To be accurate, that translates to "until we meet again" or something similar. So, not getting rid of Telegram completely?
Russian telecoms and mass communications regulator Roskomnadzor has filed a lawsuit it hopes will see secure messaging app Telegram turfed out of the country. Moscow’s been unhappy with Telegram for some time, dating back to a mid-2017 dispute over the company’s non-compliance with requests to register as a telecoms service …
I'm surprised we have not seen much in the way of apps that locally encrypt & decrypt but communicate peer-to-peer over the telecom providers SMS text system. (i.e. Texts displayed outside the app appear as gibberish.) All the metadata would be there for the despots henchmen, but the content would be hidden. Maybe combine it with stenography in photos sent by SMS to obfuscate.
Well the problem is that SMSes are fairly small so you won't be able to get propper encryption. However you could have a pre-shared key and use some symmetric encryption methode like AES for it.
You simply cannot send a 1024 bit key when you only have 1120 bits for your whole message.
Key/message size issues is why the comment talked about stenography. One could use a series of SMS message bodies to perform Diffie–Hellman key exchange, as well as for smaller messages. For large messages, encrypt the message & stenographically hide it in a photo. The photo could be sent by SMS or email. If email, the destination email address can be sent by the (already) encrypted SMS channel. The purpose of the App is of course, to do all of this automatically for the users.
Well you can't send photos via SMS, only via MMS... which is probably the second most expensive way to send any kind of data.
What would be interresting, in theory, would be to send it as a voice call. Those are more and more likely to be bit transparent as inter carrier links get converted to VoIP which makes it easy to support all those wierd codecs like AMR.
You'd be surprised how difficult it is to send data encoded as a typical modem signal through the voice codec of a typical mobile phone. Or maybe you wouldn't, if you had ever used a decent landline and are now familiar with the crappy voice quality over most mobile networks. Then think about doing that with anything over 50 bits per second and full duplex. I would love to hear about promising research in that area.
@Mike16: Well you are mixing up a lot of things.
First of all if your landline provider is using codecs like G.729 you should seriously be considering to swap them for someone who knows what they are doing. There is no reason to use that codec as the licensing costs are far higher than the bandwidth costs. Any sane telephony provider will give you G.711 (either a or µ depening on the continent) which is the same as used on ISDN.
Then there's really bad CPEs. One of the main problems with VoIP is that both the transmitter and the receiver need to run at precisely the same clock. That either requires you to have a precise crystal oscillator, or to estimate and compensate your clock error via NTP. For some reason many CPEs do neither of those. So you'll end up with your transmitter transmitting frames with 8001 Hz sampling rate, and your receiver playing them with 7999 Hz. After a short while the timing difference will have made up a frame, and a frame gets dropped... many modem standards don't like that at all.
So modem transmissions do work, if you have a decent CPE and a decent voice provider. In fact on many voice providers you can even use ISDN transparent data transfers. Most protocols based on that can easily cope with the frame slips mentioned above, so that's even rather solid with cheap equipment.
However I'm talking about something else here: Imagine you have a mobile phone to mobile phone phone call. Both phones speak, lets say AMR as a codec. In the past this would have been transcoded to G.711, sent to the other carrier, and transcoded back to AMR. That is however expensive (proprietary voice codecs cost a _lot_ of money per channel) and decreases the quality of the call. Therefore phone companies try to avoid this more and more. Therefore they try to just send the data through verbatim.
Usually your codec turns voice into bits. Who says you need to actually encode voice? For the network bits are just bits. So if you bypass your voice codec and just send raw data, you will get those data on the other end. (provided there is no transcoding)
So essentially you'd start your call, and for the first second or so you transmit some bit pattern which would decode to some non-annoying noise. You can do that on both ends and detect a compatible peer. Then you know you have a bit transparent channel you can negotiate your encryption on. Once you are finished, you use a codec with a slightly lower bitrate and use the rest of the bits to work on renegotiating the next key while you encrypt your voice data.
The best thing about this is that your call will just look like any normal call. Your telephony provider has no idea its encrypted as the signaling is normal. This also would automatically work without any manual negotiation. If you happen to dial a compatible phone, it'll all happen automatically.
The basic idea is to exploit the native network infrastructure to support a peer-to-peer locally encrypted messaging system. With no central server, in principle makes it harder for authoritarian regimes to block, especially if multiple channels can be exploited behind the scenes (SMS, MMS, voice, email, etc.) for resilience. Obviously the metadata is still visible, so they still know who is talking to who. But if such a app became popular (due to being free & open source), it could create quite the headache for repressive regimes.
This post has been deleted by its author
It is not Telegram:Sam it is Telegram:Irina.
This Irina. From one of the long-legged dollies carted out by Nemtsov in the 90-es when he was the leader of the opposition, this bimbo has gone a few parsecs to the right of Attila the Hun.
Her creation mandates escrow of all keys without capture of any data + data retention for periods same as in Eu. Thus, if the FSB needs to decrypt the data at a later date it applies for a standard court order, gets it and decrypts it. While technically workable (big difference compared to the lunacies of Rudd, FBI, etc), it is one of those things which are in the "I am not even going to start on what can go wrong here".
Procedurally, the request to Telegram is illegal by the way - it was filed a day early before the law has taken effect. Someone in FSB was trigger happy to test their new key storage supplied by one well known provider of mechanical calculators to the Nazis. However, even if Telegram wins the legal review on this technicality, it will simply have to comply the next day with an amended request (similar to Microsoft and the CLOUD act).
After re-reading it the chances of this being repealed in the Russian constitutional court are pretty slim too. Keys without the data are not the conversation and hence cannot be protected by the clause mandating the privacy of communications in their constitution.
All in all, there are lots of people watching this in both FBI and Home office. Expect a copycat law any day.
Whatsapp is still available in Russia, I know because i communicate with people who live in Russia and use the app. Wonder if they will be the next target as they are technically very similar.
Nah, Zuck has access to that data (transport crypto statements are of no use unless there is independent validation). Note that he has never been in trouble for refusing to give access to information, only for giving too much access..
I think we should also ban:
1. Roads (They allow terrorists to travel)
2. Communication (It allows terrorists to propagate ideology. This extends to limb-based semaphore, so no limbs allowed)
3. Breathing (Allowing terrorists to breathe is bad. So we should ban all breathing. Special dispensation for State-sponsored gill-based projects, pending trials.)
And so on.
More likely we are just getting coverage on Telegram while other services are being targeted but remain out of the media spotlight at this time. Also, Telegram has a large number of users. Make an announcement like this and see who starts downloading other similar apps in your region and you have a ready-made list for surveillance purposes.
> Isn't Telegram fairly widely regarded as potentially less secure than, say, Signal?
It is, yes - because it was implemented with unauditable 'roll your own' code by two mathematicans with no experience in crypto.
There does, however, appear to have been some sort of audit recently, but I doubt it was of the server code.
Moreover, iirc, E2EE is not the default state of affairs. I wouldn't quote me on that though as I've never used it and never will until it uses an auditable solution for very aspect of its operation and I'll be sticking with Signal myself until such time as Threema gets as good a bill of health from an audit as Signal does and I find a way of paying for the service anonymously (no BTC isn't anonymous, it's traceable in 60% of cases).
I once looked at rolling out a secure telecoms service.
I came to the conclusion that it was easy enough to build something which offered protection against a suspicious wife, business partner or rival.
Impossible to build something which would protect you from your government.
I don't understand why anyone uses telegram now that Whatsapp is encrypted. Using Telegram screams "I've got something to hide". With Whatsapp you hide in the masses.
Telegram's genuinely a very useful app - it works flawlessly across multiple platforms without any complications. You can blabber away on your iPhone, Android Phone or anything running Windows, macOS or Linux and do it all seamlessly, which is a lot more than most of the other messengers can do.
Russia doesn't strike me as an obvious place to base a company that provides secure communication though.
I'm genuinely curious, how does Telegram fund itself?
I can't understand how it's making any money. It's just providing a completely free service and is somehow supporting significant infrastructure.
As an end user, I'm always suspicious that when something's free of charge, you're the product.
Biting the hand that feeds IT © 1998–2021