A bit more about Fullyst (English version).

Yesterday, as part of competitor and potential-competitor analysis, I finally got to grep_robot. Like many of its rivals, it only does a subset of what Fullyst can do, in particular deleting words / phrases / links / etc. based on predefined rules.

Since competitor analysis should be comprehensive, I also decided to read the documentation published on the bot’s website. The docs themselves, like the potential competitor, would not have been enough reason to write this post. What caught my eye were the sections:

• 'ChatSearch'. According to the site:

this is a tool for finding similar Telegram groups. For each group it finds, it shows how many members overlap between the found group and the original group.

• 'TgScan':

this is a tool for finding Telegram groups a person is a member of. For each group it finds, it shows the date when the TgScanRobot bot last saw the target user there.

To be honest, this information made my eyes pop. Here is the core of the problem:

When chat admins add this grep_robot, they are forced to give it admin rights and thus access to all user data, messages, and so on.

Some chats deliberately hide their member lists for various reasons. Some want to protect users from spam, others do it for users’ physical safety. Fullyst itself, for example, includes LGBT+ chats from Arab countries.

What do these services do? Exactly. Ignoring such restrictions, they sell, for money, access to lists of chats a person is in, as well as user overlaps between groups. This is a blatant violation of Telegram’s terms of service.

This post is yet another warning:

❗️ Chat administrators: please pay attention to which bots you add to your chat. You are putting your users’ personal data at risk.

❗️ Users: keep an eye on which bots are present in the chats you belong to. Unfortunately, some chats do not care about your safety or the security of your personal data.