← All posts

TG Unblock: bypassing Telegram restrictions with Rust and WebSocket

Open-source desktop app wraps MTProto in HTTPS to web.telegram.org — no VPN, servers, or subscription. ~6 MB, one click.

TG Unblock: bypassing Telegram restrictions with Rust and WebSocket
Contents

TL;DR

Author of TG Unblock (by-sonic/tglock) built a Rust desktop app that runs a local WebSocket proxy and routes Telegram Desktop traffic through web.telegram.org as normal HTTPS. DPI does not see MTProto; ISPs cannot shape the messenger protocol signature.

What happened

Since early 2026 Telegram has been unstable in Russia: delays, media fails to load. Tools like GoodbyeDPI do not help everyone—providers learned to shape MTProto by signature.

The fix uses official WebSocket transport in Telegram Desktop: the client talks to a local SOCKS5 proxy that wraps the session in WSS to web.telegram.org. To network filters it looks like ordinary HTTPS to Telegram’s CDN.

Stack: Rust, async I/O, ~6 MB binary. Setup is one click—the app configures SOCKS5 in Telegram Desktop automatically.

Why it matters

This is not “another VPN”—it is an applied pattern: when a protocol is blocked, use the service’s legitimate transport (web over WSS) if the client supports it.

Developers may care about trade-offs: local proxy without your own servers, minimal footprint, open source for audit.

In practice

  1. Download TG Unblock from GitHub (by-sonic/tglock) for your OS.
  2. Launch and enable the proxy with one button—localhost SOCKS5 is applied in Telegram Desktop.
  3. Use a recent Telegram Desktop build with WebSocket support.
  4. On corporate networks check whether WSS to Telegram domains is filtered separately from MTProto.
  5. Do not confuse with a full VPN: Telegram-only bypass, not all traffic.

Bottom line

The Habr write-up is a practical Rust + WebSocket approach to DPI circumvention without infrastructure. Not a silver bullet (depends on ISP policy), but architecturally cleaner than a global VPN for one messenger.