back to article Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'

A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected. Folk who activate this feature see a list of other users within a few miles to "quickly add people nearby... and discover local group chats." Using …

  1. IGotOut Silver badge

    Well, yeah.

    Share my location tends to mean that.

    Not sure what the guy was trying to prove.

    1. sqlrob

      Re: Well, yeah.

      There's a whole lot of difference between narrowing someone down to say, a square mile or two and knowing the exact spot they live.

      1. trist

        Re: Well, yeah.

        Does it matter? They shouldn't even know which country you are in, let alone block.

        Exactly spot.How precise are we talking about here? Given that elevation is rarely done, in Manhattan say even the block would be useless to SWAT someone.

    2. Anonymous Coward
      Anonymous Coward

      Re: Well, yeah.

      Indeed. And how many people share their exact location on Strava (Your need to turn on the ability to mung the start and finish of an activity) without care?

      Anon, because I don't have this turned on.

  2. sqlrob

    "In the case of Telegram's requirement, it might be sufficient simply to report which users are within a seven-mile radius, for example, rather than exposing their exact distance away."

    I fail to see how that actually solves the problem, unless there's a lot of randomness added or it uses a constant arbitrary point for distance (say, everyone in a postal code is at the center of that postal code). Otherwise it just means it takes more than 3 readings, big whoop.

  3. heyrick Silver badge

    a huge printed directory of local names, addresses, and telephone numbers

    While that is true, there's a big difference between "here's a book with twenty thousand people indexed by name, good luck"...

    ...and "This young brunette is Jessica, she's out for her morning run, this is her route. She lives at 6 Skylark Lane. She's single, has two cats, and plays the cello" (the additional details easily gleaned by following links to social media profiles, etc).

    1. Sandtitz Silver badge
      Thumb Up

      Re: a huge printed directory of local names, addresses, and telephone numbers

      Quite. Arnie would have terminated (the correct) Sarah Connor in a jiffy.

    2. Pascal Monett Silver badge

      Re: a huge printed directory of local names, addresses, and telephone numbers

      First of all, it was a lot more than 20 thousand.

      Second, you're right, but that is the state of technology today. People should stop buying these gadgets that reveal their entire lives for basically no advantage. Why do you need a watch that records your GPS coordinates when you run ? Can't you just run ?

  4. Paul Herber Silver badge

    'fake Bitcoin investments'

    Is there any other type?

    1. David 132 Silver badge

      Hush, you'll provoke the bitcoin stans, who will pile in with enthusiastic raves about how it's only going UP UP UP in value, angry denunciations of your motives, and spittle-flecked claims that you're in the pocket of Big Fiat Currency / Goldman Sachs / the Midland Bank / whoever...

  5. Anonymous Coward
    Anonymous Coward

    Given all of the security analysis that is somewhat skeptical about Telegram's homebrewed crypto, I'm surprised that anyone who is concerned about privacy (rather than just looking as though they are concerned about privacy) uses it. This slightly too-revealing feature (did they really not think it through?) really only adds to that reputation.

    1. John H Woods

      Homebrew

      Homebrew isn't necessarily bad. Moxie Marlinspike could be said to have homebrewed the Signal protocol. However, its working is completely open source and it's built on fairly well-trusted principles.

      Much harder to see what Telegram is doing, so I'm instinctively suspicious of them.

  6. JDPower Bronze badge

    So if you turn on a setting that exposes your location, it exposes your location? And he wanted a bug bounty for that???

    1. Charlie Clark Silver badge

      Exactly, as it's disabled by default this shouldn't be considered a bug. I've never used it but the function seems to rely on extreme proximity with it telling me there are users < 100m from me. Difficult to see how you can fuzz this and still make it useful.

      A more useful feature, for me at least, is being able to share your location with contacts while you move. Even better is being able to do this from within OsmAnd, which uses Telegram purely as a data pipe.

  7. Anonymous Coward
    Anonymous Coward

    So.........

    .......unless YOUR EVERY internet account is an AC (El Reg, Signal, Telegraph, Facebook, Twitter, Ring, Alexa...............)

    *

    ------anyone can find out who you are, where you live....and the colour of your underwear..........

    *

    Welcome to 1999: https://www.wired.com/1999/01/sun-on-privacy-get-over-it/

  8. BPontius

    Would think the name of the app would be a clue as to the function. Choosing to show your location doesn't have hidden meaning. People need to give up this fantasy that there is privacy online or in apps on a smart phone. You can stay off the Internet and cell phones, but you can still be traced and found. Skip Tracers do it all the time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like