A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
Thank you for your technical work, and for patiently explaining things to people in the comments. This is a really incredible thread to encounter on the Fediverse.
Telegram is used by anti-Putin resistance groups like BOAK and Resistance Committee. They advertise channels that are relatively easy for anyone to join without needing privileged access. As long as they're not using Russian-purchased sims to manage and post to the channels, how does this change their security model going forward?
As long as they’re not using Russian-purchased sims to manage and post to the channels, how does this change their security model going forward?
If IStories' reporting on GNM's connection to FSB and GNM's access to Telegram's traffic is correct – and I have no reason to believe otherwise, this has gone through two rounds of fact-checking and these are people who had been sued for "defamation" in the most journalist-hostile, oligarch-friendly jurisdiction in the world (UK) and have repeatedly won – then this means the threat model now includes the FSB potentially being able to:
Both of these globally, regardless of what SIM card was used to register any of accounts involved, and without having to ask Telegram for any data.
I don't know if FSB is actually using this capability, and to what extent, and against whom. But based on IStories' reporting and on my own packet captures analysis it is entirely possible for them to do so if they choose to.
For those organizations like BOAK and Resistance Committee, Telegram functions as a home page for making public announcements. It is superior to having a website because it can't be DDOS'd, has fewer attack surfaces that the organization has to be responsible to keep secure, doesn't have ICANN WHOIS reporting, or need someone's credit card on file. It's also free and benefits from the network effect of Telegram's existing popularity.
Do you think that Telegram can continue to be used for this purpose while taking additional security precautions? Or do you think the risk is too great, and no amount of precautions can justify using the service?
Do you think that Telegram can continue to be used for this purpose while taking additional security precautions?
No. Their very existence on Telegram is drawing more people to Telegram, and helping keep on Telegram people who might already be thinking of leaving it. Publishing on Telegram helps the FSB spy on more people. In this case, people who are anti-Putin.
In other words, by continuing to use Telegram and thus by drawing more people onto that platform and keeping them there through network effects these organizations are drawing people opposed to Putin's regime directly into FSB's dragnet.
I cannot see this as anything but massively irresponsible.
Or do you think the risk is too great, and no amount of precautions can justify using the service?
In my opinion the only somewhat justifiable way to use their Telegram presence today would be to try and get people who are on Telegram out of Telegram. But that's a very tall order, and would have to be done thoughtfully, carefully, and with a plan.
Thank you for your work. It's sad we live in a world where honeypots and surveillance are a thing.
How does this fit into these two pieces of news?
I guess the xAI thing might just be a money grab for Telegram and Durov.
The Russian MPs thing might be a red herring, there's been plenty of stuff recently aimed at distracting from this Telegram story – including a brand new interview by Tucker Carlson with Durov.
Telegram and Durov knew for weeks this is coming, as the investigative journalists had tor each out for comment. So they had time to prepare their little games.
Hm, makes sense, but I feel like we're still missing something.
I saw comments about Durov, similar to this investigation, maybe around a month ago.
With the xAI partnership news, I looked into it and found this nice thing:
In Telegram, you can clear them one by one, or date ranges, or use disappearing messages, but this tool still found some I had missed.
(Disclaimer: I got pulled into Telegram by some friends leaving WhatsApp with the policy changes of 2021, my threat model is less one of FSB, and more one of indiscriminate AI siphoning for ad targeting)
Also, AMA I guess.
No questions from me, just wanna say:
Excellent goddamned work.
Favorited this whole post for future reference.
What would you recommend as an alternative for the general non-technical population?
For the internet messenger functionality that would be Signal.
For other things (channels, mostly), anything that does not pretend to be end-to-end encrypted when it is not. A website with an RSS feed would be one trivial choice for channels that are open to anyone. Public communication like that has no business going through "platforms".
No questions. Hats off. Thank you for your service, it always seemed like a honeypot to me. Nice to see some evidence other than my gut feeling.
Thank you!
There were reports (claims I suppose) that the fsb were using telegram to organise the stochastic gig job sabotage across Europe.
Joining a neo fash telegram group, pretending to be a rich neo fash who wants to help the cause but not risk themselves and paying people for putting up posters, damaging equipment etc.
Does what has been found here shed any more light on that? I'd guess it would allow them to find these groups to target them very easily? That was the bit I couldn't quite understand from the original report, if so this all makes more sense.
There were reports (claims I suppose) that the fsb were using telegram to organise the stochastic gig job sabotage across Europe
No no, reports: https://www.msn.com/en-in/news/world/russia-uses-telegram-to-recruit-spies-and-saboteurs-in-europe/ar-AA1xshqO
Does what has been found here shed any more light on that?
Not really/not directly, I would say. What you are describing is FSB using Telegram for recruitment. That does not require network-level observability and surveillance. That's a different "feature", so to speak.
It's not that I don't believe them, but anything coming from spooks has to be looked at a little sideways.
Thanks for the reply. I just couldn't figure out how they had enough intelligence to find all these telegram groups, maybe that's easier for a nation state than I thought.
It's trivial for a nation state, they have lists of these groups. These groups are promoted in other groups and other channels and other forums and eventually reach somebody who will make a note of them.
Any advice for people that used it in the past? After reading the article, my understanding is that what was sent in "private chat" was in fact encrypted (for the most part) and can be considered secured (to the degree - something is off and, maybe we didn't find out yet, how the encryption is compromised). But it would wise to treat all other conversations as something that is compromised. Is this a fair summary?
After reading the article, my understanding is that what was sent in “private chat” was in fact encrypted (for the most part) and can be considered secured (to the degree - something is off and, maybe we didn’t find out yet, how the encryption is compromised).
"Secret Chats", but otherwise spot-on, yes.
I am making a point of clarifying here because Telegram thrives on ambiguity. "Private chat" might mean anything in that system. "Secret Chat" is a specific feature that almost nobody uses but gives Telegram cover to claim they do end-to-end encryption.
But it would wise to treat all other conversations as something that is compromised. Is this a fair summary?
Yes, that's what I would say.
Telegram has access to everything that is not a "Secret Chat". They are responding to data requests. It's unclear what they include in these responses. They are also linked to FSB, through the same Vedeneev guy that owned GNM (the infrastructure provider).
This is the part that resonated with me the most as the casual user. The interface is, so confusing that the differences between various forms of chats seems deliberately unclear. And all that's "useful" is opt-in. And Groups - most used in corporate or project setting, can't be encrypted at all? That's... peculiar.
Again, thanks for the eye-opener.
I hate how 50% of 'news' is literally like "1 equals 1" to me. It's fucking obvious.
Well, it was obvious to you. I'm a casual user, who tries to "do his best" and consider himself "somewhat informed" - obviously not by your standard. It was all news to me, and I find tremendous value in this article.
Thank you, that means a lot. For people working in information security it really feels sometimes that a). a lot of stuff is obvious, b). people just don't listen and don't care.
Your comment shows how incorrect this is. That really helps keep motivated.
No, I can't stress enough how much I appreciate it. What I do right now is sending this article with TLDR to all my friends and family.
I know, right? That's why investigative journalism is such a thankless, frustrating job. You need to prove beyond any doubt things that are often pretty obviously true.
Roman Anin and the rest of the IStories team did an absolutely amazing job. Found court documents going years back. Dug up signed statements and contracts. They did something nobody in the infosec community seemed to have done: actually looked at the IP addresses used by Telegram and followed that lead to its logical conclusion. And then published all of the receipts!
And still people will say this is "unsubstantiated" or find other ways to wave this off.
And yet this does move the needle. There is now proof of things we kinda sorta knew was probably true for years. It doesn't sound like much perhaps, but it's really important.
I hate it when I don't know an acronym, but this one is particularly hurtful to my brain since everyone is saying "yeah, that link to the FSB was obvious glad someone demonstrated it." So... I will just assume FSB=KGB and be done.
Anyway, most of our privacy "war fronts" are honeypots in one way or another. Take for example Tor network (high number of exit nodes are controlled). Except those apps or protocols that are truly decentralized (e.g. OMEMO in XMPP), these are good. But then again, they lag behind to our standards of "normal" Internet that connects us to the world, outside of our tiny circles of nerds.
Now, the thing with honeypots, is that they are there to catch some specific type of fly. If you were to use their network to take advantage of the features for anything that the "predator" behind doesn't care, you're fine. So, I will keep using Telegram for the memes and piracy channels...
From an OPSec perspective this is important news nonetheless and I will keep it in mind.
I hate it when I don’t know an acronym, but this one is particularly hurtful to my brain since everyone is saying “yeah, that link to the FSB was obvious glad someone demonstrated it.” So… I will just assume FSB=KGB and be done.
Russian FSB is the successor of the Soviet KGB, so yeah, that works.
Take for example Tor network (high number of exit nodes are controlled)
I substantiated my claims about Telegram by a pretty deep technical analysis. Mind at least providing a link for your pretty strong claim about Tor?
Except those apps or protocols that are truly decentralized (e.g. OMEMO in XMPP), these are good.
Nope. Decentralization is important from power dynamics standpoint, but can actually be detrimental to information security due to (among others) metadata and complexity.
Mind at least providing a link for your pretty strong claim about Tor?
I don't have one. Thanks for asking, you made me actually reconsider the truthfulness of my own statement... I was just parroting back what I heard many times, years ago, among the people that attended a hacklab from the city I was living in back then.
Same goes with the 'tip' that said that Tor was initially funded by the US Military (which apparently is true, but then the project turn out to be independent.) These two "facts" were presented, and parroted back and forth in that space a lot.
It would be great to have real analysis knowing which data centers or actors have the biggest control of exit nodes. If there's really a way to de-anonimyze any traffic from there.
PS. Since we are on the topic, another concern regarding Tor network is the possibility of correlation attacks. It always strikes me how ISP stops providing connection at 'random' if you were a frequent user. Pretty sure there's legal forces behind it... but that's my paranoia. Now those minutes or hours offline sprinkled here and there to my router were a fact. Anyway, the dark web is really full of a lot sick places. I'd rather just stay away from it entirely and use a VPN for my privacy when searching media and stuff. That's a lesson I learned.
Thank you, it is refreshing to see someone honestly and earnestly engaging in a conversation about this. The "Tor is a honeypot" thing is very often an all but religiously held belief.
It would be great to have real analysis knowing which data centers or actors have the biggest control of exit nodes. If there’s really a way to de-anonimyze any traffic from there.
To truly and reliably de-anonymize Tor traffic, one would need to run over 51% of all Tor nodes. Since the US is not the only entity potentially interested in that (Russia and China might be as well), unless these entities coordinate and share data, they will thwart one another from reaching that kind of saturation.
Since we are on the topic, another concern regarding Tor network is the possibility of correlation attacks.
It might be possible to somewhat fuzzily reason about Tor users by observing traffic on both sides of the tunnel, using timing and packet sizes for analysis. But a). it is going to be very fuzzy; b). it requires global network observation capability. NSA might or might not have that to some extent, but they would not risk exposing that for anything but the most valuable targets.
I'd rather just stay away from it entirely and use a VPN for my privacy when searching media and stuff.
VPNs are a specific tool for a specific thing, they don't "preserve privacy" in the general sense. You are basically trading ISP's or local spooks' ability to observe your traffic for VPN's operator's and the local spooks' there ability to do so. In some cases it makes sense, in some – not so much.
Depends on your threat model.™
If you were to use their network to take advantage of the features for anything that the “predator” behind doesn’t care, you’re fine.
But what will the predator care about tomorrow? Or next year? And how confident are you that aggregate data is not what they want, for whatever reason?
So, basically, this cool guy Durov sold an idea of a confidential messenger hosted by a russian FBI. Add there that you can't lawfully buy a SIM wihtout a local passport, so everyone using it as a lawful citizens have everything they've posted right to their registered entity. And that you can link persons even without obvious address book sniffing.