Sessions - Auto-remove anyone who logs into your Telegram and isn't you

by
Telegram account takeover is everywhere: one wrong click and your account is gone, even with 2FA on. Sessions is an always-on guard. Whitelist your real devices, arm it, and any new login that isn't you gets kicked automatically, around the clock. Hostile 2FA-password resets get auto-declined. Nothing else. We built a minimal MTProto client so at the code level it can only do exactly that. It's open source, running in an AWS Nitro enclave with live attestation you can verify yourself.

Add a comment

Replies

Best
Maker
📌
I built Sessions because Telegram account takeover has become way too normal, especially in crypto and other Telegram-heavy worlds. You've seen it: a friend's account gets taken over, and minutes later "they" are DMing everyone scam links. Fake Teams audio downloads, Calendly links, wallet "support" pings. The vector changes, the outcome doesn't. One wrong click and your account is gone, even with 2FA on. Sessions is a simple guard. You whitelist your real devices, arm it, and from then on any new login that isn't you gets kicked automatically, 24/7. Try to reset your Telegram 2FA password, it's auto-declined. That's all it does, by design. The part I care most about: we built this to be verifiable, not trust-me security. It runs a minimal open-source MTProto client with a fixed allowlist of Telegram actions, no general-purpose client hidden inside. It runs in an AWS Nitro Enclave, and the live attestation lets you (or an AI) verify the code holding your account is the exact published code. To be clear: Sessions does hold a Telegram session so it can protect your account. The model: the session is sealed to the attested enclave, the enclave can only run the published guard code, and your own keys (a passkey, wallet, or google account) hold the authority. Arming, changing your keep-list, and removing the guard all require your signature, so even we can't change your policy without you Built for people whose Telegram is part of their work, identity, or community, who can't afford one bad click becoming a full takeover. Would love feedback from anyone who lives in Telegram daily. AMA 🙏