Contents
TL;DR
Author of TG Unblock (by-sonic/tglock) built a Rust desktop app that runs a local WebSocket proxy and routes Telegram Desktop traffic through web.telegram.org as normal HTTPS. DPI does not see MTProto; ISPs cannot shape the messenger protocol signature.
What happened
Since early 2026 Telegram has been unstable in Russia: delays, media fails to load. Tools like GoodbyeDPI do not help everyone—providers learned to shape MTProto by signature.
The fix uses official WebSocket transport in Telegram Desktop: the client talks to a local SOCKS5 proxy that wraps the session in WSS to web.telegram.org. To network filters it looks like ordinary HTTPS to Telegram’s CDN.
Stack: Rust, async I/O, ~6 MB binary. Setup is one click—the app configures SOCKS5 in Telegram Desktop automatically.
Why it matters
This is not “another VPN”—it is an applied pattern: when a protocol is blocked, use the service’s legitimate transport (web over WSS) if the client supports it.
Developers may care about trade-offs: local proxy without your own servers, minimal footprint, open source for audit.
In practice
- Download TG Unblock from GitHub (by-sonic/tglock) for your OS.
- Launch and enable the proxy with one button—localhost SOCKS5 is applied in Telegram Desktop.
- Use a recent Telegram Desktop build with WebSocket support.
- On corporate networks check whether WSS to Telegram domains is filtered separately from MTProto.
- Do not confuse with a full VPN: Telegram-only bypass, not all traffic.
Bottom line
The Habr write-up is a practical Rust + WebSocket approach to DPI circumvention without infrastructure. Not a silver bullet (depends on ISP policy), but architecturally cleaner than a global VPN for one messenger.

