https://www.rt.com/news/603033-telegram-founder-paris-arrest/
The founder has been arrested in Paris on charges of abetting criminals by making a censorship resistant app. He in the past claimed the west (NSA/CIA/etc) asked him to put a backdoor in his app and for what little it’s worth he claims he refused.
Now with him in their custody, in their clutches, where they can sentence him to a brutal prison sentence for the rest of his life he may like many people be willing to cut them a deal on a backdoor so he can save his own life. Such a deal may not be publicly apparent and may even be carefully disguised and hidden behind a public legal drama that is fiction.
I don’t think any immediate emergency action is warranted but I would encourage those using it to evaluate what this means for their continued usage and the threat it presents to them say 6 months from now.
We have to wait and see, he could be cleared and leave quickly, he could face a trial which may or may not say anything about him allowing western intelligence to compromise it. As they could try and hide the fact he cut a deal behind a public apparent defeat by his lawyers if they want to keep it under wraps to better utilize such access against Russians for example who are heavy, heavy users of the app and it could present a trove of intelligence to say nothing of abilities to compromise top Russian officials were they to get in bed with the eyes agreement agencies.
Point is they snatched him at the airport when he landed and it can’t be anything but politically motivated.
At the very least I expect them to force him to submit to public censorship of “disinformation” which means the Russian perspective. Oh they’ll bust a few pedophiles and drug rings as well but it’s mainly about controlling yet another app that’s available in the west and sticking a knife in Russia’s back.
Here’s something interesting from Ars:
As Rob Lee, a senior fellow at the Foreign Policy Research Institute, noted tonight, “A popular Russian channel says that Telegram is also used by Russian forces to communicate, and that if Western intelligence services gain access to it, they could obtain sensitive information about the Russian military.” https://arstechnica.com/security/2024/08/shocker-french-make-surprise-arrest-of-telegram-founder-at-paris-airport/
This once again shows the need for tech sovereignty among anti-imperialist nations. It’s not enough to use something that’s not directly controlled by the enemy because the enemy will find ways to pressure, blackmail, coerce those third parties into doing their bidding anyways. It’s important for these countries to have platforms safely headquartered within one of these other friend nations that are resistant to just one person being arrested, where even someone with extraordinary access wouldn’t be a threat because of security service involvement.
Given the detention in France I think the broader context of encryption policy in the EU is relevant as well.
The EU parliament has had multiple draft laws proposed over the past few years that intend to break private communication for everyday citizens. The proposals are varied, from the inclusion of backdoors to a requirement that service providers scan all messages for “CSM” (I put this in quotes because the content they actually want to track has nothing to do with minors and everything to do with class power). IIRC the current proposal is to just break SSL entirely by forcing browsers to accept certificates issued by the EU itself.
With seemingly random “terror” attacks occurring within the EU recently I can imagine that this will once again be used as the causus belli to go after private messaging and working class access to encryption. The politically motivated detention of the founder of Telegram is almost certainly part of the broader strategy to be able to surveil the thoughts of European citizens, residents, and guests. It’s also worth noting that the founder of Telegram was already detained by some US alphabet agencies (FBI maybe?) years ago.
I’ve assumed for years now that they had at least some access to it but him getting arrested (batshit insane btw) might show they didn’t or didn’t get what they wanted anyway.
I just figured all those “we got inside info on this right wing plan of attack from a telegram leak” news stories were “the FBI gave us this and told us to say it wasn’t from us.” Apple/Google engage in similar obfuscation of what access the feds have. With Google, well, just assume “all.” With Apple it’s probably also “all” but they insist that isn’t the case. It seeks almost certain though they do quietly cooperate with feds to help unlock devices and then feds just cite some technology without mentioning Apple’s probable role in creating it.
Shit sucks, the NSA (among many) should’ve never been allowed to exist. It’s all getting worse too. 20 years ago an arrest like this (transport back the general idea “some guy makes a program people used for naughty naughty”) would be a headline for maybe a month at least. It would be discussed for sure and hogs and dipshit ghouls would defend it and nothing done about it. Now it’s just “oh? Russia? Huh. Oh. Ok. Yes, m’lord…”
TG most likely was already compromised long ago. Its based in UAE, a regime subject to USA influence, and probably already has backdoors and/or NSA monitoring. Founder is probably some sort of Westaboo or lolbert.
Most of TG is not encrypted anyway and is no more private than Twitter which many users had previously been on. I note they recently added E2E encryption for some “Secret chats”, but keep in mind that metadata cannot be encrypted. If it is true that Russia’s military is using it, they are very foolish to do so.
On the censorship thing, apparently they have already banned many groups after threats of legal action.
If it is true that Russia’s military is using it, they are very foolish to do so.
It’s doubtful it’s an official practice for field communications so much as soldiers using it on their own in ways that severely compromise operational security. It’s incredibly popular in Russia, much of the news we get on the Ukraine conflict is via official releases done on Telegram or Twitter by Russian state agencies.
That said maybe they’re using it in some semi-official capacity which is bad but at the same time this war kind of came out of nowhere. Russia doesn’t really have a lot of homegrown messaging apps. They can’t trust western stuff like Zuckerbook or Signal for obvious reasons and that leaves out most of the encrypted messaging clients. They could have rolled their own but that’s a vulnerability as any brand new and rushed software you create is more likely to have bugs that intelligence agencies from the west can exploit to take over devices, spy, break encryption, etc than something that’s at least been on the market a while. It does underline they /should/ develop something that can be used for these purposes that they control.
Telegram does not encrypt by default. It’s always been no better than text.
Well yes and no. SMS messages are readable by the carrier (both receiving and sending) and absolutely accessible to the FBI and NSA often without a warrant and they’re stored for 6-18 months or so by the carriers.
Telegram on the other hand to my knowledge still practices encryption in transit. Your connection and data you send to Telegram is over an encrypted connection like HTTPS. That means your carrier/ISP cannot see what you’re saying on Telegram just that you’re using it.
Is it completely secure against third parties, against Telegram itself being compromised? As in end to end encryption. No. And that’s why an arrest like this is particularly problematic as anyone who can coerce the company or someone with sufficient access can just get all this data from them as well as doing other things. But it does reduce the number of parties with easy access and raises the bar to gaining access somewhat. As evidenced by the Snowden leaks we can’t be sure any service that isn’t based entirely in an anti-imperialist core nation like China doesn’t have the NSA in the back siphoning up all the data or even just metadata.
As with many things there are degrees of security and privacy with encryption. SMS I’d consider as safe as shouting something in a public space. This I’d consider as safe as sending a UPS envelope with a message inside to someone. Properly implemented E2E I’d consider sending a UPS envelope but the contents inside are scrambled and unreadable except to your recipient who has a special decoder that UPS isn’t in possession of.
This event is quite a blatant attempt by NATO to pressure Telegram into giving them a backdoor, which is a good sign that they didn’t have access previously.
One must ask why Signal, Matrix/Element, Session, and Tor haven’t faced such attacks despite being based in Western countries.
For example, Tor is developed by the US government to protect their spies, and was opened to the public to shield spy web traffic.
Are there any true anti-imperialist alternatives? For instance, Wechat is made in China, but doesn’t have any mechanisms to protect user info.
true anti-imperialist alternatives?
In person meeting, all devices in a faraday cage in the other room
I don’t like how you can sign in to Matrix/Element using an Apple/Facebook/Google account
