Is Telefuel Safe?

An overview of Telefuel's security & privacy model.


Telefuel is an unofficial Telegram client for power users, communities, and teams, that lets users organize their chats into workspaces and folders, filter by chat types and unread messages, and access keyboard shortcuts and other productivity features.

Telefuel leverages modern technologies in order to mitigate man-in-the-middle attacks for users. Telefuel has taken steps to eliminate any possibility that someone can snoop on your messages, including ourselves.

Telefuel bundles the Telegram API library along with the application so that all data requests to Telegram happen client-side. In other words, your Telegram data stays on your device and never touches Telefuel servers, except in certain cases outlined below.

Your Telegram data stays on your device and never touches Telefuel servers.

Technical Explanation

Telegram uses MTProto, an encrypted messaging protocol optimized for fast file transfers between mobile applications. Realizing that building mobile applications are hard and that they should focus on developing the TON blockchain, the Telegram team released a C++ library called tdlib that manages network and data synchronization between Telegram servers and client applications over MTProto.

Telefuel uses tdlib for all of our applications so that we can iterate quickly and focus on developing features that delight our users.

Currently, our stack consists of React, Electron and Go. Since tdlib is a c++ library, Telefuel took steps to compile tdlib to a WebAssembly module (wasm), which Telefuel embed into its web and desktop applications.

The implication of this work is that all your encrypted Telegram data moves between your device and Telegram, and does not pass through Telefuel servers. Telefuel does not sit in the middle, as illustrated in the diagram below.

Figure 1: Data Flow - Man in the middle mitigation

Example: Authentication

In order to access the Telefuel Application, users must go through Telegram's authentication flow:

  • Enter phone number
  • Enter SMS code or passcode from another client
  • Enter optional password if 2-step authentication is enabled

As you progress through each of these steps, it's important to note that your phone number, passcode, and password are never sent to Telefuel servers.

Instead, all of your data is passed to tdlib (mentioned above), which is then sent to Telegram's servers via MTProto.

Telefuel Authentication

After you've been authenticated by Telegram, you need to establish an authenticated session with Telefuel. The way Telefuel does this is a bit clever:

  • Once Telefuel has verified that the user is authenticated and can receive updates from Telegram via tdlib, the Telefuel Application will send a /start command to the Telefuel Bot.
  • Telegram sends the command to Telefuel's servers along with the user's information, which is then stored in our database.
  • Now the user is authenticated with Telefuel and can access their workspaces and folders.

What data does Telefuel store?

In order to provide users with the ability to organize their chats into workspaces and folders across multiple devices, Telefuel needs access to the following Telegram metadata:

Workspaces / Folders

Telegram Chat IDs


First Name
Last Name
Telegram ID

Telefuel Never Stores:

(unless given explicit permission and consent by you)
Message texts, photos, videos, documents or any other message types
Who you're chatting with
Chat titles or usernames
Your contact list


Doest Telefuel have end-to-end encryption for Telefuel data?
Currently no, but Telefuel is actively researching solutions in a future release.
Does Telefuel send any data to third parties?
Telefuel sends metrics to third party service to improve product experience. You can opt out of this at anytime.
Enter your email address to request your Telefuel Invitation
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.