There's been a lot of controversy over the Telegram encryption protocol. Any cryptographer that looks at it cringes, but Telegram has deep pockets and has done a decent job building hype.
Beyond doubts with the protocol itself, I think the more important consideration is that most people never use it. Telegram is not encrypted by default. Users have to create a special "secret chat" with contacts that is ephemeral, and some Telegram clients don't even support that mode. Last I checked, there was no way to have group "secret chats" in any client at all.
The result is a situation where many users seem to think that Telegram is somehow secure by default, when it definitely isn't. Telegram even stores plaintext copies of everyone's entire message history on the server for multi-device sync.
I think what Telegram is doing right now is dangerous, and potentially another Lavabit in the making. I'd like to see them incorporate a modern end to end encryption protocol, and enable it by default.
To be transparent, I work on TextSecure and am involved with the WhatsApp end-to-end encryption project.
The communication with the server is encrypted, if you use the official apps. If you use secret chat they are not stored as plain text on the servers and you can make them auto destroy. Also you can delete your chat history. But it is better than WhatsApp because it is not part of governmental control.
Totally bogus. TextSecure-enabled WhatsApp is end-to-end encrypted using a widely-respected cryptographic messaging scheme. Telegram isn't. The point of serious end-to-end encryption is that it doesn't matter who runs the servers.
TextSecure-enabled WhatsApp beats Telegram on a pure engineering level; we don't even need to reach politics to prefer it.
Whatsapp right now hides all of the encryption from the user, doesnt have a way to do key verification, so its trivial for the whatsapp server to do a Mitm on your conversations.
I know they are working on that and I fully expect whatsapp to be the best messenger out after they are finished.
But right now, by an objective measure, it would seem like telegram is more secure
I would be interested in finding out whether there's a cryptography engineer anywhere out there who would say "Telegram is more secure than WhatsApp+Textsecure is today".
The thing is however that any cryptosystem can be trivially compromised by making its PRNG predictable.
This cannot be caught by observing the network traffic and it is really hard to catch by reversing or tracing the binary. Especially if the compromise is not an outright srand(0), but an algorithmic weakness. Then, even if it is found, then it's virtually impossible to determine whether it was benign or deliberate. Now further consider the implications if an app uses a 3rd party PRNG such as those supplied by the operating system or the hardware or if it gets its PRNG seed data from an inherently untrusted sources (such as the OS).
I mean ... the source code being open is obviously irrelevant to the security of a pre-built binary and the adherence to the open specs is not much of an assurance either, because of the PRNG angle. In practical terms it really means that you have to have trust in a product vendor. Period. Because there is always a way for them to screw you over and to get away with it.
Weaknesses in random number generation are arguably easier to spot in instrumented binaries and dynamic analysis than they are with static analysis. Auditing an RNG from source involves enough mental modeling to trace random numbers and track the state of whatever generator provided them.
Telegram bashing aside, this is very wrong. It is always better to have the source code to inspect the entire package. Without the source code, there is no way to fully verify the security of a solution. For Telegram and WhatsApp, the clients and server code should be released if you want to make sure.
People can give you whatever source code they want. That doesn't meant it's the same as what's running in production. While this is tin-foil-hat paranoia, when it comes to encryption software in this post-snowden world it is definitely more reliable to reverse-engineer the binary & network traffic than to just believe the provided source-code to encryption in a popular social app. Or compile the app from source that has been verified by trusted people. Definitely not believing that a binary blob running on your hardware is the same as the provided source.
That said, it's also good to ask for source code so later on when reverse-engineering shows something different you've now caught the offending party in a lie; which is something good to have on record to refer to later on.
> Without the source code, there is no way to fully verify the security of a solution.
So you are telling me if you had the source code you would not be able to verify the code and also use the code to fully verify the expected behavior of the binary?
this is very wrong: No, it is quite correct. It is slightly more convenient to have the source code, But then again, it can be misleading, as you don't know if that source code is actually corresponding to the binary that is actually executing.
Open sourcing/Making available for inspection the source code of an application is not enough if the herd just uses the pre built binaries instead of compiling it themselves. Perhaps we can someday have free and open source software with reproducible builds[0]?
It is not all that. Lets say you are planning the next protests with your friends over WhatsApp using TextSecure. The security agencies cannot view your message content but they can view whom you are talking with with a warrant which will show you that you are a terrorist. Now try to explain why you encrypt your messages if you are not a terrotist. Oh, you are polititian with wife and texting secretly to this woman... Explain it to the public.
> Now try to explain why you encrypt your messages
Because the widely used chat app I happen to be using does that for all communications without any special direction from me. I didn't even know they were encrypted, it just happened!
Isn't that a pretty dangerous assertion in itself? It's a private company running private servers that you have no control over and no ability to tell whether or not an external entity has accessed your data.
Not in my case. Neither Turkey nor Bulgaria has control over Telegram. Howaver these countries have good relatoins with Microsoft, you know we buy Windows you give user information stuff. That may happened to me in the past or not I don't want to mentoin it here but I have 0 tolerance to companies somehow related with Microsft like Facebook, WhatsApp, Skype etc.
Both, really - there's not really anything the Government can do that a large enough company or collection of companies can't - but the point is that you have no proof that this company is not either wilfully collaborating with or being forced to collaborate with the Government.
So Turkey or Bulgaria will ask for data, Twlegram will give it, and these governments will say to shut up or we will fly to arrest you in whatever country you live and kick you into jail and we will get your money out of the banks, doesn't matter in what country it is. Seems possible like if you give a million dollar. Not impossible, as far as you give such money. But the countries I have mentioned are not that rich.
Also if you look at the forums about justice and advocates etc you can see that Microsoft provides user data but not Google or Facebook (except very big and obvious crimes). But Microsoft, oh it is like your best enemy. So my point is that you will hear it (except spying) if it is a legal request.
...where's the encryption on message histories? There is none. If the data is encrypted server-side, it's with keys that live on the servers. In other words, the encryption provides no value and the servers are "trusted." The point of end to end encryption is not to have to trust servers.
As stated in the FAQ normal chats are NOT end to end encrypted. Of course the server has to store the messages in plain text to make cloud sync work (without requiring a password).
Yes, to the/a guy who is developing a security application which works only with Android. But can you tell me how can you communicate over TextSecure when your friends are using iOS. Also how can you be so sure about your privacy when TextSecure is located/developed at the USA?http://en.m.wikipedia.org/wiki/Open_WhisperSystems
I'm assuming he's either a kid or struggling with mental illness (or both?). I used to assume that people with those posting habits were always trolls, but I've been wrong in the past and felt bad about it. :( If nothing else, assuming that they're people with problems and moving along works as a strategy for not feeding actual trolls.
I met and talked with Pavel last year in St. Petersburg at the VK office and I found him very curious, humble, and quiet. I enjoyed it a lot and I appreciate his sense of humor. In fact he showed me their conference room, which is decorated like a medieval torture chamber: http://tinyurl.com/nm7pqt2 We didn't get into the details but I appreciate that he didn't take the standard approach to plain old conference rooms.
You'd be hard-pressed to go around Valley and find a company that does not feature an incredibly inventive conference space. Even IBM's Almaden location has some.
Pavel seems to be a great person, building a gift to society & mankind. He puts the users/people before himself, stands behind their rights and believes in strong ideals such as freedom of speech and privacy. I don't think you can say the same about many other internet companies/services.
If you look at his previous company VK. It is by far a superior experience to Facebook, given how intuitive, fast and sleek it is. Images load 3 times as fast and has many features which FB does not have. I use daily to keep in touch with my friends in Belarus, Ukraine and Russian. I only wish more of my friends used it. He has an incredible eye for design and product.
When people refer to VK being a clone of Facebook. This is innovation. Did Facebook invent the idea of Social Networking? It must be extremely annoying to be constantly referred to as "Russia’s Mark Zuckerberg" and having VK being constantly compared to FB.
Here he has had a brilliant opportunity for a fresh start, freedom to create something better than before and I'm sure he will take advantage of it.
As Steve Jobs put it. "Getting fired from Apple was the best thing that could have ever happened to me. The heaviness of being successful was replaced by the lightness of being a beginner again, less sure about everything. It freed me to enter one of the most creative periods of my life."
Steve Jobs, 2005"
Everyone should look forward for what is to come with Telegram. There is some really great technological innovations going on. They've invented a new protocol(https://core.telegram.org/techfaq) and have a great API to utilise this technology(https://core.telegram.org/).
> When people refer to VK being a clone of Facebook
The 'clone' label comes mainly from the fact that the site was originally a copy of FB right down to the colour scheme. The two sites have diverged significantly since then, of course, but if you'd removed the logos and presented the two sites to someone in the first couple of years, they would have been hard pressed to pick them apart.
VK is also remarkably popular in Russia, etc, because of the massive amounts of copyrighted music and film material stored on the site that Durov steadfastly refused to remove. It helps with your popularity when one of those 'many features which FB does not have' is an unlimited stock of pirated content accessible for free....
VK was a total clone of FB UI of that time. And it still is in many ways, but the irony is that UI is so much better than what FB did afterwards, just night and day.
Pavel is widely seen by the Russian developer community as a sort of a douchebag who flaunts his wealth in ways that would seem crass to someone from Silicon Valley. Just look at the guy throwing paper planes made from money at a crowd of onlookers: http://youtu.be/2pxTpFqX6rI?t=25s
I view money planes as a joke. In any case, which is better, openly giving money away, or secretly colluding to keep employee wages down? Personally, I prefer his "crassness" to the crassness of the SV elite.
No one objected to his "openly giving money away"; it was that he made a public display of basically pissing it away, and watching the commoners scramble for it. And what starts with sophomore-level crassness the sort Durov made himself famous for tends to morph into the more genteel, but systematically more pernicious (that is to say: white-collar) crassness you're referring to, later on.
Unfortunately, to a great many people in the Valley, that kind of behavior wouldn't seem all that crass at all. Many would find it quite "cool", in fact.
Perhaps I am looking at the wrong part of the said developer community, but I haven't noticed that. In the mainstream news he was indeed painted as a nouveau riche, but then you have to wonder if that was (not) related to the hostile vKontakte takeover by the state.
Any other douche incidents aside from these money paper planes?
Do you have any other examples of him flaunting his wealth? The money planes was a dumb thing to do, but that's the only example I've ever heard anyone bring up.
Will Telegram finally have end-to-end encryption by default for all users, just like TextSecure, and now even Whatsapp? I fail to see how an app can claim to be "the most secure in the world", when 99 percent of its users don't even use end-to-end encryption.
From the link, this paragraph was cringe-worthy:
> We use SHA1 for integrity check
The SHA1 in question is for raw unencrypted data.
The message key is SHA1-dependent.
Note that the AES key and iv depend on that SHA1.
Glad to see they're using this super-secure "SHA1" hash function for integrity checking and that everything else is dependent on it. In a few years they could even brag about how they're using SHA1 for longer than Microsoft!
Are you insane? VK has horrendous UX (best and simplest example: Browsing through image galleries resizes the image viewer so that the next and previous buttons constantly move)
And they call it a Facebook clone because it was a direct copy of the Facebook UI, and while Facebook has innovated and polished, VK has been stuck in the same decade-old look and feel.
It may be faster to use in Russia because of geographical proxmity, but I assure you it is nowhere near as Facebook is from North America.
Playing with encryption is like playing with fire. Much worse actually. There are no partially broken encryption products, only 'not yet broken' and 'broken'. Time and time again, here on HN and elsewhere, people with cryptographic capital have staked their reputations on calling out Telegram as 'broken'. So why would anyone even want to touch it with a barge pole? It may turn into a 'not yet broken' product someday. But that day is not today. By pushing Telegram as 'secure' i.e. 'not yet broken', you and others are doing a disservice to the users at large and the crypto community in general. So stop calling the bloody shovel a spade.
Grammatical sidenote: It should be "you or me." An easy way to know whether to use "I" or "me" is to remove the other subject and see if it's correct. Like so:
During the standoff with the SWAT team, which took place soon after, he wouldn’t answer the door. They went home after an hour.
Wait, what? Is that what police in Russia normally do? This would never, ever happen in the United States. LAPD actually even has a "Wrong Doors Unit" which goes around repairing broken down doors when the cops raid the wrong address.[0]
American cops use intimidation tactics all the damn time. It's just that, when they do it, it almost always results in an arrest, and often a death. Also, they intimidate entire communities at a time, seldom bothering with this one-at-a-time stuff.
[1] And let's be clear, we're talking about the US here, not the entire fucking West - brutal American LEO tactics are most decidedly not par for the course in the West.
Yeah it definitely sounded like an intimidation attempt, though a rather ill-conceived one. If they had a search warrant, it seems odd to me that they chose not to force entry.
If they didn't have a warrant, I would think they would have a plan if consent was not given to enter -- getting punked out when intimidation was your goal is a pretty embarrassing result.
It's sort of a Russian tradition, valar_m. Even the most powerful were harassed like that, and even in Stalin era the police would just back off sometimes. It's not them punking out; it's showing contempt. "We are not in a rush, little one". The purpose is to wear the victim down.
"[General] Zhukov had always been notified about meetings so this impromptu one worried him. The night before the meeting, three men came to Zhukov’s home for a random search, but they had no warrant. Zhukov threatened to use weapons, forcing them off his property. After they left, he did not sleep the entire night, fearful of the next morning."
He pulled a rifle against NKVD functionaires and they walked away. Was it THAT soft under Stalin's regime? No, it's just toying. Cat and mouse. It's about sending a message: we can get you any time we want, even if you're a world famous general or Russian Zuckerberg etc.
American, or, in general, Western commentators often don't understand this type of moves because they belong to a different political vocabulary, so to speak. "Hah! They even had no warrant, how amateurish of them" - no, that's the POINT.
This could likely be part of some behind-the-scenes "negotiations" between Kremlin and the owner of VK...
Police brutality and abuse in the West (or probably anywhere, for that matter) is a fact of life, but this is not the same thing.
I know "thanks!" comments are frowned upon, but I wanted you to know that I appreciate your response. You are absolutely correct, at least in my case, about Westerners being unfamiliar with the underpinnings of this society. Thanks for shedding a little bit of light.
I should have been more clear -- The article doesn't say, but I was assuming that the SWAT team was there to execute a search warrant. Perhaps they did not and that's why they didn't force entry, but the SWAT team showing up without a search warrant makes even less sense to me.
But still it's not Stalin that defended the right, the people were involved. A lot of them. There were 20-28 MILLION people from USSR killed by Nazis during the war.
AFAIK, independent from that Stalin was also responsible for a lot of deaths of people of USSR (at least http://en.wikipedia.org/wiki/Joseph_Stalin "a total of about 2.9 million officially recorded victims in these categories") But these acts don't cancel one another by any logic.
it isn't a great quote. It gives way too much credit to Stalin in typical manner of idolizing him even if Durov may consciously have not intended to do it. Just like a pretty much any Russian he couldn't resist it subconsciously. (note : i'm a Russian)
It wasn't negligible in my country (Czechoslovakia), where the USSR was the model. I think almost everybody felt relief when Stalin (and Gottwald) died. Maybe Stalin didn't oppress people much after the war, but he still got the _right_ to do so, and the Durov's sentence is 100% correct.
All governments oppress people. The real issue is to what extent they do so and what fraction of the people consider themselves oppressed. Unfortunately the frontlines after WW2 where redrawn and Czechoslovakia was in the unenviable position of having to defend the Warsaw Pact while its population wasn't fully supportive of this position. Those who opposed (anti-Stalinists) were oppressed. As a mirror image, consider Greece where pro-Stalinist communists were oppressed in 50s and 60s.
True enough, but that doesn't invalidate the quote, since it was still Stalin at the helm. There were still an estimated 1.7 million people in the camps after WW2, many of them Soviet POWs.
you probably forgot about "10 years of prison without right for communication" sentence frequently given before the War. That sentence really meant execution.
My Estonian relatives say otherwise, and were glad to see the backs of your unwanted 'comrades' in the early 90s. Amusingly some Russians still hold to the 'we were liberating Estonia from the hands of the Nazis, you should be grateful' story.
A few weeks later, he and other VKontakte executives folded 5000-ruble notes — worth about $155 at the time — into paper airplanes and threw them out an office window, sparking a fight in the street below.
I'm wondering if that can be qualified as "mean". Doesn't look like a nice thing to do. I also can't see what was the motivation other than "Look, I'm rich".
It certainly wasn't "mean". But given the hardships many people in Russia (who don't happen to be petrochemical, banking, and/or internet oligarchs) face, it went well beyond "slightly foolish."
Both Zuck and Durov were approached by secret services by their respective countries. Zuck caved in and gave up Facebook information to NSA. Durov decided to fight and ended up exiled.
I'm not sure what you mean, but what I meant was that if you're throwing money into the crowd, you should expect people to start fighting for it. In Russia, at least, but I'm sure in many other countries too. I don't think donating to Salvation Army starts any physical fights.
I think people ignore one very important aspect of Telegram which is privacy. All other chat apps just want all my private data. There is no privacy at all, I feel almost naked. After coming to know about Telegram I couldn't be happier. I don't care if the encryption in strong or not, at last I have a chat app which many people use and isn't a total privacy nightmare.
That's just it - there is no privacy. You've got a client which stores plaintext messages server side, just waiting to be broken into by (hackers/government agents/kiddies). The messages are being sent unencrypted unless you enable the "secure" (it really isn't) mode anyways, so we can also add "people who can sniff your traffic" to the list of adversaries.
That's pretty much the polar opposite of "private".
Life is too short to be a revolutionary hero. Be a law abiding citizen and do what Zuckenberg,Page and other American CEOs did, quietly give control control over our privacy to the government. Social networks are too important for mass surveillance.
Russians are too optimistic because only 20 years ago they had an attempt of a complete governance system change.
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." --George Bernard Shaw
False dichotomy. You can permit law enforcement to make warranted requests against specific users or groups while still not allowing them access to all the data. You don't have to choose between "revolutionary hero" and "let the government do whatever they want with your company and your users", at least not in North America. In a country like Russia it may be different.
"You can permit law enforcement to make warranted requests against specific users or groups while still not allowing them access to all the data."
Can you?
With the Patriot Act?
The fact is that the US gobertment can talk to any worker of any company of the US and blackmail her into doing whatever they want. If this person tells anybody, he goes to jail.
"You don't have to choose between "revolutionary hero" and "let the government do whatever they want with your company and your users", at least not in North America. In a country like Russia it may be different."
As much as i admire Levison, at least part of that problem was his own making, namely by being a dick to the agents and charging rates for the work that is way too high.
It is possible to disagree with police without being outright antagonistic to them.
...and charging rates for the work that is way too high.
Funny, when I read about the $3500 part I was surprised at how little he asked for. My impression from various HN threads[0][1] is that someone of Levison's caliber could easily fetch $200 per hour.
Beyond doubts with the protocol itself, I think the more important consideration is that most people never use it. Telegram is not encrypted by default. Users have to create a special "secret chat" with contacts that is ephemeral, and some Telegram clients don't even support that mode. Last I checked, there was no way to have group "secret chats" in any client at all.
The result is a situation where many users seem to think that Telegram is somehow secure by default, when it definitely isn't. Telegram even stores plaintext copies of everyone's entire message history on the server for multi-device sync.
I think what Telegram is doing right now is dangerous, and potentially another Lavabit in the making. I'd like to see them incorporate a modern end to end encryption protocol, and enable it by default.
To be transparent, I work on TextSecure and am involved with the WhatsApp end-to-end encryption project.