Telegram will now hand over IP addresses, phone numbers of suspects to cops In a volte-face, Telegram CEO Pavel Durov announced that the made-in-Russia messaging platform will become a lot less cozy for criminals. "We have updated our Terms of Service and Privacy Policy, ensuring they are consistent across the world,” Durov said. “We’ve made it clear that the IP addresses and phone numbers of those …
It's really only an issue if you've already been identified either by publishing publicly or from standard police/military investigations. If you are stupid enough not to hide you IP and use a mobile phone to register for a service then you will be identifiable to governments eventually. If you thought otherwise you are blissfully ignorant. Equally most secure systems and methods of hiding your actions are under attack from government agencies on a daily basis.
Want a secure system? Setup a server with SSH access establish keys write a message to a log that's deleted hourly on empherial storage. Want to improve it? Generate a one time pad and encrypt your data and delete it as soon as it is read. Only perform the encryption /decryption locally or on a machine created for that action. Hell, trash the server and spin up a new one after each exchange, perform the the decryption on a separate drive/server and erase the drive/servers between decryptions.
Ultimately you will still potentially get caught by increasing the number of people you are talking to or are stupid and keep copies or reuse keys or someone finds they key or most likely someone realises what you are up to and monitors your computer/room/actions.
The reality is, for the police the best thing that can happen is people believe the system they are using is secure. They publish all the information needed to capture them and you catch them in the act and not tell anyone. If you are doing something illegal and have money or knowledge you can build a secure system to communicate until the first person that knows the system is caught and confesses. If nobody keeps copies and no originals exist then you are safe. Although in the UK if they can prove you have a password you won't hand over you could still go to jail.
Yeah, I run OpenBSD, too, thinking its focus on security will make it less-likely to contain careless errors.
But, with crypto, a back door doesn't necessarily look like a back door. It can be as simple as a mathematical weakness, or a subtle (intentional) error in an implementation.
I don't have the math knowledge to spot such a thing in OpenSSH (or any other version). I trust Theo to do the right thing, but OpenSSH has many contributors, some of whom are either rabid nationalists ("patriots", if you will) who would voluntarily insert a back door at their government's request, or have loved ones vulnerable to government-sponsored Bad Things™.
Yes, there is nothing "magical" about open source that makes it immune to security issues.
The main advantage of FOSS is that there tends to be less impetus to be sneaky about the software's purpose, business-model and snoopiness when the financial incentive is removed.
The best thing for Police to do is to prevent the networks from developing in the first place. And no I'm not talking about the social networks (although I dont really see a downside there). I mean the criminal networks. If there is nowhere for buyers to easily find sellers (whether that be drugs, child porn, personal details for scammers, etc.) it becomes a massively reduced market, and a WHOLE lot less profitable. Additionally it becomes a whole lot riskier for both buyers and sellers, as they cant be sure there not dealing with undercover officers. And so the effect multiplies. Without the guaranteed profits, less people are willing to take the risk, meaning the whole criminality decreases.
Or to take the other aspect of this, if the right wing nutters spreading consipracy theories were reduced to shouting their vitriol to their mates in the pub, then things like the far-right riots that happened in the UK (spurred primarily by deliberately falsified and repeated misinformation) would NOT have happened. But because the organisers (who stayed away from the protest of course) can disseminate that information easily, widely, and seemingly without risk to themselves, then it causes problems. Make them identifiable and responsible for the deliberate spread of that info, and suddenly the calls to violence will disappear, and things get a whole lot more civilised.
Excellent points. Kind of reminds me of the old Prison saying "Three can keep a secret but only if two are dead". I know a bunch of 1% bikers who will never do any "alleged crime" with anyone else present. Not ever their club brothers, exactly because of the reasons you stated in the last paragraph. At the end of the day most people will save themselves first not to mention the "due care and diligence" that they will not do because it's just too much trouble.
I am nearing the end of my career but maybe I will live long enough to see some group of smart chaps invent some type of communication method that is 100% untraceable forever. The kind of thing that even if the inventors wanted to cooperate with someone they would not have the ability. --MuleD
Pavel Durov positioned Telegram as a maverick from the start, making it clear that they didn't have much time to worry about moderation or cooperation with law-enforcement bodies.
Unsurprisingly, that led to a lot of criminal and other questionable groups utilizing the platform because the other major platforms were much more diligent about cracking down on such activities.
Despite many media organizations apparently falling for Telegram's hype about some sort of "superior encryption", Telegram is one of the few major messaging platforms these days that does not include end to end encryption of all chats by default.
And even though the client software is open-source, the server-side software has never been so and is closely guarded. Which makes it nearly impossible for an outside 3rd-party to actually ascertain how secure and privacy-respecting Telegram as a platform actually IS.
Given the features like caching and syncing chat data between multiple clients per user, it's long been assumed by technically savvy users that Telegram had the ability to snoop on user data, despite Telegram implications to the contrary. Now their promise to share user IP addresses and the mobile #'s associated with each account with law enforcement upon request, the hype about user privacy that Telegram built is starting to fall apart.
That may be the cost of mainstream acceptance, but it was also a large part of what made the platform popular in certain places around the world, especially in places like Iran and Russia where the local government is notorious for snooping on its citizenry.
Now we see that since Durov's detention, Ukraine has banned the usage of Telegram within government agencies as a precaution against Russian snooping that they say may be due to some sort of special access to Telegram content the Russian govt may have. As a result, I imagine that the platform's growth will turn negative for some time going forward.
Oh well.
telegram does NOT have encrypted group chats.. thats why russia allows telegram, it allows them to snoop in and control the populace... its all in the meta-data jim!
for individual end to end chat users ... russia has plenty of non techy ways of dealing with those "disloyal" russians
guess what... its hard .... but signal has encrypted group chats!
i started donating to signal after reading this eye opening honest blog post from them (the one time sms sign up cost is just crazy) .... https://signal.org/blog/signal-is-expensive/
ps another interesting allbeit geeky read .... https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
Great links, I didn't realize users couldn't even enable encryption mode unless the recipient was also online on telegram at the same time. I'm sure almost no one else does either. I did know that it was limited to person to person and switches back to non encrypted unless you click thru four menus every time you or the recipient rejoins.
Another thing is telegram has most definitely shared data with governments in the past, the German government is confirmed as having done so well before Durov's arrest. He seems to care deeply about his and telegrams image; details and fibs don't matter much if they can be drowned out by the marketing messages...
Telegram better roll out E2EE* and stop requiring phone numbers to sign up, if they don't want to be forced to collaborate with the glowies.
*it might be kind of useless for privacy for the big public chat groups that Telegram is known for, but at least Telegram itself would be able to say they don't have any data
Freedom of speech is being systematically removed.
Yes, there will be criminal communication activity on Telegram, and the phone systems and in pubs or any other space virtual or physical. But what price freedom?
There is another aspect. It seems if any prominent figures promote freedom or criticise certain state actions, they disappear for a couple of weeks and come back compliant and in full support. Obvious examples include Boris at the start of Covid, Jack Ma on Chinese finance and now Durov. I think it highly likley these people have been got at both psychologically and also threatened. The changes have been 180 deg from their prior beliefs.
Boris changed his mind when someone pointed out to him that letting your voters die is not a winning political strategy. Hardly "got at".
Durov has now realised that some countries object to his non-compliance stance and will arrest him for breaching their own data access laws if they get the chance. France "got at" him first.
Ma was "re-educated" by the Chinese government after persistently saying things that would obviously piss them off. Obviously "got at" by a authoritarian regime that doesn't tolerate anyone getting too big for their boots. So he disappeared for a few months and came back contrite, toeing the party line.
None of these are the result of some global conspiracy against free speech.
"None of these are the result of some global conspiracy against free speech."
They kind of all are. The only proper role of government is to represent the people who elected it. Instead they do their hardest to control people. In this digital world, everything said, any money spent, it's all trackable. All of those cases simply show if you won't comply you will be forced to comply. People's freedoms are quickly vanishing.
In case you didn't read the article fully: Durov hasn't "disappeared" for a single moment. His lawyers knew where he was for those few hours, clearly talked to him, and he had zero problem posting a few millions to be out again on bail.
In short, you're drawing a really weird parallel here, France isn't China.
Sad, but not unexpected. Telegram is ok, Signal has always seemed more trustworthy though.
I'd like to see apps like Session gain in popularity, no phone number and with their routing, providing your IP address is not an easy option either. Add a VPN service on top of that for even more security.
====
Quote: "The paranoid is a person who knows a little of what is going on."
(1) Arrest
(2) Secret deal between Telegraph and the EU to implement a better backdoor
(3) "Of course they are harassing me....because I'm a good guy!"
(4) Walks!!!.......
So....It really is possible to be on both sides of the street at the same time!!!! Nothing ever changes!!!
====
Yup......an AC with second sight!! Who would have thunk it!! More secret arrangements to be disclosed until he walks!!!!
There are now countries that are making it a crime to just criticize the government. That's our right in the USA according to the 1st Amendment, but in other countries it is not.
So now, a citizen in, let's say, Brazil, criticizes the government of Brazil, then they have now violated the law. And you're telling me Telegram is going to give up the goods on said citizen?
It's time to give Telegram the Bud Light treatment.
