Push Notifications Are Basically a Metadata Gift Basket for Cops, Warns Durov

Telegram co-founder Pavel Durov is sounding the alarm on push notifications, calling them a persistent privacy vulnerability that lets data be retrieved even after messages and apps have been deleted from a device. It's like leaving your browser history pinned to the fridge—except the fridge is owned by people who might not have your best interests at heart.

His comments follow reports that the FBI accessed device notification logs on an Apple iPhone to retrieve deleted Signal messages—a technique originally detailed by 404 Media. Because apparently, "delete" is just a suggestion with a really optimistic name, kind of like "tax optimization" or "moderate fees."

Durov pointed out that disabling notification previews won't save you if your contacts haven't done the same. "You never know whether the people you message have done the same," he said on Friday. Imagine doing your part, disabling everything, and then your chatty aunt Linda gets your coffee order subpoenaed because she refuses to turn off message previews. Privacy is only as strong as your least security-conscious contact.

The revelations highlight how investigators with the right technical know-how can sidestep end-to-end encryption by tapping into metadata and app-generated information. This has sparked renewed interest in decentralized messaging apps that don't harvest user data. It's the classic move: you can't leak what's not on your servers, much like how you can't lose money you never had in the first place—wait, no, that's just what I tell myself after DeFi.

Search interest in decentralized social platforms has climbed 145% over the past five years. Bitchat—a peer-to-peer messaging app using Bluetooth mesh networks—gained over 48,000 downloads in Nepal during a nationwide social media ban in September 2025. Someone in Nepal really said "let me just Bluetooth my way to freedom," and honestly? Respect the hustle.

Meanwhile, Telegram continues to thrive despite government crackdowns. Over 50 million Iranian users have downloaded the app, even with a years-long ban in place. Users consistently bypass restrictions through VPNs. That's right, banned apps, blocked websites, and government-mandated surveillance software—just three obstacles standing between the Iranian people and their group chats. You love to see it.

"The government hoped for mass adoption of its surveillance messaging apps, but got mass adoption of VPNs instead," Durov noted. Clearly, when you push people toward privacy tools, they find a way. It's the Streisand Effect meets natural selection: give people a reason to care about OPSEC and watch them become your most paranoid, VPN-subscribing selves. Governments really said "let's make privacy mainstream" and then acted surprised when privacy went mainstream.