What is The Non-Consensual Cookie Bandit?

A satirical web experience that parodies cookie consent popups by "auditing your life" instead of tracking your data. It's a humorous exploration of digital consent culture.

Is this actually tracking my cookies?

No. Despite the name, we don't actually track cookies in the traditional sense. This is a parody project that uses "cookies" as a metaphor for life decisions.

Is the life audit real?

The audit is generated for entertainment purposes only. Results are satirical and should not be taken as genuine life advice.

Can I play games on this site?

Yes! We have several mini-games including the Reject Button Game and Cookie Clicker. More games are being added regularly.

Is Telegram encrypted?

Regular chats are encrypted in transit and at rest, but Telegram holds the keys — they can read them. Secret Chats are end-to-end encrypted and Telegram cannot read them. Group chats are not end-to-end encrypted. The Bureau recommends using Signal if end-to-end encryption is your requirement.

Did Telegram give my data to governments?

Following Durov's arrest in France in 2024, Telegram stated it would share data with authorities for illegal activities — a significant shift from previous policy. Prior to this, Telegram claimed to have provided minimal data to law enforcement. The current policy is more cooperation-friendly than the historical brand suggests.

What's the difference between Telegram and Signal?

Signal encrypts everything end-to-end by default and is operated by a non-profit that cannot monetise user data. Telegram stores most messages on servers it controls, is a private company with an unclear business model, and has a compliance posture that has evolved under legal pressure. For private communication, Signal. For large group chats and channels, Telegram is more functional but not private.

Telegram Privacy Policy Audit — Bureau Grade: C+ | Privacy Policy Hall of Shame — NCCB

← Hall of Shame

C+

messagingencryptioncloud-storagegroupsprivacy-marketing

3,100

Word Count

12 min

Reading Time

3 min

Human Patience

5/10

Sneakiness

Translation Service

What They Say

Telegram's privacy policy is unusually short — 3,100 words — which the Bureau interprets as a sign of either exceptional honesty or exceptional omission. They explain that regular messages are stored encrypted on their servers but with keys they hold, that Secret Chats are end-to-end encrypted, and that they have disclosed minimal data to law enforcement historically. They present themselves as privacy-forward.

What They Mean

Telegram is not a privacy app. It is a cloud messaging app with an optional privacy mode. Regular Telegram chats are stored on Telegram's servers in a format Telegram can read — they hold the encryption keys. Secret Chats are end-to-end encrypted but must be manually enabled and do not work on multiple devices simultaneously. Most users use regular chats. Most users do not know the difference. The privacy brand is built on the Secret Chat feature and the founder's personal reputation. Pavel Durov's arrest in France in 2024 and subsequent cooperation with authorities revealed that Telegram's commitment to law enforcement resistance was more conditional than the brand suggested.

Worst Clause — Exhibit A

"If Telegram receives a court order that confirms you're a terrorist suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. If it does, we will include it in a semiannual transparency report published at t.me/transparency."

Bureau Translation:

The standard applied here is 'confirmed terrorist suspect,' which sounds principled until you consider that the determination of who meets this standard is made by the authority requesting the data, not by an independent standard Telegram sets. After Durov's arrest, Telegram stated they would share IP addresses and phone numbers with authorities for 'illegal activities' broadly — a significant expansion of the 'terrorist suspect' threshold the policy describes.

Evidence Tags — Data Collected

All messages in regular chats (stored on Telegram servers)Contacts list if granted permissionIP addresses and device informationUsername, profile photo, and bioGroup and channel membershipsPhone number (required for registration)

Bureau Verdict

"Telegram grades C+ despite the gap between its privacy brand and its actual architecture because the policy is honest about Secret Chats versus regular chats, and because the Bureau credits transparency about what is and isn't encrypted. The marketing-to-reality gap on privacy is significant. Signal remains the Bureau's recommended alternative for genuine end-to-end encrypted messaging."

C+

Overall Grade

Brief, Which is Suspicious

Frequently Asked Questions

Dark Patterns Documented

Misdirection →Bait and Switch →

See the full Dark Pattern Encyclopedia for documentation of each technique.

← All Companies Dark Pattern Encyclopedia →Terms Nobody Read →

Audited: 2026-03-20