For the amount of haters telegram had when they launched for their purported security failures, it's funny that people are looking to block it instead of silently explore its flaws
> people are looking to block it instead of silently explore its flaws
This is not a good heuristic for determining if security failures are "purported."
In point of fact, Telegram is widely lampooned by every self-respecting professional cryptographer who has written about it. There's nothing "purported" about Telegram's security failures - they are empirically demonstrable, and have been exposed through multiple cryptanalytic reviews.[1][2]
Frankly, I don't think I've ever seen anyone defend Telegram here on HN who actually has professional crypto experience (whether academia or industry), or any other similar proxy for credibility in the field. The popular contention is that (poor, harmless) Telegram is plagued by a persistent astroturfing campaign perpetrated by the likes of Moxie Marlinspike and Thomas Ptacek in order to elevate Signal's status. That's:
1) not true, in my opinion (though to be fair at least one of those people is obviously biased); and
2) irrelevant, because we have the benefit of empirical rigor to instruct our opinions of secure messaging systems. We don't need to rely on infosec ideologues on HN or Twitter.
Telegram is very much like climate change. There is a widespread consensus among the informed (read: academic and professional cryptographers) that Telegram's security failures exist, and that these failures are empirically demonstrable. At the same time, there is a controversy led almost entirely by the uninformed (read: non-cryptographers) that denies Telegram's security failures and undermines attempts at demonstrating them through accusations of shilling or misdirection.
To put it very succinctly: there are no valid arguments that Telegram has an optimal security model from the perspective of cryptanalysis and cryptographic design best practices.
There is a difference between practical security and theoretical security.
Telegram has some well known theoretical security flaws - its been well documented as such.
But from a practical point its more secure than most of what it replaced - SMS and Facebook Messenger. I use telegram as a cross platform iMessage - if iMessage was cross platform there wouldnt be much room for for telegram - if WhatsApp had a desktop client, same deal - if Signal was more user friendly (it also launched without a desktop client) - same deal.
In short, Telegram is good enough for the purposes that people are using it for - once MProto has been breached - then I'll be concerned - but right not all the attacks are theoretical, and not practical.
Ok, valid argument: telegram servers DO receive and store plaintext version of every conversation done (except private chats), while, as a reference, whatsapp don't do this, applying end-to-end encryption by default.
So, basically, hack telegram servers -> you have all the convos. Bribe some employers, locate and grab their servers -> see above.
Also, how would you know they're not connected with some 3-letter agency already?
FWIW - I have no way of verifying this - Telegram says they try to work around this by (IIRC) :
- Using some kind of crypto with multiple keys
- These keys are located in multiple independent datacenters in independent jurisdictions
According to what I read this was supposed prevent leaking of user data just by bribing/coercing/etc or suing any Telegram employee or datacenter provider.
As I've mentioned before I don't use Telegram for security, I use it because
1. Facebook failed its Whatsapp acquisition so badly
2. It is way more user friendly
Also keep in mind that when I left WhatsApp for Telegram WhatsApp still didn't have e2e.
GSM is not secure and OTP via SMS is not secure - this is a vulnerability of many many systems, including banks and Bitcoin vendors. This has nothing to with Telegram's crypto.
If Telegram claims to be secure but relies on unsecure technologies that makes it easy to circumvent its security isn't that still Telegram's fault?
Just because others are also vulnerable to the same failings doesn't absolve Telegram of responsibility. Don't claim to be a secure platform if your security is easily circumvented.
To expand on this point, it is absolutely not the norm that even very serious vulnerabilities in web browsers, operating systems and very widely used libraries have published exploits.
There are qualified security research teams that develop targeted exploit implementations for exotic and very impactful vulnerabilities. They do not need (or want) to publish the exploits because a) that's a valuable product and intellectual property and b) turnkey weaponization reduces the half life of the vulnerabilities (and therefore income potential).
The people who publish exploit implementations generally do so because they have no interest in seeing the vulnerability flourish and because they would rather have industry fame than a short term payday. If you want to improve your credibility in the security industry, identifying high-impact security vulnerabilities (i.e. CVE worthy) is enough. If you want to earn money by dealing in vulnerabilities, you generally want to develop exploits for them (or give them away for relative pennies on the dollar).
This is a roundabout way of saying that the absence of easily available exploits does not mean that software is secure. On the contrary, it could be an extremely high value target. There are different incentives at play - on one hand, merely releasing details of a vulnerability is enough for recognition, while the most lucrative payments go to weaponized vulnerabilities.
If I were to, say, identify a series of two or three vulnerabilities that can be theoretically chained to achieve remote code execution on an iOS device, I could do one of two things with that. I could report it to Apple and receive up to $200k, per their recently developed disclosure program. I could also sell this for 2 - 5 times that much with a complete exploit. The first option is a great payday and comes with (effectively) never needing to interview again. The second option results in a much better payday (life-changing, perhaps) with essentially no recognition.
If you can consistently churn those out, the second option is probably better if you're optimizing for wealth. But realistically speaking neither party is exceptionally incentivized to publish an exploit that you could just find and download.
If someone had an exploit like that, there's money to be had by exploiting it in secret and/or selling it to people who do that. Why would they post it online for you for free?
Because they are a researcher that wants to show that rolling your own crypto is bad. In other words back up the orthodox opinion with a PROOF and not just groupthink.
Why would someone who has stood up to the Russian government multiple times, had a company taken away from him already for not being compliant and is now living in exile hand control of Telegram to that same government?
Telegram being secure or not is a separate question.
Secure messaging is hard, most people when producing secure messaging will produce poor secure messaging - it doesn't mean they've been compromised by a government.
Yes but Telegram continues to avoid fixing flaws that have been pointed out by cryptographers.
It's one thing to get some security wrong because its "hard." It's another to not fix those problems when people explain how and why you did something wrong.
"Probably the best-known test to see if someone was a witch was the swimming test
Basically, if you found someone you suspected of being an old crone, you’d drag them to a pond and chuck them in. If they sank, they’re were innocent (and probably dead) but if they floated they were guilty…and quickly executed."
Russia, of course, has a long history of disinformation and propaganda. But it seems to me like there isn't a trust problem with Telegram right now, so why is the Kremlin throwing this charade if current targets are already using Telegram and trust it? Surely it would be in their interest to lie low and (supposedly) collect data through a backdoor than risk having their bluff called and being forced to ban it?
I think that when it is ever a remote possibility, by hook or by crook, nation states prefer to get private firms to compromise themselves as opposed to subversively breaking into a service.
When private firms hand over data or introduce backdoors on behalf of their gov't, the gov't now has political cover and it's easy to make the bad guy the firm the bad guy.
"We just asked for the data, and they complied."
v.
"We came, We saw, We stole your data"
They could just use Matrix / Riot, since they are both fully open source and auditable on client and server.
Hell, I'd like the Russian gov't to start using Riot. Would definitely give them that security audit they need for trustability on their olm. Maybe you shouldn't trust a Russian state audit, but it just takes large users to motivate third parties to start auditing it.
You don't get it. They do not need secure messengers. They want mass surveillance. For secure communications within the government networks there exist other means.
No problem, they'll just ban all the other messengers. Line and KakaoTalk are already banned. There's nothing a dictatorship hates more than communications that cannot be eavesdropped on.
Ironically this website does not open from Russia (had to use a VPN to access it). Same agency's shills in Russian Duma (parliament) are planning another law banning VPN and Anonymizer services. Censorship is coming down hard, it seems...
Over 40 percent of Russians support the verification of internet users on social networks or other internet platforms, as proposed in a bill drafted by a well-known pro-Orthodox lawmaker.
I wonder if it's real or just propaganda? FWIW,
In May, Russian President Vladimir Putin signed the strategy for the development of the Russian information community between 2017 and 2030. This document states that in order to successfully develop the internet and the communications infrastructure as a whole, the country needs working mechanisms that would introduce a system of trust between users, and eliminate anonymity and the lack of responsibility that it causes.
Of course Russia Today is going to toe the Party line...
Most people here call this "Crazy Printer", as in a machine that produces copious amounts of insane legislation.
Usually people co-sponsoring this kind of legislation have ties to various corporations or government entities. Most of those things are fast-tracked without any kind of input from the populace.
The readme doesn't do it justice. It's actually very functional if I bothered to document how to use it, and I have a working GTK-based frontend that works well too.
tl;dr: Its network architecture is loosely based on the BitTorrent DHT. Each node forwards a message as closely as it can to the intended recipient, who upon receiving it issues an ack back to the network.
Yet to be done is providing some mechanism for "proving" your identity, integrating libsignal for encrypting messages, and much more.
I'm trying to get it to show HN-tier so that I can solicit help working on it.
Basic thing is that these messengers do not have persistent connections. They instead register with a notification service that then wakes up the relevant app when a new message comes in.
This is why the likes of MSN Messenger didn't survive the transition to mobile, because they were built around persistent connections.
There is a lot more. But Tox is hardly "homebrew crypto" from "4chan" hackers.
Though, even the issue you've linked show the thought that the tox team have been putting into their protocol. (A stolen private key is game over, as in most situations. KCI is hard, let's rework.)
Blockchain-based social media and messengers are already in the development phase. It will take a few more years, but I think some of them can become mainstream.
2. They collect all IPs and domains and ban them on provider level. There is a law which forces internet providers to sync the list of banned resources and prohibit access to them.
Basically they ban hundreds of thousands resources already.
Adding few thousands of nodes may take some time, but:
1. It is possible to do for sure within months
2. When you ban 20-30% of decentralized system it looses 20-30% of users which makes it not that attractive compared to allowed alternatives which are controlled by the government (like vk.com)
So, I'm guessing Telegram is going to circumvent it in the next release. It's too popular in Russia to simply leave it at that. Signal showed how to do it.
There is no such agency "Russian Federal Service". You have "Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications" which is too verbose to refer in the article.
I think a generic name such as "Russian Communications Watchdog" is better fit.
