(Cross-posted from: https://lemmy.dbzer0.com/post/26559848/)
Some significant news for Telegram users!
See this article for some interesting backstory context on Pavel Durov and Telegram: https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8
Since the post article is in French, here’s an auto-translation:
Pavel Durov, the founder and CEO of the encrypted messaging service Telegram, was arrested around 8 p.m. on Saturday evening as he got off his private jet on the tarmac of Le Bourget airport. The 39-year-old Franco-Russian was accompanied by his bodyguard and a woman.
The arrest was carried out by the gendarmes of the GTA (Air Transport Gendarmerie). Registered in the RPF (wanted persons file), Pavel Durov came straight from Azerbaijan. He had over his head a French search warrant issued by the OFMIN of the National Directorate of the French Judicial Police, issued on the basis of a preliminary investigation.
Why was he under threat of a search warrant?
The Justice considers that the lack of moderation, cooperation with the police and the tools offered by Telegram (disposable number, cryptocurrencies, etc.) makes it complicit in drug trafficking, paedophile offences and fraud.
This search warrant ran if, and only if, Pavel Durov was on national territory. “He made a mistake tonight. We don’t know why… Was this flight just a step? In any case, he’s locked up!” a source close to the investigation told TF1/LCI. Since he knew he was persona non grata in France, Pavel Durov used to travel to the Emirates, the countries of the former USSR, South America… He travelled very little in Europe and avoided countries where Telegram is under surveillance.
And now?
Investigators from the ONAF (National Anti-Fraud Office attached to the Customs Directorate) notified him and placed him in police custody. He is expected to be presented to an investigating judge this Saturday evening before a possible indictment on Sunday for a multitude of offences: terrorism, drugs, complicity, fraud, money laundering, concealment, paedophile content…
“Pavel Durov will end up in pre-trial detention, that’s for sure,” comments an investigator to TF1/LCI. “On his platform, he allowed an incalculable number of misdemeanours and crimes to be committed for which he does nothing to moderate or cooperate,” said a source close to the case.
His pre-trial detention at the end of his indictment is indeed in no doubt. Pavel Durov, a billionaire, has substantial means to flee and his guarantees of representation will hardly convince the judges.
A net with international resonance
For the investigators, this international sweep has various objectives. First, it makes it possible to kick the anthill, impress and deter the perpetrators of crimes and offences who exchange, until now, freely on Telegram. Secondly, they aim to put pressure on European countries to step up joint work to make secure messaging on terrorist cases bend.
Indeed, Telegram is a hive of criminal content. At the moment, the platform is in the news with the illegal broadcasting of Ligue 1 matches. But on this encrypted messaging service, many accounts are used by organized crime. Beyond terrorism, the most dangerous pedophiles communicate on Telegram to exchange content. “It has become for years THE number 1 platform for organized crime,” comments an investigator.
Telegram chats are not encrypted by default, only Secret chat is which is not synced to Desktop and only works on one-to-one chats, no groups.
Because almost all data is encrypted. They don’t even know who is messaging whom. How can they be charged with crimes they didn’t commit? They don’t know what their users are using the messenger for, so they can just deny everything.
No you can’t unless you have access to the phone itself. It’s impossible. You clearly have no idea what you’re talking about.
Page 47. https://odr.chalmers.se/server/api/core/bitstreams/527d7251-f7f4-4a6c-ac7b-f8253d174336/content
how often do you check encryption keys in chats? How does WebRTC relay work need to be explained?
If Signal was to pull a MITM, it would have been noticeable as it requires active intervention in the protocol (it hasn’t been noticed yet), it would destroy all plausible deniability for them going forward, and it wouldn’t be possible on existing chats (once the key exchange between two parties happens, it’s impossible to do MITM). Telegram can just straight up read your messages, past, present and future, do whatever they want with them, with no way for anyone to check if that happens. It’s two different tiers of communication security.
To quote another commenter,
The KDE would need to intercept every single message from start to finish because of forward secrecy. Mass surveillance of such sort would have been noticed by now, even if only 0.01% of people check their safety number with QR code or manual confirmation.
MITM attacks on specific high-level targets would be still possible of course. But if you consider yourself a high-level target outside of mass surveillance you can just check your safety number before initiating a conversation. Because of forward secrecy, you only need to check that once!
But all of that aside, Telegram has none of these things. Telegram is straight-up unencrypted with their default chats and group chats. Telegram is absolute dogshit.
So, that’s why they call PUBLIC chats in first place. In private chats all work exactly like in signal (DH end-to-end crypto with key verifying). But after 5 years some journalist finally read the documentation and newspapers was exploded. I known that from first day.
Telegram also honestly declares that there is no need to rely on anyone in matters of privacy. For example: We do not store customer IP, says signal developers. And how should I check it? Teleram just honestly says, “You have an mtproto proxy, build any kind of proxying chains and we won’t even theoretically know your address.” Feel the difference.
And I still don’t understand why MITM can’t just match two DH keys so that Alice and Bob’s signature checks match. But maybe I just don’t understand the cryptography chain well.
I don’t want tell that signal have bad crypto or telegram greates private messager. I say that all of that messengers have same security in private messages. Yes, signal support group private chats too, but that’s all. And if anyone can’t read docs, that not a telegram problem.