The Arrest of Pavel Durov Is a Reminder That Telegram Is Not Encrypted(gizmodo.com)
gizmodo.com
The Arrest of Pavel Durov Is a Reminder That Telegram Is Not Encrypted
https://gizmodo.com/the-arrest-of-pavel-durov-is-a-reminder-that-telegram-is-not-encrypted-2000490960
194 comments
Signal's larger problem is the lack of a web client.
Telegram (like everyone else) has a great, responsive web client.
What's even more frustrating is that Signals desktop app is just an electron app, meaning it's generally designed for the browser.
Telegram (like everyone else) has a great, responsive web client.
What's even more frustrating is that Signals desktop app is just an electron app, meaning it's generally designed for the browser.
Signals problem is they are too extreme on the security aspect neglecting everything else but a messaging app is much more than one feature to be considered a serious alternative for the masses. It hasn't even solved backup of your chats as a basic feature because it's not important to their developers but a non-negotiable feature for the majority of chat app users.
Strange, I've been using Signal for years and its backup feature works just fine:
1. Enable backups. 2. Point it at a folder on your phone which gets synchronized somewhere 3. Note the 30 digit passphrase in your password manager.
https://support.signal.org/hc/en-us/articles/360007059752-Ba...
Have had no issue restoring to replacement phones.
1. Enable backups. 2. Point it at a folder on your phone which gets synchronized somewhere 3. Note the 30 digit passphrase in your password manager.
https://support.signal.org/hc/en-us/articles/360007059752-Ba...
Have had no issue restoring to replacement phones.
That may be true for Android devices but not for Mac and iphone. I checked a week ago when i wanted to give signal another chance after years but it's utter lack of a convenient backup and restore functionality drove me once again away. This means if you loose or damage your phone or macbook all chat history is forever lost. That may be convenient if you're the ceo of amazon but not for normal people.
The worst thing for me was that app versions expire pretty frequently with no warning, then you just stop getting notifications. Which is extra annoying cause I'm only on it for some bar trivia group that totally doesn't need e2ee (or even e).
Also, Facebook Messenger recently added e2ee, which made it glitchier, fussier, and not really any more secure given that the key is a short numeric code.
Also, Facebook Messenger recently added e2ee, which made it glitchier, fussier, and not really any more secure given that the key is a short numeric code.
Yep this is a huge issue on iOS.
Here’s a couple of solutions, Signal:
1. Generate a long paper key that can be stored in a password manager. Use iCloud to store an encrypted backup.
2. iCloud now has optional e2ee. Let me just say my threat model trusts that e2ee and use iCloud directly.
Here’s a couple of solutions, Signal:
1. Generate a long paper key that can be stored in a password manager. Use iCloud to store an encrypted backup.
2. iCloud now has optional e2ee. Let me just say my threat model trusts that e2ee and use iCloud directly.
Web-apps in the browser can't be used for encryption because in that model the server is always trusted to send whatever code it wants. That defeats the point of end-to-end encryption. That's why Mailvelope is a browser add-on and webmail clients don't just embed openPGP.js. This way they can create releases of the crypto-code and distribute them over trustworthy channels.
If Isolated Web Apps (IWAs) take off, it may become an option.
If Isolated Web Apps (IWAs) take off, it may become an option.
The fact that Telegram is home to thousands of military bloggers discussing the war in Ukraine without getting blocked is a clear signal that the platform is completely compromised and controlled by the Russian state. There is a 0% chance they would allow a free flow of information of this type.
Telegram is also home for many oppositioners of Russian State and Putin, Russian Liberals and LGBT communities. Why would government-controlled platform ever allow it?
1. Controlled opposition
2. They can dox and eliminate any real threat if they can monitor the most popular communication tool
According to many sources, Telegram is a vital communication tool of the Russian military in the war with Ukraine. If that's true, then there can be only two primary interpretations: 1. Russian gov is astoundingly incompetent 2. They are able to monitor Telegram
2. They can dox and eliminate any real threat if they can monitor the most popular communication tool
According to many sources, Telegram is a vital communication tool of the Russian military in the war with Ukraine. If that's true, then there can be only two primary interpretations: 1. Russian gov is astoundingly incompetent 2. They are able to monitor Telegram
Your theory is interesting, but the most popular social network in Russia is Vkontakte, not Telegram. It is indeed controlled by the government and any "illegal" liberal channels are banned on sight.
> If that's true, then there can be only two primary interpretations
There is a third possible explanation:
3. This particular war is full of misinformation and lies from both sides. Telegram can be used as a tool to spread your disinfo, masking it as truth.
I really doubt that russian military uses Telegram to coordinate anything, and if they do - it could be rare cases where soldiers haven't gone through any special training. But I can see how Telegram can be used to share other non-vital data. If it's true, then surely it's not incentive from above, but initiative from below.
You should keep in mind that it's not professional specialists on the battlefield, but mostly people who've been regular citizens just a few years ago.
> If that's true, then there can be only two primary interpretations
There is a third possible explanation:
3. This particular war is full of misinformation and lies from both sides. Telegram can be used as a tool to spread your disinfo, masking it as truth.
I really doubt that russian military uses Telegram to coordinate anything, and if they do - it could be rare cases where soldiers haven't gone through any special training. But I can see how Telegram can be used to share other non-vital data. If it's true, then surely it's not incentive from above, but initiative from below.
You should keep in mind that it's not professional specialists on the battlefield, but mostly people who've been regular citizens just a few years ago.
As far as I know VK is not nearly as popular as Telegram specifically as a communication tool, aka a messaging app. WhatsApp and Telegram being by far the most popular options in Russia.
> Telegram can be used as a tool to spread your disinfo, masking it as truth.
So can TV, newspapers, local websites, etc etc. And yet we know what happened to all Russian media that tried to spread messages contradicting the official position. I don't believe Russian gov (or Soviet for that matter) is confident enough to allow dissenting opinions to be spread on such a massive scale without a high degree of influence and/or monitoring.
I know usually the burden of proof is on the side of the conspiracists, but in this case I am not taking any chances. If it's a Russian company that is widely used by the Russian ideological state apparatus, I have zero trust in whatever their encryption promises are.
> Telegram can be used as a tool to spread your disinfo, masking it as truth.
So can TV, newspapers, local websites, etc etc. And yet we know what happened to all Russian media that tried to spread messages contradicting the official position. I don't believe Russian gov (or Soviet for that matter) is confident enough to allow dissenting opinions to be spread on such a massive scale without a high degree of influence and/or monitoring.
I know usually the burden of proof is on the side of the conspiracists, but in this case I am not taking any chances. If it's a Russian company that is widely used by the Russian ideological state apparatus, I have zero trust in whatever their encryption promises are.
> I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
The Russian state stopped blocking Telegram after the state investments in the platform, that tells you everything you need to know about its security and the deals they must have made with the Kremlin.
If something isn't blocked in Russia right now, it's because they have access to it.
The Russian state stopped blocking Telegram after the state investments in the platform, that tells you everything you need to know about its security and the deals they must have made with the Kremlin.
If something isn't blocked in Russia right now, it's because they have access to it.
> If something isn't blocked in Russia right now, it's because they have access to it.
So WhatsApp is also controlled by Russia?
So WhatsApp is also controlled by Russia?
For a while now I just assume anything that is used/allowed in Russia and/or China is only because those states have access to the contents. They are advanced and powerful enough to ban and create alternatives. So Russia probably can access whatsapp messages. Meaning that any three letter agency can do that as well.
> The Russian state stopped blocking Telegram after the state investments in the platform,
Where are you getting this from? Russia has seen Telegram as an enemy since day 0, and probably had to lift their block because it didn't work at any point, Telegram was available in the country the entire time.
Have these "state investments" been reported on by some reputable organizations?
Where are you getting this from? Russia has seen Telegram as an enemy since day 0, and probably had to lift their block because it didn't work at any point, Telegram was available in the country the entire time.
Have these "state investments" been reported on by some reputable organizations?
https://www.forbes.ru/newsroom/biznes/424315-rfpi-investirov...
https://www.bbc.com/russian/news-56501991
https://www.bbc.com/russian/news-56501991
So RDIF says they've invested in Telegram, Telegram says they were approached but said no. Is there any 3rd party sources for this that can confirm either side?
They blocked Signal but can't do anything to their biggest enemy Telegram?
[deleted]
Telegram's e2ee mode is only usable for 1:1 chats, so I wouldn't be surprised if some government(s) could gain access to any group chat they want.
[deleted]
>Telegram is mostly about big group chats and channels where people share information with their fans.
This is the gist of it. Telegram is mostly like an uncensored blog platform at this point. Probably the only platform to host official channels of Navalny, Zelenski, Dmitry Medvedev, Russian and Ukrainian milbloggers at the same time.
And for public channels, E2E is pointless - everyone can see it anyway.
This is the gist of it. Telegram is mostly like an uncensored blog platform at this point. Probably the only platform to host official channels of Navalny, Zelenski, Dmitry Medvedev, Russian and Ukrainian milbloggers at the same time.
And for public channels, E2E is pointless - everyone can see it anyway.
And that's great. But Telegram promotes itself as a secure messenger. And that's a big lie.
If they would advertise themselves as a WeChat / Line for the West, nobody would question it.
Line advertise itself as end-to-end. This is why most people just get a new account and lose their history when they get a new phone.
https://linecorp.com/en/security/encryption/2021h1
https://linecorp.com/en/security/encryption/2021h1
How is that a lie? It's not possible to make group chats with cross-device history end-to-end encrypted. If you don't like that feature, don't use it, stick to e2e encrypted DM's. You're saying they are lying because they offer more than just e2e encrypted DM's?
I say they lie about being secure because they're not secure by default. It's an option, and a very inconvenient one. Plenty of other messengers have made e2e encryption easy to use. Telegram has done the opposite, which makes me think that they don't want their users to use truly private messages.
How hard is it to tap on "New secret chat"? In my Android client all I need to do is to tap on the large blue icon in the bottom right corner, choose "New secret chat" (other options: "New group" and "New channel", basically your go-to button for creating new groups/channels), then choose the person. Isn't it basically how you usually create chats in every other messenger? In WhatsApp, you also click on a large green icon in the bottom right corner, with the options being "New group", "New contact" and "New community". In Viber, you click on a large purple icon in the bottom right corner, with the options being "New Group", "New Community", "New Channel".
The security researcher cited in the article used a different flow by going to an existing contact's profile first and opening the hamburger menu there, and claimed the feature is "hidden" because of that (the hamburger menu), when in fact it isn't. Maybe it's different on iOS though, I don't know.
The security researcher cited in the article used a different flow by going to an existing contact's profile first and opening the hamburger menu there, and claimed the feature is "hidden" because of that (the hamburger menu), when in fact it isn't. Maybe it's different on iOS though, I don't know.
> How hard is it to tap on "New secret chat"?
Try to do it on a desktop Linux. There is no such option.
Try to do it on a desktop Linux. There is no such option.
AFAIK, the main reason why people don't use these "secret chats" in Telegram is that the history stays on one device. It doesn't have to go to the cloud, but you can synchronise it with already linked devices by sharing your keys. As if it was deliberately made inconvenient to use, "encryption brings limitations, it's easier to upload everything to our cloud, trust us".
> It's not possible to make group chats with cross-device history end-to-end encrypted.
I am using it on Matrix just fine.
I am using it on Matrix just fine.
Well, the FAQ on their site clearly says that only "secret chats" are end-to-end encrypted.
Not sure where the lie is. Although, it indeed may mislead the average user who knows nothing about E2E.
WhatsApp made E2E the default only in 2016, i.e. 7 years after it was founded. Telegram is 11. The whole thing reminds me of http vs. https. Chrome started marking http as "Not Secure" only in 2018. I remember at some point the wisdom was that using http is OK as long as you don't use it to access your bank account etc. So https was like an opt-in ("if you want additional security"). But now it's the default. Telegram resists making E2E the default reportedly for UX reasons (easier data sync on multiple devices).
WhatsApp made E2E the default only in 2016, i.e. 7 years after it was founded. Telegram is 11. The whole thing reminds me of http vs. https. Chrome started marking http as "Not Secure" only in 2018. I remember at some point the wisdom was that using http is OK as long as you don't use it to access your bank account etc. So https was like an opt-in ("if you want additional security"). But now it's the default. Telegram resists making E2E the default reportedly for UX reasons (easier data sync on multiple devices).
The lie is that it's not secure by default. Their FAQ clearly says that they have the technical ability to read private messages outside of "secret chats", which is the default option and the majority of messages on the platform.
So all the FAQs on their official site are open about technically being able to read private messages if you don't enable secret chats, and it's somehow lying?
The main page says Telegram is "secure" without elaborating, though. I can see people can be misled, but they're not lied to.
The main page says Telegram is "secure" without elaborating, though. I can see people can be misled, but they're not lied to.
[deleted]
> And that's great. But Telegram promotes itself as a secure messenger. And that's a big lie.
But until someone actually published any hard evidence demonstrating weaknesses (ideally with a PoC), do we have anything else to go by?
I wouldn't say I know for sure Telegram is 100% secure against government interception, but I also wouldn't claim the opposite, because neither ends/claims have been demonstrated and proven in a verifiably way.
But until someone actually published any hard evidence demonstrating weaknesses (ideally with a PoC), do we have anything else to go by?
I wouldn't say I know for sure Telegram is 100% secure against government interception, but I also wouldn't claim the opposite, because neither ends/claims have been demonstrated and proven in a verifiably way.
> I wouldn't say I know for sure Telegram is 100% secure against government interception, but I also wouldn't claim the opposite, because neither ends/claims have been demonstrated and proven in a verifiably way.
Telegram doesn't even claim to have end-to-end encryption by default (you have to enable it explicitly on a per-chat basis), and doesn't have it at all for group chats. Like, unless they are lying and secretly _do_ have e2e by default, it is clearly worse than many alternatives from this pov.
It's kind of weird that it has come to be known as a secure messenger, but it certainly isn't.
Telegram doesn't even claim to have end-to-end encryption by default (you have to enable it explicitly on a per-chat basis), and doesn't have it at all for group chats. Like, unless they are lying and secretly _do_ have e2e by default, it is clearly worse than many alternatives from this pov.
It's kind of weird that it has come to be known as a secure messenger, but it certainly isn't.
>hard evidence demonstrating weaknesses
The weakness is that e2e encryption is disabled by default, and is a giant pain to enable.
The weakness is that e2e encryption is disabled by default, and is a giant pain to enable.
> The weakness is that e2e encryption is disabled by default
E2E is only for Secret Chats, yes. And yeah, I don't think people use Secret Chats by default.
> and is a giant pain to enable.
Starting a Secret Chat takes one more tap than starting a normal chat.
E2E is only for Secret Chats, yes. And yeah, I don't think people use Secret Chats by default.
> and is a giant pain to enable.
Starting a Secret Chat takes one more tap than starting a normal chat.
>Starting a Secret Chat takes one more tap than starting a normal chat.
Hmm, the article says this:
>As John Hopkins security researcher Matthew Green pointed out in his blog on the subject, it’s also a pain in the ass to activate. “The button that activates Telegram’s encryption feature is not visible from the main conversation pane, or from the home screen. To find it in the iOS app, I had to click at least four times—once to access the user’s profile, once to make a hidden menu pop up showing me the options, and a final time to ‘confirm’ that I wanted to use encryption. And even after this, I was not able to actually have an encrypted conversation, since Secret Chats only works if your conversation partner happens to be online when you do this,” Green said.
Hmm, the article says this:
>As John Hopkins security researcher Matthew Green pointed out in his blog on the subject, it’s also a pain in the ass to activate. “The button that activates Telegram’s encryption feature is not visible from the main conversation pane, or from the home screen. To find it in the iOS app, I had to click at least four times—once to access the user’s profile, once to make a hidden menu pop up showing me the options, and a final time to ‘confirm’ that I wanted to use encryption. And even after this, I was not able to actually have an encrypted conversation, since Secret Chats only works if your conversation partner happens to be online when you do this,” Green said.
> But until someone actually published any hard evidence demonstrating weaknesses (ideally with a PoC), do we have anything else to go by?
Here you go:
https://news.ycombinator.com/item?id=41350809
Here you go:
https://news.ycombinator.com/item?id=41350809
How does that prove that Telegram as a whole is not secure? The only thing that would demonstrate is that your normal, not-E2E encrypted, messages aren't E2E encrypted, which yeah, of course they aren't.
I think you might confuse what the mud puddle test aims to demonstrate. It's to be able to confirm E2E encryption, which if you do that test with Telegram + Secret Chats (which is the E2E encryption feature in Telegram), you'll see you cannot recover those messages.
I think you might confuse what the mud puddle test aims to demonstrate. It's to be able to confirm E2E encryption, which if you do that test with Telegram + Secret Chats (which is the E2E encryption feature in Telegram), you'll see you cannot recover those messages.
> The only thing that would demonstrate is that your normal, not-E2E encrypted, messages aren't E2E encrypted, which yeah, of course they aren't.
I mean, if nothing else, that's a bad default. This makes it worse than, say, WhatsApp or the apple messaging thing, nevermind the likes of Matrix or Signal.
I mean, if nothing else, that's a bad default. This makes it worse than, say, WhatsApp or the apple messaging thing, nevermind the likes of Matrix or Signal.
> How does that prove that Telegram as a whole is not secure?
It depends on what you mean by "as a whole". I mean that Telegram by default can read all your private chats, unless you manually enabled e2ee and suffer from related bad UX. On Linux desktop (and phones) it doesn't even allow to enable e2ee at all.
It depends on what you mean by "as a whole". I mean that Telegram by default can read all your private chats, unless you manually enabled e2ee and suffer from related bad UX. On Linux desktop (and phones) it doesn't even allow to enable e2ee at all.
> It depends on what you mean by "as a whole". I mean that Telegram by default can read all your private chats
Yes, this is the expectation. You use someone else's platform that doesn't have E2E, you assume they can read your messages and will help law enforcement to do the same. No surprise there.
Doesn't mean their E2E feature isn't secure, or that the platform as a whole isn't secure. Facebook surely shares their Facebook + Whatsapp data with US law enforcement, we wouldn't call Facebook/Whatsapp insecure just because of that.
Yes, this is the expectation. You use someone else's platform that doesn't have E2E, you assume they can read your messages and will help law enforcement to do the same. No surprise there.
Doesn't mean their E2E feature isn't secure, or that the platform as a whole isn't secure. Facebook surely shares their Facebook + Whatsapp data with US law enforcement, we wouldn't call Facebook/Whatsapp insecure just because of that.
Where? Their website says "a new era of messaging." I see at the bottom that it's "heavily encrypted," but that doesn't mean e2e.
They're describing their app in a way that will make regular users think it's actually secure. Call it what you will, false advertising, deliberately misleading - a lie is a lie.
Their website also used to say that they are forever free, no ads, and that they were going to open source all their code, including the server code. Now they have a free tier, but even they couldn't call it "forever free" anymore. I wouldn't trust anything they write there =)
Their website also used to say that they are forever free, no ads, and that they were going to open source all their code, including the server code. Now they have a free tier, but even they couldn't call it "forever free" anymore. I wouldn't trust anything they write there =)
It's about as secure as any other non-E2EE chat or other kind of service, except it also has E2EE mode, which is limited to 1:1 chats for fair reasons. Plenty of other services advertise themselves as "secure," which doesn't mean a lot. So I don't see anything misleading there.
Aside from that, I don't trust Telegram or its CEO at all, partially because of what you said about open-sourcing (or not) and partially because of his ties to Russia and Azerbaijan.
Aside from that, I don't trust Telegram or its CEO at all, partially because of what you said about open-sourcing (or not) and partially because of his ties to Russia and Azerbaijan.
> And for public channels, E2E is pointless - everyone can see it anyway.
Shouldn't it at least provide some guarantee that what you receive is what was sent?
Shouldn't it at least provide some guarantee that what you receive is what was sent?
E2E doesn't typically provide that. No common E2E messenger enforces the necessary key verification. Only some inform about key changes. Only Matrix can be configured to refuse mis-signed messages.
And then there is even stuff like OMEMO, which is E2E, but intentionally does not do authentication of messages, quite the opposite: It's protocol is designed such that you can always deny having sent such a message...
And then there is even stuff like OMEMO, which is E2E, but intentionally does not do authentication of messages, quite the opposite: It's protocol is designed such that you can always deny having sent such a message...
It also doesn't mean "plain text". Telegram uses MTProto and the decryption keys are stored on multiple servers in multiple jurisdictions, something which Gizmodo doesn't even mention.
See also this excellent comment by another HN user: https://news.ycombinator.com/item?id=41348228
See also this excellent comment by another HN user: https://news.ycombinator.com/item?id=41348228
Here is a better resource by an actual respected cryptographer: https://blog.cryptographyengineering.com/2024/08/25/telegram...
One of the links shared by the comment you're linking to points to a paper which concludes:
> We have presented the formalisation of the MTProto 2.0 protocol suite in the applied π-calculus, and its analysis using the protocol verifier ProVerif. This approach adopts the symbolic Dolev-Yao threat model: an active intruder can intercept, modify, forward, drop, replay or reflect any message. Within this model, we have provided a fully automated proof of the soundness of MTProto 2.0’s protocols for first authentication, normal chat, end-to-end encrypted chat, and rekeying mechanisms with respect to several security properties, including authentication, integrity, secrecy and perfect forward secrecy, also in the presence of malicious servers and clients. Moreover, we have discovered that the rekeying protocol is vulnerable to a theoretical unknown key-share (UKS) attack [ 5 ]: a malicious client B, with the help of another client E, can induce a client A to believe that she (still) shares a secret key with E, and instead A shares the key with B. The practical exploitability of this attack in actual implementations is still to be investigated. Our formalization covers also the behaviour of the users, when relevant; e.g., if the users do not check the fingerprints of their shared keys, a MitM attack is possible.
One of the links shared by the comment you're linking to points to a paper which concludes:
> We have presented the formalisation of the MTProto 2.0 protocol suite in the applied π-calculus, and its analysis using the protocol verifier ProVerif. This approach adopts the symbolic Dolev-Yao threat model: an active intruder can intercept, modify, forward, drop, replay or reflect any message. Within this model, we have provided a fully automated proof of the soundness of MTProto 2.0’s protocols for first authentication, normal chat, end-to-end encrypted chat, and rekeying mechanisms with respect to several security properties, including authentication, integrity, secrecy and perfect forward secrecy, also in the presence of malicious servers and clients. Moreover, we have discovered that the rekeying protocol is vulnerable to a theoretical unknown key-share (UKS) attack [ 5 ]: a malicious client B, with the help of another client E, can induce a client A to believe that she (still) shares a secret key with E, and instead A shares the key with B. The practical exploitability of this attack in actual implementations is still to be investigated. Our formalization covers also the behaviour of the users, when relevant; e.g., if the users do not check the fingerprints of their shared keys, a MitM attack is possible.
> the decryption keys are stored on multiple servers in multiple jurisdictions
Which is completely besides the point when the question is "should you trust Telegram", given that they are still entirely under Telegram's logical control.
The only circumstance under which this is a meaningful difference is when somebody other than Telegram (law enforcement with a warrant, law enforcement without a warrant, criminals etc.) walks into a data center and pulls those servers' hard disks.
Which is completely besides the point when the question is "should you trust Telegram", given that they are still entirely under Telegram's logical control.
The only circumstance under which this is a meaningful difference is when somebody other than Telegram (law enforcement with a warrant, law enforcement without a warrant, criminals etc.) walks into a data center and pulls those servers' hard disks.
What keeps an employee from impersonating a user by registering a new device and intercepting the confirmation code? The code must be somewhere in their systems for the time being, so at least one employee must be able to get it. Then they can see everything the user can see.
(Assuming the user has the default setting of no 2FA.)
There are probably more ways to get to the data.
Splitting keys in different jurisdictions seems like security theater.
(Assuming the user has the default setting of no 2FA.)
There are probably more ways to get to the data.
Splitting keys in different jurisdictions seems like security theater.
Also, since you can see scroll back don't they host the telegram chats even if they are in encrypted form?
[deleted]
A reply to the comment you link to: https://news.ycombinator.com/item?id=41348494
They claim it only covers transport and not data at rest.
They claim it only covers transport and not data at rest.
>"sperm-obsessed co-founder of Telegram"
>"possible vector for child sex abuse material"
>"hub for various scams and crimes—but"
What is it? Setting up a mood to make sure people feel that Durov / Telegram are bad? This is anything but even a try to objective journalism. Whoever the author is - fuck you.
>"possible vector for child sex abuse material"
>"hub for various scams and crimes—but"
What is it? Setting up a mood to make sure people feel that Durov / Telegram are bad? This is anything but even a try to objective journalism. Whoever the author is - fuck you.
It's a tech blog, not that 'objective journalism' exists anyway.
That is why I said "try to objective journalism". We are all biased to a various degrees. But this particular one feels like puke. Does not matter if it is tech blog.
Firstly, a blog is an opinion piece, so that you went in expecting 'objective journalism' is quixotic. Secondly, even if it weren't opinion, journalism does not aspire to objectivity to begin with.
>"Firstly, a blog is an opinion piece"
Well, let me rephrase it then. I respect author's right to express the opinion. Still "fuck said opinion". It reeks.
Well, let me rephrase it then. I respect author's right to express the opinion. Still "fuck said opinion". It reeks.
that's absolutely shameful
Just a small note: even if Telegram would be encrypted end to end, most people use it with a mobile app, writing messages with the OS virtual keyboard, inserting images/video from the OS internal storage. How can anyone think an app could be private on a closed source, remotely managed, OS it run on it's definitively not?
How can anyone think a damn picture on an Android/iOS/* phone could be considered private? People have Google Photos/iCloud auto-backups and do care about "the privacy of a messaging app"?
Beside that I do consider this arrests much less meaningful than most current press, yes it's a debatable act, but so far Telegram works in France, there is no state-enforced block, in user base size terms it's hardly be considered a significant hostile political/social actor, and actually the government is doing MUCH bigger things against the République and Democracy at a whole than arresting the funder of a messaging services based in Dubai...
How can anyone think a damn picture on an Android/iOS/* phone could be considered private? People have Google Photos/iCloud auto-backups and do care about "the privacy of a messaging app"?
Beside that I do consider this arrests much less meaningful than most current press, yes it's a debatable act, but so far Telegram works in France, there is no state-enforced block, in user base size terms it's hardly be considered a significant hostile political/social actor, and actually the government is doing MUCH bigger things against the République and Democracy at a whole than arresting the funder of a messaging services based in Dubai...
I mean, I assume people who are seriously concerned with privacy to a sufficient extent don't turn on those auto backups (though at least the Apple one _does_ have an e2e encryption option).
The title is not correct IMO, it is not "end-to-end encrypted" by default.
But the traffic between you and the Telegram server is always encrypted and the "end-to-end encryption" can be enabled.
But the traffic between you and the Telegram server is always encrypted and the "end-to-end encryption" can be enabled.
Telegram appears to be the last company selling SSL as "encryption" though. In 2024 that's akin to claiming that your car doesn't need oil every 500km, foodproduct has a reasonably predictable shelf life or tap water is safe for consumption.
It's all great, also arguments a generation old.
Maybe I should add 'literate' on my resume too...
It's all great, also arguments a generation old.
Maybe I should add 'literate' on my resume too...
Genuinely curious.. in what sense do you not consider SSL to be encryption?
As always, context matters. SSL is clearly encryption, but if you talk about encrypted messaging, in this future year of 2024, people will assume that you mean end to end encryption. If it was 1996, this might be a different story, of course, but it's not.
Telegram really has kind of pulled off a masterstroke in marketing by convincing people that it is e2e encrypted (honestly, as a non-user I assumed that its non-group messaging was until the current fuss), while not being, even where it would be easy to be (non-group stuff). One might reasonably question their motives there.
Telegram really has kind of pulled off a masterstroke in marketing by convincing people that it is e2e encrypted (honestly, as a non-user I assumed that its non-group messaging was until the current fuss), while not being, even where it would be easy to be (non-group stuff). One might reasonably question their motives there.
Then we can say with my comment the traffic between you and Hacker News is encrypted. See, its using TLS.
Everything is transport-encrypted these days. Almost everybody still emphasizing that as a product feature is doing so out of questionable motives.
You are right, but they are just having good fun shitting on the service, and the guy ("obsessed") for being a donor. Why not get some cheap clicks?
An encrypted system can depend on a trusted third party. Sometimes that trust is mandatory, like, say, a XMPP system used in an industry where IM messages have to be archived for future possible access to a regulator. Such systems are much easier for the user to use securely.
Most end to end capable systems degrade to trusting the provider when the user fails to verify the identity of their correspondent using some ridiculously long number. In other words, the user has to take an assertive action to become fully end to end where only the end users are trusted. Just like with Telegram secret chats. You can't just claim that such systems are not encrypted. Things are more subtle.
The headline here ("Telegram Is Not Encrypted") is misleading...
Most end to end capable systems degrade to trusting the provider when the user fails to verify the identity of their correspondent using some ridiculously long number. In other words, the user has to take an assertive action to become fully end to end where only the end users are trusted. Just like with Telegram secret chats. You can't just claim that such systems are not encrypted. Things are more subtle.
The headline here ("Telegram Is Not Encrypted") is misleading...
> The headline here ("Telegram Is Not Encrypted") is misleading...
To an audience of laypersons, it's definitely much more accurate than saying "Telegram is encrypted".
Maybe a better way of phrasing it would be "Telegram can read your messages if they choose to, or if anybody is able to force them".
To an audience of laypersons, it's definitely much more accurate than saying "Telegram is encrypted".
Maybe a better way of phrasing it would be "Telegram can read your messages if they choose to, or if anybody is able to force them".
> "Telegram can read your messages if they choose to, or if anybody is able to force them".
Exactly. I.e: Telegram is not encrypted.
Exactly. I.e: Telegram is not encrypted.
The encryption is a red herring to distract from the truth: telegram is the only platform where views different from war profiteers can be expressed. You can't do it anywhere else: not on cnn, not bbc, not guardian, not bloomberg, ..., not fox news, not npr, not reddit, not medium, not in a french court that rubberstamps whatever overseas masters tell them.
Opposing Russia's belligerence and atrocities in Ukraine doesn't make you a war profiteer. Telegram footage from Russian channels has actually been key to understanding how obscenely common those outrages are.
> telegram is the only platform where views different from war profiteers can be expressed
That is a strong, wrong, statement
For one thing, although I have my quibbles about the standard of journalism at The Guardian, I do not think for a micro second they are beholden to "war profiteers".
That is a strong, wrong, statement
For one thing, although I have my quibbles about the standard of journalism at The Guardian, I do not think for a micro second they are beholden to "war profiteers".
If Telegram only wanted to be a "free-speech maximalist-like" platform, they could have simply skipped all of the misinformation around also being a "secure and encrypted" instant messenger.
The fact that they did all of that is precisely the reason why you'll find so many cryptographers and privacy advocates being very critical of it.
The fact that they did all of that is precisely the reason why you'll find so many cryptographers and privacy advocates being very critical of it.
I never trusted Telegram; who are their founders, what is their corporate structure and management style, what are their values and vision? Nor do I trust any other centralized messaging app. P2P FTW. Cryptography is the only salvation.
That's funny because the French government is accusing him of:
Presumably the compliance declaration is subject to prosecution for perjury or similar charges if they can twist the legal requirements after your registration.
The second item implies that you're not allowed to provide others even with something as innocuous as authentication and integrity protection software/services without first registering your intent to do so!!
In the context of the cryptowars of the 90s, and in the context of web browsers, all of this is just pure nonsense.
Where are the prosecutions of Mozilla, Google, and Apple (and Brave, and Opera, and...) for distributing browsers which all provide confidentiality services? Or did they all get approval from the French government?
- Fourniture de prestations de cryptologie
visant à assurer des fonctions de
confidentialité sans déclaration conforme,
Providing cryptography services with
an eye to ensure confidentiality
features without a compliance
declaration. (Translation mine.)
- Fourniture d'un moyen de cryptologie
n'assurant pas exclusivement des
fonctions d'authentification ou de
contrôle d'intégrité sans déclaration
préalable,
Providing a cryptographic method
non-exclusively ensuring authentication
and integrity features w/o prior
declaration. (Translation mine.)
- Importation d'un moyen de cryptologie
n'assurant pas exclusivement des
fonctions d'authentification ou de
contrôle d'intégrité sans déclaration
préalable.
Same, but regarding import controls.
The first item implies that you're not allowed to provide others with software/services that provides confidentiality protection without registration -- without a statement that you comply with legal requirements!Presumably the compliance declaration is subject to prosecution for perjury or similar charges if they can twist the legal requirements after your registration.
The second item implies that you're not allowed to provide others even with something as innocuous as authentication and integrity protection software/services without first registering your intent to do so!!
In the context of the cryptowars of the 90s, and in the context of web browsers, all of this is just pure nonsense.
Where are the prosecutions of Mozilla, Google, and Apple (and Brave, and Opera, and...) for distributing browsers which all provide confidentiality services? Or did they all get approval from the French government?
1. He got arrested, not prosecuted yet.
2. A big reason why he got arrested is because there was evidence of illegal activity happening, and authorities submitted request for information, and he refused. Companies like Meta will 100% comply with legal requests for information about illegal activity on their platform.
3. You cannot have a decentralized system that "gives the power to the people" if you still have central servers where information is stored or goes through.
2. A big reason why he got arrested is because there was evidence of illegal activity happening, and authorities submitted request for information, and he refused. Companies like Meta will 100% comply with legal requests for information about illegal activity on their platform.
3. You cannot have a decentralized system that "gives the power to the people" if you still have central servers where information is stored or goes through.
What in my reply were you specifically responding to? None of your reply seems relevant or responsive.
It's worth noting that the US still has such a law on the books as well apparently: https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
> Or did they all get approval from the French government?
Presumably, since it seems to largely be a formality at this point.
I'm also very disappointed to see it being used in this case, since otherwise nothing in these charges is about cryptography.
> Or did they all get approval from the French government?
Presumably, since it seems to largely be a formality at this point.
I'm also very disappointed to see it being used in this case, since otherwise nothing in these charges is about cryptography.
Export controls on crypto are one thing, and easily avoided by using open source (since there is an exemption for open source). But import controls are much more obnoxious and harder to deal with.
That’s my fustration with Telegram. When it comes to ui/ux is beats WhatsApp day and night. But the encryption by default is so so disappointing
Why are these popping out now?
https://news.ycombinator.com/item?id=41350530
https://news.ycombinator.com/item?id=41350530
Telegram's founder/CEO got arrested in France yesterday.
When it comes down to it, practical encryption no longer exists.
Every operating system now phones home and uploads copious event logs. Many users install custom "swipe" keyboards, ad blockers, toolbars, and even bios chips are now programmable.
There are just so many vectors and exfiltration paths, plus it's not enough for you to secure them all. The person you are talking to must also.
Often encrypted messaging gives a false sense of security. Messages can still be intercepted on either end, and an automatic app update is sufficient to silently disable the encryption without the user knowing.
edit: Since it seems that some are considering this baseless fear-mongering, here's just one recent example:
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zer...
https://en.wikipedia.org/wiki/Pegasus_(spyware)
Every operating system now phones home and uploads copious event logs. Many users install custom "swipe" keyboards, ad blockers, toolbars, and even bios chips are now programmable.
There are just so many vectors and exfiltration paths, plus it's not enough for you to secure them all. The person you are talking to must also.
Often encrypted messaging gives a false sense of security. Messages can still be intercepted on either end, and an automatic app update is sufficient to silently disable the encryption without the user knowing.
edit: Since it seems that some are considering this baseless fear-mongering, here's just one recent example:
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zer...
https://en.wikipedia.org/wiki/Pegasus_(spyware)
What is my Linux OS supposed to phone home to? Linus torvalds build machine?
You mean you didn't install the Yahoo! translation extension to your kernel?
Whoever forced it to use binary only blobs, like those employed by every wireless network card, can instruct it to exfiltrate users data to be sent anywhere, be it the manufacturers' or whichever entity they're controlled by. Closed chipsets not using blobs aren't immune either as malicious firmware can be implemented in iron only.
Sadly, we can't completely trust any system without total software and hardware openness, at least in all subsystems that deal with sensitive data.
Now you are talking about hardware firmwares. That has nothing to do with an operating system because it is below the level on operating system.
Operating systems need hardware to run; hardware needs drivers; many drivers are closed; backdoors are easier to conceal in code that is closed and unavailable for auditing.
That is not something everyone could do, but that doesn't mean nobody could do that if given enough motivation and resources.
If you buy a system that requires closed source drivers then that's your own choice. Nowadays far and away most consumer hardware will work without any closed source drivers. Except of course the big N.
I mean if that's your threat vector you cannot trust anything nor anyone ever about anything at all.
The dude you just shook hand with might have had a glove and stole your finger prints. The post employee you just gave your check to mail might be a impostor. The guy you're about to meet from craigslist might steal your iPhone and cut your thumb to access your entire digital life.
Ah but no, you're an average Joe and nobody gives a flying fuck about any of these.
Even if the software is totally open-source: unless you also made the hardware: it doesn't matter, unless you compiled all of it (and at that point probably wrote the compiler yourself as well as the os you're using) and installed yourself: it doesn't matter, unless you actually went though every single line of code and checked for yourself that every thing is safe (which you cannot): it doesn't matter
The dude you just shook hand with might have had a glove and stole your finger prints. The post employee you just gave your check to mail might be a impostor. The guy you're about to meet from craigslist might steal your iPhone and cut your thumb to access your entire digital life.
Ah but no, you're an average Joe and nobody gives a flying fuck about any of these.
Even if the software is totally open-source: unless you also made the hardware: it doesn't matter, unless you compiled all of it (and at that point probably wrote the compiler yourself as well as the os you're using) and installed yourself: it doesn't matter, unless you actually went though every single line of code and checked for yourself that every thing is safe (which you cannot): it doesn't matter
My point has nothing to do with absurd conspiracies, but that technically, I repeat :technically, given enough motivation and resources which probably only governments have, there are ways to defeat encryption by planting backdoors into closed firmware so that data is being read before it even reaches the encryption layer. It's very hard to do, but it's 100% possible. You think the USB driver managing your keyboard doesn't have access to all text you write, including passwords? Well, have it talk using a covert channel with the blob running into your network card and all your text is magically sent elsewhere. Again: hard, still possible.
Nowadays NICs only have access to encrypted packets, so such a backdoor would have to be in the CPU. I'm not saying such a thing doesn't exist, but I think it's pretty clear its use would have to be very targeted for nobody to have noticed so far (unless there's a grand conspiracy between all computers to hide clandestine Ethernet traffic).
That is covered by the word "practical" in their comment. No regular (as in, not technically educated or minded) person can even begin to use Linux on their devices. Heck most are almost exclusively using iOS or Android.
Really? Linux usage has been climbing quickly the last few years. We have a mainstream gaming machine by one of the largest gaming companies using arch linux. I really don't buy this argument anymore at this point.
What percentage of Telegram users access it exclusively via Linux?
This is what you said, among others:
> Every operating system now phones home and uploads copious event logs.
There is nothing about telegram in there.
> Every operating system now phones home and uploads copious event logs.
There is nothing about telegram in there.
Linux distros are much better but they can still phone home. Here's one example: https://help.ubuntu.com/community/UbuntuPopularityContest
For awhile Canonical had a deal with Amazon that was highly questionable. https://www.gnu.org/philosophy/ubuntu-spyware.en.html
The most dangerous however is the auto-updates. Even if the software is safe today, how do you know what tomorrow's auto-update will bring?
For awhile Canonical had a deal with Amazon that was highly questionable. https://www.gnu.org/philosophy/ubuntu-spyware.en.html
The most dangerous however is the auto-updates. Even if the software is safe today, how do you know what tomorrow's auto-update will bring?
ahem, Richard Stallman slash Linus Torvalds' build machine
but in seriousness, it doesn't need to be the OS itself of course, just any software that runs on the OS
but in seriousness, it doesn't need to be the OS itself of course, just any software that runs on the OS
these are all reasons to be more cognizant about it. Try to use lineage or grapheneOS, minimize software installs on important computers. Have multiple more segregated and specialized computers running. Whitelist only networking, network overlays.
Wrong title.
Not Encrypted (x)
Not "Fully" Encrypted (o)
Not Encrypted (x)
Not "Fully" Encrypted (o)
Yeah I kinda wonder why they don't end to end encrypt telegram, this would take them out of a lot of hot water with the authorities. Because the situation would be the same as with Signal and WhatsApp: What they can't see they can't moderate.
Of course telegram is actually encrypted, but just not end to end. Except the secret chat function which is very limited (only works between 2 participants, only between 2 devices and everyone needs to be online at the same time for the key exchange to work).
Of course telegram is actually encrypted, but just not end to end. Except the secret chat function which is very limited (only works between 2 participants, only between 2 devices and everyone needs to be online at the same time for the key exchange to work).
E2ee would break the convenience of instantly searching across 100s of conversations with potentially millions of messages, something I and millions of other users take advantage of everyday.
Not necessarily. There are techniques to search encrypted data on a server without having said server know what it's actually searching for: https://people.eecs.berkeley.edu/~dawnsong/papers/se.pdf
You could also maintain an index locally.
You could also maintain an index locally.
Yes there are PoC techniques out there. How do they stand up in practical circumstances though? Who's using any of these techniques at scale and what's the UX like? Something that's very nice about TG search is that it stems the terms, so if for example I search for "deleted", I also get results containing "deletes" and "delete". There is also search by username and by date. How would those be affected?
Why would I want to maintain a local index? How much of my compute and storage will it take? How well will it work across all my devices and clients (I have 3 clients just on my phone)? I personally am a part of over 700 conversions, some having millions of messages, and many of which I rarely interact with, but when I do, I know I have easy, instant access. It sounds highly inconvenient that I should have to constantly maintain any of that for the few times I may want to dive in to check on something and get out again. Might as well those conversations never existed in the first place.
And of course these considerations aren't just for me, but the nearly 1 billion users of the platform.
Why would I want to maintain a local index? How much of my compute and storage will it take? How well will it work across all my devices and clients (I have 3 clients just on my phone)? I personally am a part of over 700 conversions, some having millions of messages, and many of which I rarely interact with, but when I do, I know I have easy, instant access. It sounds highly inconvenient that I should have to constantly maintain any of that for the few times I may want to dive in to check on something and get out again. Might as well those conversations never existed in the first place.
And of course these considerations aren't just for me, but the nearly 1 billion users of the platform.
I wonder if developers of Tor or Matrix, which are far more popular among shady dealers as a percentage of regular users, were arrested. A storm would follow. In Durov's case - crickets. No EFF for you.
Those are _actually_ e2e encrypted, so cannot moderate. Which is a much better defence than "well, we vaguely imply that our thing is e2e encrypted, but it's not, but also we don't moderate anyway".
If those developers offer a platform while simultaneously not sufficiently moderating activities, then probably.
Sure they offer a platform. And they moderate nothing.
I have no idea if it is encrypted or not. Always thought it is. But I think of offering a commercial service of something my buddy is currently offering for free on a smaller scale. And there have been police inquiries.
I am US based and have a US passport. I wonder if I would have to respond to police inquiries. When is this enough, and when would I need a court order? And do I have to respond to foreign police inquiries. Demand a court order? And accept one from France, what is next? Russia? China? North Korea?
I think in the end it was his French Passport that killed him. Now there are not so many options for him:
He can help with providing a kind of key, backdoor whatever and can walk or gets a small sentence. I thought Telegram is encrypted and if done, in the right way, he could not provide help at all, but this seems not the case. The other option is that he asks for help from Russia. I am sure Putin could get him out in 1-2 years. Trust me, Putin has his ways with this, see Vadim Krasikov. :-)
Let's hope he plays his cards wisely. Good luck.
I am US based and have a US passport. I wonder if I would have to respond to police inquiries. When is this enough, and when would I need a court order? And do I have to respond to foreign police inquiries. Demand a court order? And accept one from France, what is next? Russia? China? North Korea?
I think in the end it was his French Passport that killed him. Now there are not so many options for him:
He can help with providing a kind of key, backdoor whatever and can walk or gets a small sentence. I thought Telegram is encrypted and if done, in the right way, he could not provide help at all, but this seems not the case. The other option is that he asks for help from Russia. I am sure Putin could get him out in 1-2 years. Trust me, Putin has his ways with this, see Vadim Krasikov. :-)
Let's hope he plays his cards wisely. Good luck.
[deleted]
Motorola radios marketed at law enforcement have flawed AES encryption and can be decrypted in near real time. You are delusional if you think your consumer phone or any app on it is more secure than that.
I can't think of a cryptography engineer who, given the option of betting on the academic/tech-industry cryptography savvy of RWC attendees, or the government market product engineers at Motorola, wouldn't put all their money on RWC, and then take out a loan to find more money to put down the same way. "If law enforcement can't get cryptography right there's no way independent software teams can" is completely backwards.
And if there's one thing the cryptocurrency brand of cryptographers can do, it's come up with new ways to take out loans!
I'm not sure what your point with the Motorola radio is. It's well known b2b solutions are often totally broken crap. Even more so then consumer solutions.
Can you prove it? That's a big claim (not the radio, the fact that you can read any e2e message instantly)
I think my messages sent over e2e encrypted chat with expiring session keys (like Signal) is more secure than broadcasting on radios with known weaknesses. Can you explain briefly why I'm wrong/"delusional"?
Sure, Signal encryption is better implemented than Motorola's. That means nothing when your device can be cracked with something like Pegasus without any interaction form you.
Protection against 0-click commercial exploit chains like Pegasus, that cost thousands to maintain, can not be done with just switching to another messenger app.
If that is part of your threat model IMO better to have good OpSec understanding and continuous training in compartmentalization. Ideally travel guidelines and dedicated devices.
Most journalists/activists don't even have that (sadly). So the argument to just use better Technology is a dud because no amount of tech can solve them from themselves.
(poorly) Paraphrasing Grugq:
> Good OpSec will get you through a time of compromised encryption better than good encryption gets you through a time of poor OpSec.
Software based encryption (not using HW backed) appeals if the threat-model needs to protect against the case where you think (or know) the hw might be broken e.g. in your given example AES. That claim might be true especially when you're trying to build a solid solution without control of the hardware or the underlying OS (like e2e mobile messengers trying). That would be a good reason to ditch HW based encryption.
But unless you fully trust the OS or the hardware, or your own ability to compartmentalize (which IMHO you should not), why put trust in an app running on top of all this compromised garbage :D
If that is part of your threat model IMO better to have good OpSec understanding and continuous training in compartmentalization. Ideally travel guidelines and dedicated devices.
Most journalists/activists don't even have that (sadly). So the argument to just use better Technology is a dud because no amount of tech can solve them from themselves.
(poorly) Paraphrasing Grugq:
> Good OpSec will get you through a time of compromised encryption better than good encryption gets you through a time of poor OpSec.
Software based encryption (not using HW backed) appeals if the threat-model needs to protect against the case where you think (or know) the hw might be broken e.g. in your given example AES. That claim might be true especially when you're trying to build a solid solution without control of the hardware or the underlying OS (like e2e mobile messengers trying). That would be a good reason to ditch HW based encryption.
But unless you fully trust the OS or the hardware, or your own ability to compartmentalize (which IMHO you should not), why put trust in an app running on top of all this compromised garbage :D
Could you elaborate on your claim that there's flaws in Motorola's AES encryption?
I'd assuming they're talking about TETRA, presumably one of the export versions (I don't think TEA2 (only available to European public safety orgs) is known to be broken at this point, though its age and obscure nature wouldn't give you much confidence).
There's a good talk on it here: https://media.ccc.de/v/37c3-11761-all_cops_are_broadcasting
There's a good talk on it here: https://media.ccc.de/v/37c3-11761-all_cops_are_broadcasting
Their implementation added one more round of encryption for unknown reasons, which turns out weakened AES enough to break it with a GPU cluster. Google looks to be well scrubbed of the story but it featured on HN a while back.
... I mean virtually any modern encryption is going to be more secure than TETRA. TETRA is from 1995, and the non-European export version wasn't even supposed to be secure _in 1995_.
It's delusional to think a modern technology is more secure than an old Motorola radio used by local law enforcement?
I sort of assumed that a messaging app based in Russia should probably not be used unless you were okay with Russia reading your messages, which is currently considered an enemy state in most western countries. It totally shocks me that so many pro Ukrainian influencers use Telegram.
I feel that this is a pretty good summary of what's going on: https://youtu.be/39rBzRd4M0k and explains how the encryption works etc.
I feel that this is a pretty good summary of what's going on: https://youtu.be/39rBzRd4M0k and explains how the encryption works etc.
Telegram is not based in Russia.
To be fair it's not really based anywhere. The legal headquarters are in the Virgin Islands and the ops HQ is now in Dubai.
Saying telegram is based in Russia is like saying the pirate bay is based in Sweden. Used to be true, but not so much anymore.
Regardless, I think it's totally reasonable to be concerned about having shared symmetric cryptography keys stored on servers in Russia while claiming your app is 'secure'/end to end encrypted (not sure if they're claiming the latter anymore or if that was even official claims to begin with vs internet BS), and is especially relevant for Ukranians or Russians politically opposed to Putin.
Saying telegram is based in Russia is like saying the pirate bay is based in Sweden. Used to be true, but not so much anymore.
Regardless, I think it's totally reasonable to be concerned about having shared symmetric cryptography keys stored on servers in Russia while claiming your app is 'secure'/end to end encrypted (not sure if they're claiming the latter anymore or if that was even official claims to begin with vs internet BS), and is especially relevant for Ukranians or Russians politically opposed to Putin.
Don't use non-secure chats for your communication, then. Telegram is not just a chat app, it's also used somewhat like Facebook. Are you concerned that Facebook can see posts and comments? Facebook can also see your chats, there is no option to E2E encrypt them, unlike Telegram.
Meta added end-to-end encryption to Messenger some time ago. [0]
[0] https://www.facebook.com/help/messenger-app/1084673321594605
[0] https://www.facebook.com/help/messenger-app/1084673321594605
"Tribunal Judiciaire de Paris", the court, has published the charges: https://www.tribunal-de-paris.justice.fr/sites/default/files.... It's a two-pager primary source. Maybe check that before the video.
> I feel that this is a pretty good summary of what's going on: https://youtu.be/39rBzRd4M0k and explains how the encryption works etc.
What makes you feel that? Never seen that channel before, and the self-description of "High-intensity code tutorials and tech news to help you ship your app faster" doesn't really inspire much confidence when it comes to talking about more nuanced topics.
For example, Telegram isn't based in Russia, and I don't think it ever was. So if that's one of the takeaways from that video, it seems pretty misinformed even about the basics.
What makes you feel that? Never seen that channel before, and the self-description of "High-intensity code tutorials and tech news to help you ship your app faster" doesn't really inspire much confidence when it comes to talking about more nuanced topics.
For example, Telegram isn't based in Russia, and I don't think it ever was. So if that's one of the takeaways from that video, it seems pretty misinformed even about the basics.
If I were a pro-Ukraninian influencer, I'd want Russia to be reading a bunch of my messages. Probably not my private ones, but using the enemy's platform to distribute propaganda is a veritable goldmine.
Not that it’s a whole lot better than Russia, but I’m pretty sure it’s based in Dubai.
And what would be better? France?
This is a good instinct. Even if you're using a good E2EE messaging app like Signal, you still trust them not to mitm unless you check the other person's public key out-of-band. I suspect most people don't do that.
Also, there are issues with Telegram's E2EE mode, besides it being disabled by default. More than enough reason not to use it.
Also, there are issues with Telegram's E2EE mode, besides it being disabled by default. More than enough reason not to use it.
Well, if you're communicating with someone on Signal and they indeed receive your messages, you're safe to assume they are the public key holder. The critical part is the secret key management. In other words, are they _the only_ ones who hold the secret key?
No, your client asks Signal's server for the other end's public key. There's fundamentally no way for Signal's server to prove to your client that the pubkey you're encrypting for is indeed the one owned by the phone number you keyed in.
To clarify, there's no way for any software to do that. You need to somehow validate the keys' ownership out of band.
It offers a fingerprint you're supposed to validate over sneakernet but people are lazy
and Google Play offers the possibility to distribute an update only to specific e-mail addresses, so if there is a need to compromise users with a malicious update that shows another fingerprint it's really doable (or just copy the messages, like Skype was doing with TOM-Skype).
No, that someone would also be able to indeed receive your messages if there is an attacker in the middle who gave you his public key and is then forwarding the message using a channel established with the true recipient's public key.
Message secrecy does rely on being able to authenticate the recipient's public key.
Message secrecy does rely on being able to authenticate the recipient's public key.
i suspect this particular security hole in the signal protocol is the single reason why whatsapp hasn't been banned yet.
They can eavedrop by simply adding a device to a conversation and nobody will notice. Your device will gladly send them decryption keys and provide them with a copy of the message nicely.
They can eavedrop by simply adding a device to a conversation and nobody will notice. Your device will gladly send them decryption keys and provide them with a copy of the message nicely.
I'm not sure if they can add a participant to an existing conversation, and if they did, your client would at least know. Also don't remember if the client will send message history, but I think Signal doesn't.
The simple bad scenario I have in mind is when you're initiating a new chat and the mitm it from the start. Or they could do it halfway through, which would notify you that the other end's key changed, but that message is non-threatening enough and happens enough for random other reasons that most people would probably ignore it.
The simple bad scenario I have in mind is when you're initiating a new chat and the mitm it from the start. Or they could do it halfway through, which would notify you that the other end's key changed, but that message is non-threatening enough and happens enough for random other reasons that most people would probably ignore it.
not a participant. Whatsapp is multi device ( a single user can have multiple devices, such as a web client, an iphone and a mac app). They can simply register another device as belonging to one of the participant, and everything should be forwarded to them, invisibly.
Multi-device mode is new enough that I might be wrong about this, but afaik the web client still needs to get the priv key from your phone, so they can't authorize a new client unilaterally. Or it'd be a really silly hole if they could.
Edit: Meant to say, the web client needs to somehow be authorized by the phone, not that it takes the privkey exactly. Probably gets a new key that the phone stores, so the phone is still the "master" device. I wouldn't expect the phone client to happily send the chat history to a new device it didn't authorize locally.
Edit: Meant to say, the web client needs to somehow be authorized by the phone, not that it takes the privkey exactly. Probably gets a new key that the phone stores, so the phone is still the "master" device. I wouldn't expect the phone client to happily send the chat history to a new device it didn't authorize locally.
Maybe the phone transfers a secret to the webclient, and that secret is then used by the other participant to certify it is indeed an "authorized" device, but i was under the impression that you had to rely on the server to correctly give you a list of correct devices for a given participant.
i'm happy to know more about that topic if you've got some documentation.
i'm happy to know more about that topic if you've got some documentation.
Someone else here probably knows more than me. I don't want to speculate too much about what it actually does, I just know that the original device takes part in authorizing a new one, so it seems like they can't do it on their own.
i guess it depends if the authorization process reaches the other participants in some way or another ( such as a key derivation mechanism that can be verified by everyone) or if it's just a security feature to strengthen the login process.
Maybe it's similar to adding a new chat participant, except your client says "btw this is also me." I used that way when designing a toy e2ee app a while back. Or maybe there is a central repo of each user's per-device pub keys, and your client signs its updates to it using the original pub key so it's tamper-evident.
Maybe there's some key derivation mechanism so the new pubkey is self-evidently owned by the first one, never heard of one though.
Maybe there's some key derivation mechanism so the new pubkey is self-evidently owned by the first one, never heard of one though.
[deleted]
Separate from our other convo, I just found this spicy note in Telegram's manual: "Multi-device End-to-end encrypted chats are a mess[...] Most of our competitors (notably, Whatsapp and iMessage) solve these problems in ways that make their end-to-end encryption useless (this is a big topic, so requires a separate manual)." And links to a TODO page. Can't just say that and leave us hanging!
https://tsf.telegram.org/manuals/e2ee-simple
My own distrust for Telegram aside, I like how these pages seem to be written by an engineer and not a PR person.
https://tsf.telegram.org/manuals/e2ee-simple
My own distrust for Telegram aside, I like how these pages seem to be written by an engineer and not a PR person.
> It totally shocks me that so many pro Ukrainian influencers use Telegram.
They are using Telegram for PR, same as Twitter or Instagram. It doesn't matter if the posts get decrypted by Russia – they are anyways meant to be public.
They are using Telegram for PR, same as Twitter or Instagram. It doesn't matter if the posts get decrypted by Russia – they are anyways meant to be public.
[deleted]
> unless you were okay with Russia reading your messages
This is not an empty accusation, there's been several stories which could not be explained by anything else than FSB having access to Telegram. That said, however, it's only FSB. There hasn't been a single suspicious act like that on behalf of Russian police, so we can assume that this access is only used in exceptional cases. So, unless you believe that Russian intelligence is targeting you personally, you're safe.
This is not an empty accusation, there's been several stories which could not be explained by anything else than FSB having access to Telegram. That said, however, it's only FSB. There hasn't been a single suspicious act like that on behalf of Russian police, so we can assume that this access is only used in exceptional cases. So, unless you believe that Russian intelligence is targeting you personally, you're safe.
>there's been several stories which could not be explained by anything else than FSB having access to Telegram
If your device is compromised, all bets are off.
Example: FSB once leaked Navalny's emails. He used gmail. And no one suspects Google of conspiring with FSB.
If your device is compromised, all bets are off.
Example: FSB once leaked Navalny's emails. He used gmail. And no one suspects Google of conspiring with FSB.
> there's been several stories which could not be explained by anything else than FSB having access to Telegram
Could you share which "100% confirmed" stories this is about? Haven't really come across that before
Could you share which "100% confirmed" stories this is about? Haven't really come across that before
Telegram is not a Russian controlled app. Durov had to flee from Russia after the Crimea invasion because he refused to mass spy on dissidens. If anything he has a good track of not cooperating with Putin.
That's a nice cover story, but Telegram had operated for years from the same Singer House in Saint Petersburg where VK headquarters are situated.
Russian Direct Investment Fund had invested in Telegram. Nikolai Durov works at Russian Academy of Sciences.
As of 2024, Russia-the-state has no problems with either Pavel Durov or Telegram. That's suspicious to say the least.
As of 2024, Russia-the-state has no problems with either Pavel Durov or Telegram. That's suspicious to say the least.
> As of 2024, Russia-the-state has no problems with either Pavel Durov or Telegram
They only tried to ban it in 2018 and gave up in 2020 after failing to do so without cutting off access to other Internet services. The last time they blocked access to it was quite recently, on 21 August, after the Ukrainian incursion into Kursk oblast.
https://understandingwar.org/backgrounder/russian-offensive-...
They only tried to ban it in 2018 and gave up in 2020 after failing to do so without cutting off access to other Internet services. The last time they blocked access to it was quite recently, on 21 August, after the Ukrainian incursion into Kursk oblast.
https://understandingwar.org/backgrounder/russian-offensive-...
> from the same Singer House in Saint Petersburg where VK headquarters are situated.
And so? Durov happens to be the founder of VK...
And so? Durov happens to be the founder of VK...
Telegram was using Singer House office long after VK had been sold. He definitely didn't "flee Russia". Durov family and close-to-the-oligarchs-and/or-siloviki parts of the Russian elites had parted ways on good terms.
He's almost certainly better off getting arrested in France than he would have been getting arrested in Russia.
A small section of Russian students were floored, and responded that they thought Telegram was banned in the country at the time (circa 2017-2018). The state officials laughed and responded that it wasn't any concern because they could read everything in any chat they wanted.
I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
Maybe it was some dry joke, maybe those students were woefully misinformed, who knows. But it certainly broke any confidence I had in the security of any existing messaging app.
I personally use Signal, but that's mostly just because I have personal friends who use it and it's convenient to use on my PC.
Edit: Kinda funny, I only just logged into this site again, and some of my last previous comments were about the same thing.