Belarus, Ukraine, Kazakhstan and Georgia, and your Telegram is registered with a Belgian mobile number, they will not be able to receive it this way.
Some people think that if you do not specify the username in the Telegram, then it is difficult to find out something about the user. I did not check this version, but each Telegram account, in addition to the username and mobile number, has a unique ID (you can find out your Telegram ID here @my_id_bot), and I have strong suspicions that this method does not work. In Telegram, you can change all the data, including the phone number, and the ID will still remain the same.