0x00 - Introduction

What is this all about? With this post I aim to share my knowledge about avoiding getting banned from Telegram channels and groups, thus giving my 2 cents about good sock-puppets practice.

I'll cover common methods, workarounds and their limits.

I want to make clear that there's no hacking involved and everything can be handled only via the official API.

0x01 - Basic Knowledge

Let's start from the beginning, like knowing nothing about how Telegram works. Don't worry if you are not tech savvy, I'll just talk about abstract concepts but concrete actions.

So we have:

  • bots
  • users
  • groups
  • channels

Let's describe them one at a time

Bots properties

Bots are almost like users (see below) differences are:

  • can't start a conversation directly to a user;
  • don't require a phone number;
  • can automatically reply to messages;
  • use a different API.

Users properties

There are two main groups of properties: self and inherited. The difference between them is that the firsts do not depend by the context, while the seconds are inherited.

For example, a self property is the user ID which is the same in every group (in a specific time window). On the other side, an inherited property is the class of the user (like being an admin of the chat).

In the hierarchy of who's the father of who we have two peaks (the top, the fundamental): one given by the user ID and the other by the phone number.

The fact of the matter is that the ID is unique per account but since you can have an account only if you have a phone number, you would associate the ID to the phone number. You have to consider that you can keep the ID and just change the phone number. This would place the user ID property at the top of our hierarchy, making it something un-changeable, which turns out to be false.

At this point we know that you can move from IDs to PNs and vice-versa as much as (almost) you like. Like a continuous switching behavior that doesn't allow you to define a starting point, exception made for the real person behind those IDs and PNs. There are some limits as well, with the same phone number you can create up-to three different user IDs. To change the ID you need to delete your account and create a new one, which means losing all contacts, private chats, groups, everything.

Let's define the properties.

Self properties:

  • ID
  • Phone number
  • Username
  • First name
  • Second name
  • Profile Picture
  • Bio

Inherited properties:

  • Class (user, admin, etc.)
  • Permissions (to read messages, to send messages, etc.)

Groups properties

Groups are easier to define, one is identified by:

  • ID
  • Username
  • Title
  • Photo
  • Description
  • number of members
  • Type (normal or supergroup)

The main differences between a normal group and a supergroup, are:

  • normal ones are made for a small group of people, supergroups can have thousands of members;
  • if you join a supergroup you can read old messages, with normal ones you can't;
  • in normal groups, anyone can change the bio, title, username, photo and pin messages;
  • in supergroups only admins can delete others’ messages for everyone, and change properties.

Another important fact to keep in mind is that when you “evolve” the group to a supergroup, the ID changes.

Channels

Channels are like groups, the differences are that only the admins can write in it and see who's subscribed. There are private channels as well, meaning that you can't access them if you don't have the join-link.

Given this brief introduction, let's move to the actual topic of the post.

0x02 - Ban: reasons and methods

At first glance, it seems that there are no reasons to refuse one that wants to join. Exception made for channels and groups related to extremism content (IS/Al-Qaeda), and other unspeakable things.

Even though I don't have experience in those fields, there's still a few of quite interesting cases. Anyway we'll not go into the details since that's not the aim of this post.

My experience in “doing OSINT” on Telegram is quite little (1 year and a half) so please be patient if I'll not cover all possible strategies and methods. You and everyone else is more than welcome to share his/her experience.

Reasons

In most cases is required:

  • a handle
  • a profile picture
  • to not contain arabic/cyrillic chars (at least for EU groups)
  • to not being in the wrong data-center

The first two are used to make sure you are not a (too) fake account, that said they still don't check for patterns (hi johndoe123456) mainly because they don't have the means, I guess.

Banning or kicking (just removing an user from the group, not permanent action) the user that contains arabic/cyrillic chars in the name is mainly used to keep the group “region focused” (at least this is what someone explains as reasons). Messages containing those type of chars might lead to hard/soft bans as well.

Now the juicy part. Data-centers (hereinafter “DCs”) are servers in which your information reside, imagine like a file containing your phone number and etc. into a given server. There are various DCs all around the world, for example DC-4 resides in EU and DC-1 in US. You have to know that you don't connect directly to one of them, instead you connect to “access points” (proxies).

That said, when you register your number to Telegram, the app fetches some proxies and given the general work-load, its granted you the DC that better fits network needs.

Some people (especially in EU) wrongly think that being in the DC-1 means that you are a VoIP and not being in it marks you as safe.

Never heard such wrong thing ever before. I can get my super-obvious-voip number and register to Telegram via VPN with the end-point in EU. The DC does not depend by the prefix, neither national nor ISP one.

So yes, they are almost banning random users.

None the less, you have to respect and follow the rules of the group.

Methods

So here we go with the methods mainly used to ban users.

Groups can be really large and active. It's not rare to find groups with more than 10K members and, averagely, 1K users online. In a situation where more than 3 people are typing simultaneously all the day, the flow is quite unmanageable by humans. So here the bots come in-to play.

Bots are used even to monitor the users’ activity, when they type and what they type, when they change the handle or username. That's quite stalky.

0x03 - Ban workarounds

We are in situations where:

  • admins use bots to monitor the group
  • the bots interact with us at first
  • bots are like users

It's pretty clear that all goes around bots and our setup. We can easily manage our username, profile picture, and other little things, but that's not easy as well to manage the DC's ID (you can still change it via API). So even if we do our best to not show us as “fake” accounts, there's still something that can ruin our little sock-puppet.

But bots are like users, and so if we can block users, we can block bots as well. And this is a great workaround since the bot will not be able to fetch our DC's ID, and thus not block us automatically.

The admins (either bot or human) will still be able to block us, but they'll have to operate manually.

Is this workaround really effective? What if they find that we blocked the bots?

Well, they can't know if we banned the bots or not. Plus the bots work with remote resources, so they are susceptible to down-times given by the excessive work-load. It's rare enough to find different bots for different chats, admins what solutions not problems.

Situations where we join a group with unknown bots can happen, in such case we have to change our DC before joining. This is not really handy since you have to deal with session files and the API, but nothing too hard.

0xFF - Conclusions

The old good and gold one:

There's not a solution for everything. Specific problems require specific solutions.

And that's all for our short technical overview of the main techniques used to avoid ruining our sock-puppets. How actors manage groups has been showed, how do they achieve what they need, how those methods work and what we can do to deal with them.

Hope you enjoyed this blog post, and feel free to provide any feedback