Many people who focus on information security, including myself, have
long considered
Telegram suspicious and untrustworthy.
Now, based on findings
published by the investigative journalism outlet ISt
The fact is that the FSB is only a threat to those with Russian citizenship or who live within the Russian Federation
Two things:
Your focus on FSB this, FSB that is based on your refusal to read past the title
Maybe you missed it, but Russia is engaged in a war of aggression against Ukraine (a country where people use Telegram). Not only is this a good reason for Ukrainians to not use it, but the post makes a compelling case that nobody should (see: network effect).
There are reasons for Westerners not to use Telegram.
And if you read the blog, you’d have seen them.
It’s hard not to be condescending when you proudly wallow in self-induced ignorance.
Telegram’s dangers extend not just as far as Russia’s sphere of influence, but also the spheres of influence of every country that has secretly been collecting data with their express assistance. We discovered recently that Pavel Durov was hiding this fact for a long while…
The article unfortunately isn’t much better when read in it’s entirety. A unique identifier is sent along with an encrypted payload. The entire set is then encrypted again in transit. But the author claims the identifier is sent “cleartext”.
This coupled with repeated “russian bad” comments peppered throughout. Article is bad.
The entire set is then encrypted again in transit.
Citation? The author of the article provides theirs, and a cursory glance at the chart that telegram themselves provides reveals that the authentication key is not encrypted at all.
Here’s the part of the article you may have missed that clarifies why that’s actually a huge issue:
This enables anyone who has sufficient network visibility and a bit of dedication to identify traffic originating from a given user device.
IStories found evidence that all network communication to and from Telegram’s infrastructure go through a company linked to the Russian FSB. This would provide the kind of network visibility that combined with auth_key_id would allow it to identify traffic coming from specific users, globally.
Why exactly did Telegram create a proprietary messaging protocol that uses this “surprising and unnecessary protocol design choice, present neither in Signal nor WhatsApp”?
Maybe it was just a huge coincidence, compounded by other huge coincidences. You tell me. You have the opportunity to blow this article wide open.
Two things:
And if you read the blog, you’d have seen them.
It’s hard not to be condescending when you proudly wallow in self-induced ignorance.
Telegram’s dangers extend not just as far as Russia’s sphere of influence, but also the spheres of influence of every country that has secretly been collecting data with their express assistance. We discovered recently that Pavel Durov was hiding this fact for a long while…
The article unfortunately isn’t much better when read in it’s entirety. A unique identifier is sent along with an encrypted payload. The entire set is then encrypted again in transit. But the author claims the identifier is sent “cleartext”.
This coupled with repeated “russian bad” comments peppered throughout. Article is bad.
Citation? The author of the article provides theirs, and a cursory glance at the chart that telegram themselves provides reveals that the authentication key is not encrypted at all.
Here’s the part of the article you may have missed that clarifies why that’s actually a huge issue:
Why exactly did Telegram create a proprietary messaging protocol that uses this “surprising and unnecessary protocol design choice, present neither in Signal nor WhatsApp”?
Maybe it was just a huge coincidence, compounded by other huge coincidences. You tell me. You have the opportunity to blow this article wide open.
Blah blah blah. My point concerned the title and only the title. All the rest is irrelevant. I know every bit as much about Telegram as you do.