This (admittedly terrible, but now rectified) location flaw aside, what safety disadvantages does Telegram have over other communication platforms without end-to-end encryption like Discord, Teams, Slack, or Messenger?
> Telegram stores all your contacts, groups, media, and every message you've ever sent or received *in plaintext* on their servers. [emphasis mine]
This implies they don’t use encryption “at rest” - unless I’ve missed something in their FAQ[0] (entirely possible, I’m far from an expert on cryptography), they seem to imply they do.
If it is indeed the case that they don’t encrypt data at rest, I can definitely see how that would be a problem.
If data is encrypted at rest though, I don’t see how any of that is fundamentally different from the other messengers I listed in the parent - the server still holds the keys, and thus must be a trusted party - but it’s nothing new.
Even if they store the data encrypted on their servers and hold the keys - it is not different from plaintext.
There's another thing. Some years ago Russian FSB demanded encryption keys from telegram threatening to ban it in Russia, and publicly they refused to do that. But then somehow FSB has quietly dropped the case. Question is - why?
Ultimately what Moxie is doing here is disingenuous and an abuse of language to prop his argument. He could have just stated the facts but instead he's using propaganda to create fear in his audience. You can use correct language (messages are encrypted at rest) and still make the argument that Telegram does not use E2EE unless Secret Chats are turned on but he doesn't do that.
Really poor behavior from a leader in this space.
The Russian FSB dropped the case because there was no way to block Telegram without collateral damage and most of the Russian population uses it, including politicians. There's no need to get "shadowy council" here, especially in light of Durov's quite public support for the Euromaiden protests that got him in such trouble with VK.
If this is the first place your head goes, I don't know what to tell you except perhaps that this paranoia exhibited from the security community is often not rational, and frequently resorts to takes-no-prisoners stakes.
Here's an article [1] that goes over the attempts at blocking Telegram after the FSB demanded the encryption keys, was denied and the collateral damage that resulted from Roskomnadzor attempting to enforce that ban.
I ran this by my Russian friend and he confirms TJournal is reputable. However, he also cautioned believing a known propagandist, deputy Matveychev who made these claims. And toward the bottom of the article you sent:
"A source close to the creators of the messenger, however, doubted the deputy’s statement: when asked what Telegram thinks about Matveychev’s statement, he replied: 'Clowns.' This was reported in the online publication 'Durov's Code'."
It's difficult to believe that Durov who was driven from Russia and from his first company for refusing to hand over information on Euromaiden protestors would so jeopardize the trust he's built over the last decade by allowing hardware backdoors.
All this about him refusing to co-operate is just Durov's words. So you choose to trust him for some reason. But that's not how security works. Zero trust security model exists for a reason. Moxie is right, Telegram is not secure.
From how I understood it, they weren't able to properly block it. Or at least that is the official story. I'm skeptic about this whole ordeal though.
edit: Some article about it says[0]
> Russia on Thursday lifted a ban on the Telegram messaging app that had failed to stop the widely-used programme operating despite being in force for more than two years.
> Some Russian media cast the move as a capitulation, but communications watchdog Roskomnadzor said it had acted because the app’s Russian founder, Pavel Durov, was prepared to cooperate in combating terrorism and extremism on the platform.
> Even if they store the data encrypted on their servers and hold the keys - it is not different from plaintext.
That's the important point. Encryption at rest is little more than a marketing gimmick if the same entity also has the key.
Edit: also, Telegram is hoarding this data and nothing prevents them from using it for financial gain in the future. Or selling it/themselves to someone who does.
Better be safe and do not give this data to the intermediaries. Signal does the right thing here.
Telegram is fine for public and semi-public use.
We mostly use it as a an IRC replacement with better multimedia capabilities.
We also bridge some channels to IRC.
It's fine as long as people understand that it offers privacy only a notch above email.
Now the security is on the level of a post card in an envelope instead of a bare postcard levels of security offered by email.
I tried this Telegram feature out some years ago but have it turned off since then. Spammers still find me, overly sexy profiles starting a conversation with a "xyz is 3km away" banner above the chat. One legit person also started a conversation once, they said I appeared as within a few km in a nearby city, so it doesn't seem to be my home address that I'm sharing.
Is there a way to find out which location I've been sharing? (I'd be happy to PM someone my phone number if you've already set up this trilateration script.)
And secondarily (damage is done now anyway) how to remove this last seen location?
The linked page says Telegram fixed this, but they only say they're now rounding the results. Hasn't this come up previously in other services and rounding is _not_ enough? It seems like it just makes it very slightly less obviously possible but doesn't prevent exploitation.
If they round the final distance number, all you've done is reduced the accuracy to concentric circles like a dartboard, and you simply need more samples to regain the precision.
If they round the input location to the centroid of some larger region-- a square several kilometers on a side or a map shape for a region-- there's no precise information to be leaked.
From what I recall, some services that rounded locations could still be abused by brute forcing the current location of the attacker to identify the threshold of rounding. This has been mitigated in some cases by changing the rounding threshold or truncating the value.
Secret Chats cannot be MITM'ed and MTProto2 has never had serious security problems despite multiple audits.
That's in contrast to WhatsApp, which backs up your private key to the cloud by default. And in contrast to Signal, which has inexcusable software bugs such as sending private photos to random contacts in your list (is it really E2E encrypted if you can't be sure who the recipient was?).
>Sigh. That Stack Exchange answer is incredibly old and points to the flaws everyone knew in MTProto 1, which has been superseded by MTProto 2 for years.
Telegram's 1 on 1 secret chats are quite simple and straightforward in design. It is unlikely that there are any security issues in there. Telegram has the same usability issue that the rest of these end to end encrypted instant messengers have. They base all the security on having the users compare some ridiculously long numbers and then downplay the whole thing.
I do not consider a messenger "E2E" encrypted if one of those ends is a random person you did not intend to message. The fact that bug was even possible suggests poor engineering standards.
Oh, my gods, I was so confused until I read your comment. I thought "people of color" as well, and looked through the entire readme trying to understand the relevance. This might be one of those times where writing out the full phrase is worthwhile
