This study examines the privacy risks faced during the teleoperation of robots which are controlled via commands exchange through encrypted network communications.  From the perspective of an adversary able to eavesdrop network traffic, we explore the potential to infer sensitive robotic actions by analyzing the metadata of encrypted traffic, such as packet timing, size, and direction.  We investigate this threat in realistic setups, using a smartphone’s Inertial Measurement Unit (IMU) to control a robotic arm via three joint-level modalities—position, velocity, and torque—to perform four distinct actions.  First, by leveraging state-of-the-art traffic analysis attacks to examine robot teleoperation traffic, we uncover that an adversary can accurately identify the actions performed by the robot.  Second, by prototyping a defense against such attacks, we analyze the performance and privacy trade-offs across the robot control modalities.  Our findings highlight the importance of integrating privacy considerations into robotics APIs, and encourage further exploration of factors influencing the security of teleoperated systems.