this post was submitted on 25 Aug 2024
405 points (98.6% liked)

Privacy

31987 readers
322 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

(Cross-posted from: https://lemmy.dbzer0.com/post/26559848/)

Some significant news for Telegram users!

See this article for some interesting backstory context on Pavel Durov and Telegram: https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8

Since the post article is in French, here's an auto-translation:

Pavel Durov, the founder and CEO of the encrypted messaging service Telegram, was arrested around 8 p.m. on Saturday evening as he got off his private jet on the tarmac of Le Bourget airport. The 39-year-old Franco-Russian was accompanied by his bodyguard and a woman.

The arrest was carried out by the gendarmes of the GTA (Air Transport Gendarmerie). Registered in the RPF (wanted persons file), Pavel Durov came straight from Azerbaijan. He had over his head a French search warrant issued by the OFMIN of the National Directorate of the French Judicial Police, issued on the basis of a preliminary investigation.

Why was he under threat of a search warrant?

The Justice considers that the lack of moderation, cooperation with the police and the tools offered by Telegram (disposable number, cryptocurrencies, etc.) makes it complicit in drug trafficking, paedophile offences and fraud.

This search warrant ran if, and only if, Pavel Durov was on national territory. "He made a mistake tonight. We don't know why... Was this flight just a step? In any case, he's locked up!" a source close to the investigation told TF1/LCI. Since he knew he was persona non grata in France, Pavel Durov used to travel to the Emirates, the countries of the former USSR, South America... He travelled very little in Europe and avoided countries where Telegram is under surveillance.

And now?

Investigators from the ONAF (National Anti-Fraud Office attached to the Customs Directorate) notified him and placed him in police custody. He is expected to be presented to an investigating judge this Saturday evening before a possible indictment on Sunday for a multitude of offences: terrorism, drugs, complicity, fraud, money laundering, concealment, paedophile content...

"Pavel Durov will end up in pre-trial detention, that's for sure," comments an investigator to TF1/LCI. "On his platform, he allowed an incalculable number of misdemeanours and crimes to be committed for which he does nothing to moderate or cooperate," said a source close to the case.

His pre-trial detention at the end of his indictment is indeed in no doubt. Pavel Durov, a billionaire, has substantial means to flee and his guarantees of representation will hardly convince the judges.

A net with international resonance

For the investigators, this international sweep has various objectives. First, it makes it possible to kick the anthill, impress and deter the perpetrators of crimes and offences who exchange, until now, freely on Telegram. Secondly, they aim to put pressure on European countries to step up joint work to make secure messaging on terrorist cases bend.

Indeed, Telegram is a hive of criminal content. At the moment, the platform is in the news with the illegal broadcasting of Ligue 1 matches. But on this encrypted messaging service, many accounts are used by organized crime. Beyond terrorism, the most dangerous pedophiles communicate on Telegram to exchange content. "It has become for years THE number 1 platform for organized crime," comments an investigator.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 173 points 2 months ago (4 children)

I don't care much for the guy, but the fact he gets arrested for the service is a bad sign for private messaging in Europe.

[–] [email protected] 91 points 2 months ago (2 children)

Telegram is not private messaging.

[–] [email protected] 46 points 2 months ago (4 children)

To add to that. Russian government was demanding to be able to access messages or will ban Telegram in the country.

Did not hear anything beyond that, but Telegram continues to operate there.

[–] [email protected] 8 points 2 months ago (2 children)

Durov was travelling to France from Azerbaijan, where he had been meeting with Putin. There's a theory that he basically surrendered to the French authorities so as to avoid retaliation for saying no to Putin too many times.

[–] [email protected] 13 points 2 months ago (1 children)

Where did you read about a meeting with Putin?

[–] [email protected] 0 points 2 months ago

I read it on a reddit thread about this arrest story. However, looking it up Putin declined to meet with him. That still kind of fits with him turning to France for safety.

[–] [email protected] 9 points 2 months ago (1 children)

That’s wild. Remember where you read that?

[–] [email protected] 0 points 2 months ago

Him turning himself in for safety is pure speculation at this point, however he was due to meet with Putin in Azerbaijan, until Putin declined.

[–] [email protected] 7 points 2 months ago (1 children)

Russia banned Telegram, everyone (incl. the government) continued to use it, Russia unbanned Telegram - that's how it looks from here. A government official told me Telegram being unbanned was just a matter of time when it was still banned.

[–] [email protected] 2 points 2 months ago

That's what they say. I only trust encryption and not people.

[–] [email protected] 7 points 2 months ago* (last edited 2 months ago)

There wasn't any legal ban. RosCommNadzor slowed down TG like they recently did with YT (it can barely load a music track without VPN) without any court decision because they can, it went for a week or so, and then it was lifted. Nobody knows why, but there is a suspicion that TG started to cooperate with russian authorities, in a non-automatical manual manner. Some suspect it was a PR campaign to make it as popular as it is now.

It didn't leak stuff as far as I know, that's done by bots like Глаз Бога that accunulate all info on a person and frequently used in OSINT and deanon\bullying, but blocking popular bots and channels that are too annoying to Russia is what they do. From the top of my head: CleverVoting (Умное Голосование, УГ) channels from Navalny's team*, channels for cooperation of protest of soldiers' wives, separatist channels from Bashkortostan and other places. I've seen iranians also posted that they had their protest channels banned - and Iran and Russia banned free and popular VPNs at the same time, spoiling their cooperation.

* Durov's public comment on that gave birth to a meme. He implied that there are just two ways: either banning it from TG or having TG banned on the whole territory of Russian Federation. As a copypasta it was transformed millions of times, and if it hasn't lost it relevance, we could've probably seen a boykisser version of it.

[–] [email protected] 3 points 2 months ago (1 children)

Telegram has been banned in Russia, as far as I heared.

[–] [email protected] 4 points 2 months ago (3 children)

They do support e2ee in private chats

[–] [email protected] 20 points 2 months ago* (last edited 2 months ago)

Not activated by default. First strike. Cannot be activated in group chats. Second strike.

[–] [email protected] 13 points 2 months ago (1 children)

Yes, they do, but it's very inconvenient. You can't access such chats on desktop, no cloud syncing...

[–] [email protected] 0 points 2 months ago (2 children)

Hey at least it exists. And don't that features make it more vulnerable? You need to store the encryption key in the cloud to make that work conveniently.

[–] [email protected] 12 points 2 months ago (2 children)

Signal doesn’t store your encryption key in the cloud and yet it supports e2ee messaging on multiple devices including desktop.

[–] [email protected] -4 points 2 months ago

It requires a QR code to connect a new device which I didn't consider convenient but I guess I was too strict on that one.

[–] [email protected] -5 points 2 months ago (3 children)

Do we know how it does that. Signal is praised for security, but a lot of things it does feel iffy and don't make me trust it.

[–] [email protected] 8 points 2 months ago (2 children)

Signal is open source. Go read the source or a write up describing what it does.

[–] [email protected] 2 points 2 months ago

Unlike WhatsApp, yet people seem to trust that more lol.

[–] [email protected] -1 points 2 months ago

Did you compile and use that on your phone or are you using the app in the app store?

[–] [email protected] 4 points 2 months ago

You have to scan a qr code when installing an app on another device. I assume it's a safe way to transmit the key without having it transmitted over the network.

[–] [email protected] 2 points 2 months ago (1 children)

a lot of things it does feel iffy and don’t make me trust it.

Like what? It's open source and has many cryptographer's eyes on it as it's the "golden standard" of encrypted messaging apps.

[–] [email protected] 1 points 2 months ago (1 children)

There are some red flags for me:

  • first I doubt anyone compiled the code themselves and use what's in the app store
  • the insistence to be tied to the phone number
  • refusing to work if you don't update (in the app store)
[–] [email protected] 1 points 2 months ago

first I doubt anyone compiled the code themselves and use what’s in the app store

Molly-FOSS exists and is basically a Signal fork built by a third party that removes any non FOSS components. So there are groups of people who are building the Signal code and enhancing it.

the insistence to be tied to the phone number

This is a legacy requirement (Signal used to send encrypted messages via SMS) and is now primarily used for spam mitigation. This feature is unfortunately (or fortunately depending on your POV) costing them millions now, so I suspect they will eventually be forced to look to alternative spam mitigation methods as the cost to benefit ratio starts looking cheaper at spending engineer/developer time to figure out some alternative method.

refusing to work if you don’t update (in the app store)

If you're referring to the expiration of the app ever ~90 days, this is security feature. It prevents people from using old/outdated and potentially insecure or unpatched versions of Signal. Secondly, you don't need to update via the app store. There are some Signal forks (not sure if Molly is one of them) that remove this expiration, but even they will state that you should not expect the app to work forever as Signal's always being updated and using an old client will always be liable to break as its basically not being maintained.

[–] [email protected] 4 points 2 months ago

You don't have to store the encryption key in the cloud. Just the encrypted data. Signal does it this way.

[–] [email protected] 10 points 2 months ago

They use a custom encryption protocol and there's been bugs that look like a backdoor.

https://grapheneos.social/@GrapheneOS/113020871978942265

[–] [email protected] 21 points 2 months ago

I think it's even more of a French thing than an EU thing. France is known for implementing censorship and stuff recently.

[–] [email protected] 17 points 2 months ago* (last edited 2 months ago) (1 children)

I think you and most people in this thread have been mislead by the article because of the closing remark.

Beyond terrorism, the most dangerous pedophiles communicate on Telegram to exchange content.

But it isn't the private stuff he is being prosecuted for though AFAIK (although it might have been reported by "traitors" within those chats).

Unlike Signal, there are public chat groups and channels and I presume these are the ones which got him into trouble for propagating illegal activity.

From another article...

terrorism, narcotic supply, fraud, money laundering, receiving stolen goods and others.... he allowed an incalculable number of offenses and crimes to be committed, which he did nothing to moderate

The platform has faced issues of misinformation and hate speech, especially antisemitic speech following October 7, 2023.

[–] [email protected] 5 points 2 months ago (3 children)

So platforms are now liable for everything people post? This seems like a free pass to censorship and authoritarian control.

[–] [email protected] 7 points 2 months ago (1 children)

What do you mean 'now'? Even 4chan had to remove illegal things, this isn't new.

[–] [email protected] 4 points 2 months ago

In the US platforms are shielded from liability with the exception of CSAM

[–] [email protected] 4 points 2 months ago

The platforms should be held liable when those groups can easily be accessed by anyone, and moderation would be "simple" as the conversations aren't even encrypted. We aren't asking for more of Telegram than Youtube or Facebook

[–] [email protected] 4 points 2 months ago

Just like how municipal governments are responsible for every crime that occurs in city limits!

Wait a minute

[–] [email protected] 0 points 2 months ago (1 children)

If you don't care for the guy, you will nearly certainly lose privat messaging in Europe. Maybe, it's even too late by now.

[–] [email protected] 13 points 2 months ago (2 children)

No. Pavel Durov is a nut and he is not out there saving private communication. Signal is offering the most accessible e2ee messenger right now. Telegram has questionable security on their optional e2ee chats which is also not the default.

But the people trying to save e2ee in europe are activists and politicians. Patrick Breyer has done excellent reporting on the chat control plans of the EU.

Durov is just some dude peddling his mid messenger

[–] [email protected] 4 points 2 months ago (2 children)

Wasn't Signal revealed to have NSA backdoor or I am confusing it with something else?

[–] [email protected] 1 points 2 months ago

I have googled it and I just found this report here.

[–] [email protected] 1 points 2 months ago (1 children)

I think you're confusing it, I haven't heard that at least but it's possible I missed it! Though signals apps and I believe even server code are open source so this would have been tricky to accomplish.

[–] [email protected] 1 points 2 months ago (1 children)

Okay, now I'm wondering, can we actually check if servers run on this published code or modified version?

[–] [email protected] 2 points 2 months ago

no, but the client code already guarantees e2ee

[–] [email protected] 2 points 2 months ago (1 children)

Signal is offering the most accessible e2ee messenger right now.

Doesn't matter. In the reach of EU, some law about Chat Control. If they make this into law, no provider within the EU will have a choice in this matter.

[–] [email protected] 1 points 2 months ago

good thing Signal is US-based. I hope it will remain possible to use their service in the EU though...