I built a Telegram assistant bot to replace my username and handle any type of message — securely and privately

I built a Telegram assistant bot to privately handle any message or file — fully sandboxed, with advanced logging and control

Leaving a Telegram @username online may seem convenient — until you get flooded with spam, bots, or irrelevant messages.

I needed something better: a way for people to message me without knowing my username, and to send anything — files, voice notes, videos — securely, with full visibility and control.

So I built Talk To Alexander — a Telegram assistant bot that receives anything I allow, filters what I don't, and keeps my actual account completely private.

🔧 What the bot supports

• ✅ Text messages
• ✅ Voice messages
• ✅ Video messages
• ✅ Audio files: MP3, OGG, WAV, FLAC, M4A, AAC, ALAC
• ✅ Documents: PDF, DOCX, XLSX, CSV, MD, FB2, FB3, PPT, PPS
• ✅ Images: PNG, JPG, GIF, DNG, WEBP, HEIC
• ✅ Archives: ZIP, RAR, TAR.GZ, .GZ, GZIP, BZ2(UP TO 2GB)
• ✅ Video files: MP4, MKV, AVI, HEVC, MOV, VP9
• ✅ Stickers

Users simply open the bot and send their message. I receive it — privately and securely.

🛠️ Tech stack & architecture

Although the bot is closed-source, its architecture is robust and production-grade:

• Node.js (v22.15) + TypeScript (v5.8)
• grammY (v1.36) for Telegram API integration
• Express.js backend router
• Nginx as reverse proxy
• The bot binds to a secure UNIX socket: /run/bots/talk-to-alexander.sock
• Launched and monitored as a systemd service
• Fully sandboxed environment:
  • User: tgbot, Group: bots
  • No system-level permissions
  • Write access only to: /opt/sandbox/talk-to-alexander/public

🧰 File security & sandboxing

• The bot integrates with the Telegram Bot API running locally (--local) with --max-connections=100000
• All files are strictly filtered — if a file does not match allowed MIME types, it is silently discarded
• Invalid files are routed to the sandbox, where they expire and auto-delete after 1–2 hours (per Telegram API behavior)
• This ensures the bot never stores unnecessary or untrusted data

🧾 Advanced logging & decision control

The bot includes a powerful logging system, with:

• ✅ Real-time event logs sent to a private Telegram channel
• ✅ Detailed logs stored on-disk at: /opt/sandbox/talk-to-alexander/logs/

This allows me to:

• Review every /start interaction
• See exactly what message or file a user sent
• Decide whether to respond or not based on behavior

No interaction gets lost. No user can bypass this filter layer.

🧠 Why I built it

• To accept messages and files without sharing my identity
• To avoid spam, noise, or unfiltered contacts
• To get full visibility into who sent what, when, and why
• To run everything securely and privately on my own infrastructure

🌍 What’s next

This bot is part of a larger system I’m building:

lmdnbot.com — a Telegram bot marketplace currently in development.

The platform will run on Nginx, with a Laravel backend and an Angular frontend.

It will showcase production-ready Telegram bots built for real-world tasks, with proper documentation, support, and eventually tools for other developers to join in.

💬 Want to try it?

👉 t.me/TalkToAlexanderBot

No phone number. No username. Just pure, secure interaction.

Thanks for reading! Feedback is always welcome.