Security researcher Dhiraj Mishra has recently uncovered a vulnerability in Telegram’s desktop version which has been exposing users’ private and public IP addresses during voice calls.
Actually, Telegram provides the option “nobody” to hide IP addresses during voice calls and prevent them from being exposed, since they claim themselves to be an ultra-secure instant messaging service. However, Mishra discovered that this option is only valid for the mobile version – when making voice calls through the desktop version the vulnerability leaked user’s IP addresses due to its P2P (peer-to-peer) framework to improve the voice quality.
Eventually, Telegram patched the flaw by adding the “Nobody” option to the desktop version.
Read more about this here.