Key points:
Russian-born IT entrepreneur Pavel Durov said that he was “pressured” by the FBI during his stays in America
The US government had wanted a backdoor to Telegram in order to potentially spy on its users, the social media platform’s founder Pavel Durov said in an interview with American journalist Tucker Carlson. The attention from the FBI was one of the reasons Durov dropped the idea of setting up the company in San Francisco, he said.
In an interview published on Wednesday, Durov said that he visited the US several times and even met with former Twitter CEO Jack Dorsey. He was under the watchful eye of the FBI, which made his stays in America uneasy, he said.
According to Durov, one of his top employees once told him that he had been approached by the US government. “There was a secret attempt to hire my engineer behind my back by cybersecurity officers,” the businessman said.
“They were trying to persuade him to use certain open-source tools that he would then integrate into Telegram’s code that, in my understanding, would serve as backdoors,” Durov said. He added that he believes the employee’s account. “There is no reason for my engineer to make up (such) stories.”
Extremely alarming that there is a claim here certain open-source tools act as back-doors for the western intelligence agencies but it makes perfect sense. Engineered bugs in upstream libraries and tools used by tons of commercial and open source software would always get you your best bang for the buck compromising lots of things. Unlike for example the recent xz debacle I expect these are likely much more well hidden and engineered to hide their nature as nothing but mistakes. There are multiple ways to accomplish this from having NSA/GCHQ employees working directly on these projects as core contributors to paying off or blackmailing core contributors.
I expect this particular revelation to likely be ignored by many of the usual privacy people and spaces just because Tucker Carlson (who has grown funnily more hated for interviewing Putin than anything else he’s done among liberals) was the interviewer and of course because Durov is a Russian.
Too many if’s to my mind for my thinking personally. They can’t control everything. If I was a ghoul and was presented with this speculative limited hang-out plan I’d immediately object that they can’t assure that some other country or genuine privacy actors wouldn’t develop and deploy some run-away popular app or platform that’s not backdoored and cause headaches.
As to false sense of security, hardly needed. Look how many people think discord is private and secure and use it to openly do crime, to openly do other ridiculous stuff and get caught with their pants down despite discord never making any claims anywhere that it was e2e. Lots of criminals still don’t use these services, it’s hardly pushed them onto them entirely. After that encrochat affair that turned out to be a police op many of them are very suspicious of these things as well.
If anything I think doing this would flood their fish in a barrel strategy with unwanted fish. Before this came out who used strong encryption privacy services? Pedophiles, terrorists, some small amount of political dissidents, criminals, a handful of extreme privacy practitioners and info-sec experts and followers. Who uses these services now? The above plus little Johnny who heard something about spying and is afraid of someone telling his mom he’s looking at pictures of naked women online. The above plus some corpo guy doing minor uninteresting white collar crime who thinks the extra precautions are worth it. And on and on. In other words I think if the goal was a watering hole attack type thing to get interesting types all they’ve done is pollute it with more noise.
I just don’t see them going out of their way to sabotage the police in the way they have because even if all the major privacy services are backdoored or ops, the police still can’t get them with warrants whereas before they could. Before the police could get certain zucker-book chat data, not so much anymore now that they turned on chat encryption for some of their services. The only way I could see this making sense is if they want to use it as a part of a push to regulate and outlaw encryption entirely, to push up criminal use of these services even incidentally and get a push to bring them all under control but that’s also an if and as we see as of yet 10 years later that hasn’t materialized.
The chilling effects argument is the only other one besides the encryption accelerationist one I think that has real merit, if they thought silencing and intimidating the populace was important given rising tensions I wouldn’t be shocked. Though the problem I have with that is why expose everything? Why expose the hardware implants via mail intercept in Cisco devices shipped to China when blowing that has nothing to do with letting Americans know of US metadata collection programs like Prism which are spying on them? That’s blowing a major foreign intelligence op and not just that making it so other countries you could have spied on won’t trust to buy these things from you given your past behavior constraining your future actions as well.