I once visited Moscow for a AI coding jam sponsored by the Russian state, and while I was there, there was a Telegram group for all of the students to use to communicate during the jam. This Telegram channel was set up by the state officials.
A small section of Russian students were floored, and responded that they thought Telegram was banned in the country at the time (circa 2017-2018). The state officials laughed and responded that it wasn't any concern because they could read everything in any chat they wanted.
I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
Maybe it was some dry joke, maybe those students were woefully misinformed, who knows. But it certainly broke any confidence I had in the security of any existing messaging app.
I personally use Signal, but that's mostly just because I have personal friends who use it and it's convenient to use on my PC.
Edit: Kinda funny, I only just logged into this site again, and some of my last previous comments were about the same thing.
The fact that Telegram is home to thousands of military bloggers discussing the war in Ukraine without getting blocked is a clear signal that the platform is completely compromised and controlled by the Russian state. There is a 0% chance they would allow a free flow of information of this type.
> I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
The Russian state stopped blocking Telegram after the state investments in the platform, that tells you everything you need to know about its security and the deals they must have made with the Kremlin.
If something isn't blocked in Russia right now, it's because they have access to it.
>Telegram is mostly about big group chats and channels where people share information with their fans.
This is the gist of it. Telegram is mostly like an uncensored blog platform at this point. Probably the only platform to host official channels of Navalny, Zelenski, Dmitry Medvedev, Russian and Ukrainian milbloggers at the same time.
And for public channels, E2E is pointless - everyone can see it anyway.
And that's great. But Telegram promotes itself as a secure messenger. And that's a big lie.
If they would advertise themselves as a WeChat / Line for the West, nobody would question it.
It also doesn't mean "plain text". Telegram uses MTProto and the decryption keys are stored on multiple servers in multiple jurisdictions, something which Gizmodo doesn't even mention.
One of the links shared by the comment you're linking to points to a paper which concludes:
> We have presented the formalisation of the MTProto 2.0 protocol suite in the applied π-calculus, and its analysis using the protocol verifier ProVerif. This approach adopts the symbolic Dolev-Yao threat model: an active intruder can intercept, modify, forward, drop, replay or reflect any message. Within this model, we have provided a fully automated proof of the soundness of MTProto 2.0’s protocols for first authentication, normal chat, end-to-end encrypted chat, and rekeying mechanisms with respect to several security properties, including authentication, integrity, secrecy and perfect forward secrecy, also in the presence of malicious servers and clients. Moreover, we have discovered that the rekeying protocol is vulnerable to a theoretical unknown key-share (UKS) attack [ 5 ]: a malicious client B, with the help of another client E, can induce a client A to believe that she (still) shares a secret key with E, and instead A shares the key with B. The practical exploitability of this attack in actual implementations is still to be investigated. Our formalization covers also the behaviour of the users, when relevant; e.g., if the users do not check the fingerprints of their shared keys, a MitM attack is possible.
> the decryption keys are stored on multiple servers in multiple jurisdictions
Which is completely besides the point when the question is "should you trust Telegram", given that they are still entirely under Telegram's logical control.
The only circumstance under which this is a meaningful difference is when somebody other than Telegram (law enforcement with a warrant, law enforcement without a warrant, criminals etc.) walks into a data center and pulls those servers' hard disks.
What keeps an employee from impersonating a user by registering a new device and intercepting the confirmation code? The code must be somewhere in their systems for the time being, so at least one employee must be able to get it. Then they can see everything the user can see.
(Assuming the user has the default setting of no 2FA.)
There are probably more ways to get to the data.
Splitting keys in different jurisdictions seems like security theater.
What is it? Setting up a mood to make sure people feel that Durov / Telegram are bad? This is anything but even a try to objective journalism. Whoever the author is - fuck you.
Just a small note: even if Telegram would be encrypted end to end, most people use it with a mobile app, writing messages with the OS virtual keyboard, inserting images/video from the OS internal storage. How can anyone think an app could be private on a closed source, remotely managed, OS it run on it's definitively not?
How can anyone think a damn picture on an Android/iOS/* phone could be considered private? People have Google Photos/iCloud auto-backups and do care about "the privacy of a messaging app"?
Beside that I do consider this arrests much less meaningful than most current press, yes it's a debatable act, but so far Telegram works in France, there is no state-enforced block, in user base size terms it's hardly be considered a significant hostile political/social actor, and actually the government is doing MUCH bigger things against the République and Democracy at a whole than arresting the funder of a messaging services based in Dubai...
I mean, I assume people who are seriously concerned with privacy to a sufficient extent don't turn on those auto backups (though at least the Apple one _does_ have an e2e encryption option).
Telegram appears to be the last company selling SSL as "encryption" though. In 2024 that's akin to claiming that your car doesn't need oil every 500km, foodproduct has a reasonably predictable shelf life or tap water is safe for consumption.
An encrypted system can depend on a trusted third party. Sometimes that trust is mandatory, like, say, a XMPP system used in an industry where IM messages have to be archived for future possible access to a regulator. Such systems are much easier for the user to use securely.
Most end to end capable systems degrade to trusting the provider when the user fails to verify the identity of their correspondent using some ridiculously long number. In other words, the user has to take an assertive action to become fully end to end where only the end users are trusted. Just like with Telegram secret chats. You can't just claim that such systems are not encrypted. Things are more subtle.
The headline here ("Telegram Is Not Encrypted") is misleading...
The encryption is a red herring to distract from the truth: telegram is the only platform where views different from war profiteers can be expressed. You can't do it anywhere else: not on cnn, not bbc, not guardian, not bloomberg, ..., not fox news, not npr, not reddit, not medium, not in a french court that rubberstamps whatever overseas masters tell them.
Opposing Russia's belligerence and atrocities in Ukraine doesn't make you a war profiteer. Telegram footage from Russian channels has actually been key to understanding how obscenely common those outrages are.
> telegram is the only platform where views different from war profiteers can be expressed
That is a strong, wrong, statement
For one thing, although I have my quibbles about the standard of journalism at The Guardian, I do not think for a micro second they are beholden to "war profiteers".
If Telegram only wanted to be a "free-speech maximalist-like" platform, they could have simply skipped all of the misinformation around also being a "secure and encrypted" instant messenger.
The fact that they did all of that is precisely the reason why you'll find so many cryptographers and privacy advocates being very critical of it.
I never trusted Telegram; who are their founders, what is their corporate structure and management style, what are their values and vision? Nor do I trust any other centralized messaging app. P2P FTW. Cryptography is the only salvation.
That's funny because the French government is accusing him of:
- Fourniture de prestations de cryptologie
visant à assurer des fonctions de
confidentialité sans déclaration conforme,
Providing cryptography services with
an eye to ensure confidentiality
features without a compliance
declaration. (Translation mine.)
- Fourniture d'un moyen de cryptologie
n'assurant pas exclusivement des
fonctions d'authentification ou de
contrôle d'intégrité sans déclaration
préalable,
Providing a cryptographic method
non-exclusively ensuring authentication
and integrity features w/o prior
declaration. (Translation mine.)
- Importation d'un moyen de cryptologie
n'assurant pas exclusivement des
fonctions d'authentification ou de
contrôle d'intégrité sans déclaration
préalable.
Same, but regarding import controls.
The first item implies that you're not allowed to provide others with software/services that provides confidentiality protection without registration -- without a statement that you comply with legal requirements!
Presumably the compliance declaration is subject to prosecution for perjury or similar charges if they can twist the legal requirements after your registration.
The second item implies that you're not allowed to provide others even with something as innocuous as authentication and integrity protection software/services without first registering your intent to do so!!
In the context of the cryptowars of the 90s, and in the context of web browsers, all of this is just pure nonsense.
Where are the prosecutions of Mozilla, Google, and Apple (and Brave, and Opera, and...) for distributing browsers which all provide confidentiality services? Or did they all get approval from the French government?
2. A big reason why he got arrested is because there was evidence of illegal activity happening, and authorities submitted request for information, and he refused. Companies like Meta will 100% comply with legal requests for information about illegal activity on their platform.
3. You cannot have a decentralized system that "gives the power to the people" if you still have central servers where information is stored or goes through.
When it comes down to it, practical encryption no longer exists.
Every operating system now phones home and uploads copious event logs. Many users install custom "swipe" keyboards, ad blockers, toolbars, and even bios chips are now programmable.
There are just so many vectors and exfiltration paths, plus it's not enough for you to secure them all. The person you are talking to must also.
Often encrypted messaging gives a false sense of security. Messages can still be intercepted on either end, and an automatic app update is sufficient to silently disable the encryption without the user knowing.
edit: Since it seems that some are considering this baseless fear-mongering, here's just one recent example:
Yeah I kinda wonder why they don't end to end encrypt telegram, this would take them out of a lot of hot water with the authorities. Because the situation would be the same as with Signal and WhatsApp: What they can't see they can't moderate.
Of course telegram is actually encrypted, but just not end to end. Except the secret chat function which is very limited (only works between 2 participants, only between 2 devices and everyone needs to be online at the same time for the key exchange to work).
E2ee would break the convenience of instantly searching across 100s of conversations with potentially millions of messages, something I and millions of other users take advantage of everyday.
I wonder if developers of Tor or Matrix, which are far more popular among shady dealers as a percentage of regular users, were arrested. A storm would follow. In Durov's case - crickets. No EFF for you.
I have no idea if it is encrypted or not. Always thought it is. But I think of offering a commercial service of something my buddy is currently offering for free on a smaller scale. And there have been police inquiries.
I am US based and have a US passport. I wonder if I would have to respond to police inquiries. When is this enough, and when would I need a court order? And do I have to respond to foreign police inquiries. Demand a court order? And accept one from France, what is next? Russia? China? North Korea?
I think in the end it was his French Passport that killed him. Now there are not so many options for him:
He can help with providing a kind of key, backdoor whatever and can walk or gets a small sentence. I thought Telegram is encrypted and if done, in the right way, he could not provide help at all, but this seems not the case. The other option is that he asks for help from Russia. I am sure Putin could get him out in 1-2 years. Trust me, Putin has his ways with this, see Vadim Krasikov. :-)
[+] [-] nostalgk|1 year ago|reply
A small section of Russian students were floored, and responded that they thought Telegram was banned in the country at the time (circa 2017-2018). The state officials laughed and responded that it wasn't any concern because they could read everything in any chat they wanted.
I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
Maybe it was some dry joke, maybe those students were woefully misinformed, who knows. But it certainly broke any confidence I had in the security of any existing messaging app.
I personally use Signal, but that's mostly just because I have personal friends who use it and it's convenient to use on my PC.
Edit: Kinda funny, I only just logged into this site again, and some of my last previous comments were about the same thing.
[+] [-] Zamicol|1 year ago|reply
Telegram (like everyone else) has a great, responsive web client.
What's even more frustrating is that Signals desktop app is just an electron app, meaning it's generally designed for the browser.
[+] [-] roninorder|1 year ago|reply
[+] [-] realusername|1 year ago|reply
The Russian state stopped blocking Telegram after the state investments in the platform, that tells you everything you need to know about its security and the deals they must have made with the Kremlin.
If something isn't blocked in Russia right now, it's because they have access to it.
[+] [-] honestjohn|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] kgeist|1 year ago|reply
This is the gist of it. Telegram is mostly like an uncensored blog platform at this point. Probably the only platform to host official channels of Navalny, Zelenski, Dmitry Medvedev, Russian and Ukrainian milbloggers at the same time.
And for public channels, E2E is pointless - everyone can see it anyway.
[+] [-] attendant3446|1 year ago|reply
[+] [-] sixfiveotwo|1 year ago|reply
Shouldn't it at least provide some guarantee that what you receive is what was sent?
[+] [-] tomohawk|1 year ago|reply
[deleted]
[+] [-] sunaookami|1 year ago|reply
See also this excellent comment by another HN user: https://news.ycombinator.com/item?id=41348228
[+] [-] DyslexicAtheist|1 year ago|reply
One of the links shared by the comment you're linking to points to a paper which concludes:
> We have presented the formalisation of the MTProto 2.0 protocol suite in the applied π-calculus, and its analysis using the protocol verifier ProVerif. This approach adopts the symbolic Dolev-Yao threat model: an active intruder can intercept, modify, forward, drop, replay or reflect any message. Within this model, we have provided a fully automated proof of the soundness of MTProto 2.0’s protocols for first authentication, normal chat, end-to-end encrypted chat, and rekeying mechanisms with respect to several security properties, including authentication, integrity, secrecy and perfect forward secrecy, also in the presence of malicious servers and clients. Moreover, we have discovered that the rekeying protocol is vulnerable to a theoretical unknown key-share (UKS) attack [ 5 ]: a malicious client B, with the help of another client E, can induce a client A to believe that she (still) shares a secret key with E, and instead A shares the key with B. The practical exploitability of this attack in actual implementations is still to be investigated. Our formalization covers also the behaviour of the users, when relevant; e.g., if the users do not check the fingerprints of their shared keys, a MitM attack is possible.
[+] [-] lxgr|1 year ago|reply
Which is completely besides the point when the question is "should you trust Telegram", given that they are still entirely under Telegram's logical control.
The only circumstance under which this is a meaningful difference is when somebody other than Telegram (law enforcement with a warrant, law enforcement without a warrant, criminals etc.) walks into a data center and pulls those servers' hard disks.
[+] [-] mr_mitm|1 year ago|reply
(Assuming the user has the default setting of no 2FA.)
There are probably more ways to get to the data.
Splitting keys in different jurisdictions seems like security theater.
[+] [-] zitterbewegung|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] cactusplant7374|1 year ago|reply
They claim it only covers transport and not data at rest.
[+] [-] FpUser|1 year ago|reply
>"possible vector for child sex abuse material"
>"hub for various scams and crimes—but"
What is it? Setting up a mood to make sure people feel that Durov / Telegram are bad? This is anything but even a try to objective journalism. Whoever the author is - fuck you.
[+] [-] cholantesh|1 year ago|reply
[+] [-] kome|1 year ago|reply
[+] [-] kkfx|1 year ago|reply
How can anyone think a damn picture on an Android/iOS/* phone could be considered private? People have Google Photos/iCloud auto-backups and do care about "the privacy of a messaging app"?
Beside that I do consider this arrests much less meaningful than most current press, yes it's a debatable act, but so far Telegram works in France, there is no state-enforced block, in user base size terms it's hardly be considered a significant hostile political/social actor, and actually the government is doing MUCH bigger things against the République and Democracy at a whole than arresting the funder of a messaging services based in Dubai...
[+] [-] rsynnott|1 year ago|reply
[+] [-] janmo|1 year ago|reply
But the traffic between you and the Telegram server is always encrypted and the "end-to-end encryption" can be enabled.
[+] [-] brnt|1 year ago|reply
It's all great, also arguments a generation old.
Maybe I should add 'literate' on my resume too...
[+] [-] vel0city|1 year ago|reply
[+] [-] lxgr|1 year ago|reply
[+] [-] twelve40|1 year ago|reply
[+] [-] upofadown|1 year ago|reply
Most end to end capable systems degrade to trusting the provider when the user fails to verify the identity of their correspondent using some ridiculously long number. In other words, the user has to take an assertive action to become fully end to end where only the end users are trusted. Just like with Telegram secret chats. You can't just claim that such systems are not encrypted. Things are more subtle.
The headline here ("Telegram Is Not Encrypted") is misleading...
[+] [-] lxgr|1 year ago|reply
To an audience of laypersons, it's definitely much more accurate than saying "Telegram is encrypted".
Maybe a better way of phrasing it would be "Telegram can read your messages if they choose to, or if anybody is able to force them".
[+] [-] d0mine|1 year ago|reply
[+] [-] squidbeak|1 year ago|reply
[+] [-] worik|1 year ago|reply
That is a strong, wrong, statement
For one thing, although I have my quibbles about the standard of journalism at The Guardian, I do not think for a micro second they are beholden to "war profiteers".
[+] [-] lxgr|1 year ago|reply
The fact that they did all of that is precisely the reason why you'll find so many cryptographers and privacy advocates being very critical of it.
[+] [-] qsdf38100|1 year ago|reply
[+] [-] mrkramer|1 year ago|reply
[+] [-] cryptonector|1 year ago|reply
Presumably the compliance declaration is subject to prosecution for perjury or similar charges if they can twist the legal requirements after your registration.
The second item implies that you're not allowed to provide others even with something as innocuous as authentication and integrity protection software/services without first registering your intent to do so!!
In the context of the cryptowars of the 90s, and in the context of web browsers, all of this is just pure nonsense.
Where are the prosecutions of Mozilla, Google, and Apple (and Brave, and Opera, and...) for distributing browsers which all provide confidentiality services? Or did they all get approval from the French government?
[+] [-] ActorNightly|1 year ago|reply
2. A big reason why he got arrested is because there was evidence of illegal activity happening, and authorities submitted request for information, and he refused. Companies like Meta will 100% comply with legal requests for information about illegal activity on their platform.
3. You cannot have a decentralized system that "gives the power to the people" if you still have central servers where information is stored or goes through.
[+] [-] lxgr|1 year ago|reply
> Or did they all get approval from the French government?
Presumably, since it seems to largely be a formality at this point.
I'm also very disappointed to see it being used in this case, since otherwise nothing in these charges is about cryptography.
[+] [-] saos|1 year ago|reply
[+] [-] steideler|1 year ago|reply
https://news.ycombinator.com/item?id=41350530
[+] [-] lxgr|1 year ago|reply
[+] [-] aeternum|1 year ago|reply
Every operating system now phones home and uploads copious event logs. Many users install custom "swipe" keyboards, ad blockers, toolbars, and even bios chips are now programmable.
There are just so many vectors and exfiltration paths, plus it's not enough for you to secure them all. The person you are talking to must also.
Often encrypted messaging gives a false sense of security. Messages can still be intercepted on either end, and an automatic app update is sufficient to silently disable the encryption without the user knowing.
edit: Since it seems that some are considering this baseless fear-mongering, here's just one recent example:
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zer...
https://en.wikipedia.org/wiki/Pegasus_(spyware)
[+] [-] _imnothere|1 year ago|reply
Not Encrypted (x)
Not "Fully" Encrypted (o)
[+] [-] wkat4242|1 year ago|reply
Of course telegram is actually encrypted, but just not end to end. Except the secret chat function which is very limited (only works between 2 participants, only between 2 devices and everyone needs to be online at the same time for the key exchange to work).
[+] [-] skeledrew|1 year ago|reply
[+] [-] EVa5I7bHFq9mnYK|1 year ago|reply
[+] [-] Beijinger|1 year ago|reply
I am US based and have a US passport. I wonder if I would have to respond to police inquiries. When is this enough, and when would I need a court order? And do I have to respond to foreign police inquiries. Demand a court order? And accept one from France, what is next? Russia? China? North Korea?
I think in the end it was his French Passport that killed him. Now there are not so many options for him:
He can help with providing a kind of key, backdoor whatever and can walk or gets a small sentence. I thought Telegram is encrypted and if done, in the right way, he could not provide help at all, but this seems not the case. The other option is that he asks for help from Russia. I am sure Putin could get him out in 1-2 years. Trust me, Putin has his ways with this, see Vadim Krasikov. :-)
Let's hope he plays his cards wisely. Good luck.
[+] [-] personomas|1 year ago|reply
[deleted]
[+] [-] stiltzkin|1 year ago|reply
[deleted]
[+] [-] unknown|1 year ago|reply
[deleted]