A very under appreciated aspect of Telegram’s protocol is that it’s designed by very, very weird people. Telegram scooped up a lot of winners of ACM ICPC contests in Russia, some of whom I’ve personally met, and the design of the protocol is exactly in line with the code these people generally write.
It’s really a showcase of how very high IQ and outstanding mathematical abilities mix with a distrust of existing technologies and a lack of expert intuition coming from more normal industry experience.
Just try implementing MTProto, or at least read the low-level docs, and you’ll see for yourself. Crypto isn’t the weirdest part. The whole thing is an attempt to define a binary protocol in terms of grandiose mathematical concepts most of which didn’t even end up ever used in the actual protocol. And there’s zero thought given to what’s actually important, making a bullet-proof syncing between server and client states (and that results in numerous bugs to this day).
Can’t discount malice, but I don’t believe that’s the case.
When Telegram first launched this was exactly my hypothesis. They found some mathematicians and (to paraphrase Bruce Schneier) they immediately tried to re-invent cryptography -- badly. Which is fine.
I assumed that after a few years and some success, Telegram would get more serious about this and replace its crypto with something better (maybe Signal protocol) in the same way that WhatsApp did. I also thought they'd eventually back up their privacy claims by deploying default end-to-end encryption for non-broadcast chats. After all that's the trend everywhere: even Facebook Messenger is now encrypted! But Telegram never, ever did this. They kept on making loud claims to be a privacy-preserving messenger, but they never added real privacy.
Telegram is near the top of a private list of tools/bizs I keep I call "Too Russian to Touch"
Technically I try to boycott everything with too strong of a connection to any of the so-called CRINK nations (ie. China, Russia, Iran, North Korea.) Its hard to enforce it perfectly. But where its easy enough for me to do, I do.
I guess the most backdoor-looking bug I've ever seen (referring of course to Signal Desktop's usage of React's __dangerouslySetInnerHTML to render user-supplied messages in a Node.js privileged context) is below the technical authors paygrade.
(https://thehackerblog.com/i-too-like-to-live-dangerously-acc...) - CVE-2018-11101
Nikolai Durov, who developed the Telegram encryption system, lives in St. Petersburg. He has retired from working in Pavel's companies - their roads with his brother have diverged. Now Nikolai is a senior researcher at the Russian Academy of Sciences = working for the Russian government.
Do you have a source for him living in Russia? He may be an honorary researcher, which is more likely, considering the two of them escapes Russia years ago with no intention to return.
The article seems to make the claim he lives there but it's not really backed up by anything. I checked his Wikipedia and the last update is him studying at the University of Bonn, way back in 2007. Doesn't seem like it's possible to verify the claim of his residency.
I wonder what the author’s other reservations about Telegram are? Hand rolled crypto is definitely a massive reason to be suspicious, but are there other issues the author is alluding to?
Telegram is not serious about security & privacy at all, for example:
1. It does not support end-to-end-encrypted (E2EE) group chat at all.
2. It does not enable E2EE chat by default.
3. "Secret Chat" (the only E2EE encrypted chat) experience is deliberated nerfed, it's not available on PC / Web and can only be initiated with a buried-in-dot-menu option in phone ap.
4. It had multiple weird 0-click attack surface in the past. [0]
In addition, Telegram always prefers usability over privacy, it does not do tradeoff, more like 100% usability 0% privacy. Users like this, but I don't know what to think about it.
[0] Signal isn't any better on this though, they refused to add an option to disable their video/audio call stack for those who don't use it to do attack-surface reduction.
This isn't terribly specific but its an encrypted chat app from an authoritarian country that in practice is accepted and used by the government. It has further managed to survive an increasingly tight enviornment for censorship and free expression that is distinctly worse than when the app launched.
Every online service has its fair share of malicious actors though, that isn't limited to Telegram. Whatsapp is used for a big chunk of phishing and scams in the Netherlands for example.
I was responding to this. But in most cases people will end up using the things that their communities use. I don't care much for reddit yet I am on reddit almost every day
It being removed is good, but the lack of communication about such a major part of the security being this weak erodes the little trust I had for Telegram
And this (in addition to the "this is the RIGHT way and if you do it the old way you're implicitly EVIL" self-righteousness) is why I have a problem with all the pseudo-DEI language changes: They hinder communication. Instead of one universally accepted term, you now come across at least half a dozen "better" alternatives for everything, and each time have to figure out what they mean, and whether they're just a more politically correct term for something existing, or imply some kind of actual difference.
We're talking about cryptographic shorthand here for which it seems perfectly fine. You might as well complain that not all message senders are called Alice.
I can't believe they changed this too. It's like context doesn't matter, as though "Man" wasn't used in a gender-neutral way in the term "Man-In-The-Middle".
People are free to choose to say PITM instead of MITM if they feel the original term is offensive, but it shouldn't be forced onto everyone (e.g. GitHub issues nagging maintainers to change MITM to PITM in order to be more "inclusive").
I think it makes sense, since it's an assumption that the attacker is a male. In security it should be a focus to be as precise as possible and not to introduce assumptions which might cloud your ability to judge other details.
> The term man (from Proto-Germanic *mann- "person") and words derived from it can designate any or even all of the human race regardless of their sex or age. In traditional usage, man (without an article) itself refers to the species or to humanity (mankind) as a whole.
Of course, the meaning of words change over time. But also, the meaning of words in a compound expression can be different from the meaning of the word on its own.
(See also how a pickpocket is not a type of pocked, nor is a cutthroat a kind of throat.)
The purpose of these forced changes is an American understanding of DEI, pretending it's not about that feels like a lie, and being told a transparent lie feels insulting to me because it suggests the person telling the lie considers me dumb enough to not see through it.
But the disc is inoffensive. Changing this wouldn't fix anything because we haven't found a clearer / clearly better icon for save afaik, so we stick we what we have.
But words shape the images we form in our minds. The issue with man-limited phrases is that we imagine men, specifically. That's also how words work and we know this through studies.
So we ought to fix this. But I'm sure OP already know why people seek to get rid of these unwanted gendering in idioms. That's not new anymore.
It's mildly annoying because we are used to the old term but that's very temporary, for the time of the transition. But I'm sure OP instantly understood the meaning of Person in the Middle the first time you saw it, so I have troubles understanding why someone would oppose such an evolution. Surely it's not about clarity.
We never fixed anything by refusing change and staying in the past.
Guys, I know you hate change, but if these terms were all so innocuous and innocent, why the hate against this small change?
I’m from Holland and we have this weird thing called Sinterklaas where we dress up as black people and basically make fun of them.
However, don’t tell them this because they will tear you a new one. How dare you touch these sacred traditions.
I feel the same way about master/slave and gendered bullshit. It’s not the end of the world and let’s not make it bigger than it is, but sometimes you at least just have to admit things are fishy.
Agreed entirely. The substitution in the article didn’t cause much inconvenience to the readers, even if it was new to them (it was new to me). But people sure seem to have an appetite for complaining about it rather than the substance of the article.
Because it's not "this one small change", it's friction added everywhere where you're trying to communicate, while also implicitly (and sometime explicitly) being called evil for using well-established language.
It's also not 1-2 terms, people come up with new, increasigly far-fetched reason to ban new terms every year.
I'm trying to submit a patch, but instead I have to deal with a linter telling me that "blacklist" is evil, so I'm now supposed to either refactor the existing software or tell some vendor to please change their URLs.
I'm trying to understand something, but I now first have to guess what a term is supposed to mean, because each keyword with a well-established meaning has now been replaced with half a dozen of new terms.
I'm trying to push a git repo to Github and things break because different parts got updated to the politically-correct "main" instead of "master" at different times.
It's a no-win situation, either you just silently take it and put up with it - but that makes the problem worse, because people come up with more bullshit, or you push back. Either way you're stuck dealing with this, as you call it yourself, bullshit.
We have got: master/slave, blacklist/whitelist, master and now person-in-the-middle.
I’m sure we’ll find a few others.
You’re telling me these few changes and new terminology are too confusing?
It’s not like we are rethinking all of language. It’s a couple of terms and minor tweaks in ways of thought.
The amount of pushback is IMO disproportional to the minor inconvenience caused by learning a thing or two.
Remember that a lot of jargon that I cannot even repeat here used to be common vernacular not so long ago. My parents (and even I) for example were brought up with timeless children’s songs such as “nikkers dansen de troelala” en “hanky panky shanghai”. I’ll leave those for Google.
Broadly, my objection is that these linguistic changes have had no positive impact on anything meaningful, and instead act as a corporate smoke screen for real issues.
For context to the above comment: "things are fishy" is a translation of a Dutch phrase "het klopt niet", which was thrown around during the pandemic, farmer's protests, a short lived qanon phase and other conspiracy thinking waves. It's an empty statement and feels tacked onto the above comment without explaining what exactly is fishy.
The push against making the Sinterklaas character of Zwarte Piet less of a racist stereotype is another culture war, provoked by shady organizations. Remember that there's foreign powers in whose interest it is to get people really upset over issues like this; they don't care who "wins", as long as people get upset over it and feel threatened by a boogieman.
Dutch people demand to know what is fishy about making a black face, dressing up in colonial clothes and acting childish. They think this is “empty talk”. There is a long, long list of these kinds of “cultural” behaviors. Especially the rural area is particularly backwards.
I don’t know what to say. Meet some people outside your bubble. It certainly helped me.
Anyway, the Dutch and their deep-rooted racism are only superficially related to this issue.
My main point was to say that there exists the possibility that you may be wrong about holding on to outdated norms and changing things might be a good idea. Sinterklaas is just a particularly obvious one, but as you show, a lot of people still have some way to go.
Not to be pedantic, but the comment you're replying to didn't mention iconography; "save" is still the word used, but when you think about it, it's a weird word to use for the act of storing something. "Save this file from being lost in case my computer shuts down" kinda thing.
I haven’t seen a floppy disk in weeks. And the noise it makes when I’m saving the drill protocol on which our monthly invoicing depends (+/- hundreds of thousands of euros) gives me cold sweats…
> The hypothesis has long been controversial, and many different, often contradictory variations have existed throughout its history.[2] The strong hypothesis of linguistic relativity, now referred to as linguistic determinism, is that language determines thought and that linguistic categories limit and restrict cognitive categories. This was claimed by some of the early linguists before World War II;[3] but, it is generally agreed to be false by modern linguists.[4] Nevertheless, research has produced positive empirical evidence supporting a weaker version of linguistic relativity:[4][3] that a language's structures influence a speaker's perceptions, without strictly limiting or obstructing them.
So there is empirical evidence that it has a non-zero impact on the way people view the world.
What's wrong with Person-In-The-Middle? If we can include more people and make the topic more accessible and move a little stone off of the patriarchy mountain, seems like an easy win to me. Assuming you believe that systemic privileges exist and that they are bad and should be changed.
It is cool to have different abbrev. for Meet-in-the-Middle and Man-in-the-Middle, it was both MitM before and sometimes cause confusion. But reading 'People-in-the-Middle' I also feel offended to the same level when people try to find alternative terms for pseudo-terminal (pty) master and pty slave.
That’s a lot of words to complain about someone adding a syllable.
But no, it turns out that your actual problem is you believe being interested in gender-neutral language makes you a member of “an extreme leftist cult”.
Well the attacker might very well not be a man. Besides the inclusivity thing it would be helpful not to jump to conclusions regarding any detail of the attacker if you try to investigate an attack.
You know what's funny? I'm always just barely interested in changes like this (git "master" to "main" f.ex.) and I would probably simply not care enough to rename my repos to main.
Then I read something like your comment and think to myself, that I really don't want to support your side of this argument and I start using whatever "newspeak" someone made up.
Do you genuinely think investigators would assume that they are dealing with a man based on that term? Hyphens included even? At that rate the attacker might as well just state he ( or she ;) didn't do it and we can just close the case right away.
Unless backed with solid evidence intent and use, assuming incompetence rather than malice is sufficient explanation of errors in security protocols' design and implementation. This stuff is hard and any shortcuts you take are quickly proven to be the weak points, any weak points become back doors.
Exactly. Adding a nonce like that was exactly what I did in a CS100 level course when I was over complicating a blackjack exercise that was intended to teach us about stack data structures. I'm really grateful to my prof who took the time to point out the issues with my RNG code instead of being annoyed that I'd turned in ~3x the average LOC.
This is such a basic cryptographic fail that one has to assume either the telegram team is incompetent or they were introducing a backdoor. Given that the excuse is so weak, one tends to assume the latter. I get rolling one's one crypto is hard, but this is a such an easily caught fundamental error that those are the options, and neither is good.
Keep in mind this is likely a hit piece in a press war. Telegram and Signal regularly attack each other, accusing the other of security and privacy failures. The number of times the author uses subjective words like “weird” and “bizarre” in a strictly technical analysis exposes their bias.
See Durov’s (Telegram founder) recent announcement regarding Signal.
> A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad
> Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick .
> Keep in mind this is likely a hit piece in a press war. Telegram and Signal regularly attack each other, accusing the other of security and privacy failures.
That argument seems like false balance.
One of the two is peer-reviewed and is participating in productive exchange with academic industry security specialists; the other is reinventing the wheel and tapering over the numerous resulting red flags with a huge marketing budget.
Their respective public statements simply do not have the same weight.
> Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones
This is technically impossible on iOS due to its app distribution model. If Telegram claims anything else, that’s concerning.
> Keep in mind this is likely a hit piece in a press war.
I don't use either but if the article isn't completely made up this does at least look super incompetent and not just like picking on random things about the other messenger.
It is worded as an accusation for what might’ve been an innocent mistake. Look how many times the author uses the word “weird”, a very subjective word to use in a seemingly technical analysis.
Absolutely nothing the author said is even remotely controversial in the cryptographic community.
MTProto is weird and countless choices made in its design are bizarre with no clear rationale. Throwing in confusing and cryptographically unnecessary steps with thin rationalizations is par for the course.
Its authors have specifically chosen an approach that all but guarantees lots of “innocent mistakes”.
You’re confusing formal/informal language and strong/hedged claims here.
The article is not a scientific paper, but even in those, if you know how to read them, you’ll find authors saying “this is very weird”, albeit in different words.
Signal is a very open company and the protocol has had extensive scrutiny, and has a history of making good choices, like minimising the data they hold and defaulting to E2EE, as well as being hated by approximately all governments.
Telegram is extremely opaque, deliberately conflates various security things, doesn't default to encrypting anything, doesn't support encrypted group chats, has been hacked several times, and is extremely tolerated by very repressive regimes.
It’s really a showcase of how very high IQ and outstanding mathematical abilities mix with a distrust of existing technologies and a lack of expert intuition coming from more normal industry experience.
Just try implementing MTProto, or at least read the low-level docs, and you’ll see for yourself. Crypto isn’t the weirdest part. The whole thing is an attempt to define a binary protocol in terms of grandiose mathematical concepts most of which didn’t even end up ever used in the actual protocol. And there’s zero thought given to what’s actually important, making a bullet-proof syncing between server and client states (and that results in numerous bugs to this day).
Can’t discount malice, but I don’t believe that’s the case.