this post was submitted on 10 Jun 2025
169 points (98.8% liked)

Technology

39151 readers
191 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
169
Telegram is indistinguishable from an FSB honeypot (rys.io)
submitted 3 days ago by rysiek@szmer.info to c/technology@beehaw.org
62 comments fedilink hide all child comments
 

Investigation by investigative journalism outlet IStories (EN version by OCCRP) shows that Telegram uses a single, FSB-linked company as their infrastructure provider globally.

Telegram's MTProto protocol also requires a cleartext identifier to be prepended to all client-server messages.

Combined, these two choices by Telegram make it into a surveillance tool.

I am quoted in the IStories story. I also did packet captures, and I dive into the nitty-gritty technical details on my blog.

Packet captures and MTProto deobfuscation library I wrote linked therein so that others can retrace my steps and check my work.

you are viewing a single comment's thread
view the rest of the comments
[–] Five@beehaw.org 5 points 1 day ago* (last edited 1 day ago) (1 children)

Thank you for your technical work, and for patiently explaining things to people in the comments. This is a really incredible thread to encounter on the Fediverse.

Telegram is used by anti-Putin resistance groups like BOAK and Resistance Committee. They advertise channels that are relatively easy for anyone to join without needing privileged access. As long as they're not using Russian-purchased sims to manage and post to the channels, how does this change their security model going forward?

[–] rysiek@szmer.info 2 points 1 day ago (1 children)

As long as they’re not using Russian-purchased sims to manage and post to the channels, how does this change their security model going forward?

If IStories' reporting on GNM's connection to FSB and GNM's access to Telegram's traffic is correct – and I have no reason to believe otherwise, this has gone through two rounds of fact-checking and these are people who had been sued for "defamation" in the most journalist-hostile, oligarch-friendly jurisdiction in the world (UK) and have repeatedly won – then this means the threat model now includes the FSB potentially being able to:

  • figure out where a user is in the world just by observing their Telegram network traffic, live or close to live;
  • with some additional analysis, based on timing and packet sizes correlation, probably figure out who that user is communicating via Telegram.

Both of these globally, regardless of what SIM card was used to register any of accounts involved, and without having to ask Telegram for any data.

I don't know if FSB is actually using this capability, and to what extent, and against whom. But based on IStories' reporting and on my own packet captures analysis it is entirely possible for them to do so if they choose to.

[–] Five@beehaw.org 1 points 1 day ago* (last edited 1 day ago) (1 children)

For those organizations like BOAK and Resistance Committee, Telegram functions as a home page for making public announcements. It is superior to having a website because it can't be DDOS'd, has fewer attack surfaces that the organization has to be responsible to keep secure, doesn't have ICANN WHOIS reporting, or need someone's credit card on file. It's also free and benefits from the network effect of Telegram's existing popularity.

Do you think that Telegram can continue to be used for this purpose while taking additional security precautions? Or do you think the risk is too great, and no amount of precautions can justify using the service?

[–] rysiek@szmer.info 2 points 21 hours ago* (last edited 21 hours ago) (1 children)

Do you think that Telegram can continue to be used for this purpose while taking additional security precautions?

No. Their very existence on Telegram is drawing more people to Telegram, and helping keep on Telegram people who might already be thinking of leaving it. Publishing on Telegram helps the FSB spy on more people. In this case, people who are anti-Putin.

In other words, by continuing to use Telegram and thus by drawing more people onto that platform and keeping them there through network effects these organizations are drawing people opposed to Putin's regime directly into FSB's dragnet.

I cannot see this as anything but massively irresponsible.

Or do you think the risk is too great, and no amount of precautions can justify using the service?

In my opinion the only somewhat justifiable way to use their Telegram presence today would be to try and get people who are on Telegram out of Telegram. But that's a very tall order, and would have to be done thoughtfully, carefully, and with a plan.

[–] Five@beehaw.org 1 points 17 hours ago (1 children)

What platforms do you approve of that could be viable alternatives?

[–] rysiek@szmer.info 2 points 17 hours ago

Signal would be a good replacement for private messages and groups. I'm in groups of hundreds of people there, I'm sure larger groups exist.

As to channels… seriously just set up a simple website with an RSS feed? That's the simplest. A lot of providers have free DDoS protection now as well. If you're worried about privacy and whatnot, choose a provider like 1984.is or FlokiNET.

The broader point is: we really need to get people out of centralized platforms and onto less gate-kept spaces. Because with centralized platforms it is always possible they enshittify or turn out to be bad in some important way, and when that happens, the network effects hold us and our audience ransom. Moving back to web is one way of doing that. Joining the Fediverse (hullo!) is another.

And yes, I am waiting for truly decentralized end-to-end encrypted internet messaging tools to become usable enough to replace Signal eventually. One thing I am looking at – and again, it is not ready yet! – is Cwtch. Another thing I am really hopeful for is the Veilid protocol. But these are still ways off from being ready for prime time and widespread non-techie use. One day though!