You couldn't rely on telegram privacy since forever. Past april telegram had a bug on windows client which allowed python code execution from opening a video. When they fixed it they also said that less than 0.01% installed python and use vulnerable version of telegram. When asked how they know telegram desktop client checks every file extension sent. Since exploitable video extension were .pywz hidden as .mp4 they checked them in DMs and concluded the number. It wasn't even in privacy policy...