
Once Celebrated in Russia, Programmer Pavel Durov Chooses Exile - dnetesn
http://www.nytimes.com/2014/12/03/technology/once-celebrated-in-russia-programmer-pavel-durov-chooses-exile.html?ref=technology&_r=0
======
moxie
There's been a lot of controversy over the Telegram encryption protocol. Any
cryptographer that looks at it cringes, but Telegram has deep pockets and has
done a decent job building hype.

Beyond doubts with the protocol itself, I think the more important
consideration is that _most people never use it_. Telegram is not encrypted by
default. Users have to create a special "secret chat" with contacts that is
ephemeral, and some Telegram clients don't even support that mode. Last I
checked, there was no way to have group "secret chats" in any client at all.

The result is a situation where many users seem to think that Telegram is
somehow secure by default, when it definitely isn't. Telegram even stores
_plaintext copies of everyone 's entire message history_ on the server for
multi-device sync.

I think what Telegram is doing right now is dangerous, and potentially another
Lavabit in the making. I'd like to see them incorporate a modern end to end
encryption protocol, and enable it by default.

To be transparent, I work on TextSecure and am involved with the WhatsApp end-
to-end encryption project.

~~~
desireco42
Thank you for bringing this up, I was under impression telegram would be
secure by default.

~~~
darkhorn
The communication with the server is encrypted, if you use the official apps.
If you use secret chat they are not stored as plain text on the servers and
you can make them auto destroy. Also you can delete your chat history. But it
is better than WhatsApp because it is not part of governmental control.

~~~
tptacek
Totally bogus. TextSecure-enabled WhatsApp is end-to-end encrypted using a
widely-respected cryptographic messaging scheme. Telegram isn't. The point of
serious end-to-end encryption is that _it doesn 't matter who runs the
servers_.

TextSecure-enabled WhatsApp beats Telegram on a pure engineering level; we
don't even need to reach politics to prefer it.

~~~
utnick
Whatsapp right now hides all of the encryption from the user, doesnt have a
way to do key verification, so its trivial for the whatsapp server to do a
Mitm on your conversations. I know they are working on that and I fully expect
whatsapp to be the best messenger out after they are finished. But right now,
by an objective measure, it would seem like telegram is more secure

~~~
tptacek
I would be interested in finding out whether there's a cryptography engineer
anywhere out there who would say "Telegram is more secure than
WhatsApp+Textsecure is today".

------
incanus77
I met and talked with Pavel last year in St. Petersburg at the VK office and I
found him very curious, humble, and quiet. I enjoyed it a lot and I appreciate
his sense of humor. In fact he showed me their conference room, which is
decorated like a medieval torture chamber:
[http://tinyurl.com/nm7pqt2](http://tinyurl.com/nm7pqt2) We didn't get into
the details but I appreciate that he didn't take the standard approach to
plain old conference rooms.

~~~
prostoalex
Not sure if this was meant as a sarcasm, but quirky conference room design (or
names, or names) are the new standard in corporate spaces

[http://www.metropolismag.com/December-2013/Rooms-with-a-
View...](http://www.metropolismag.com/December-2013/Rooms-with-a-View/)

[http://fortune.com/2014/03/27/see-you-at-the-4-oclock-
standu...](http://fortune.com/2014/03/27/see-you-at-the-4-oclock-standup-in-
darth-jager/)

[https://blog.theidealists.com/rad-spaces/rad-spaces-
conferen...](https://blog.theidealists.com/rad-spaces/rad-spaces-conference-
rooms-that-arent-boring/)

[http://indohomedesign.net/great-googles-office-in-
pittsburgh...](http://indohomedesign.net/great-googles-office-in-pittsburgh-
usa/)

You'd be hard-pressed to go around Valley and find a company that does not
feature an incredibly inventive conference space. Even IBM's Almaden location
has some.

------
michaelhealy
Pavel seems to be a great person, building a gift to society & mankind. He
puts the users/people before himself, stands behind their rights and believes
in strong ideals such as freedom of speech and privacy. I don't think you can
say the same about many other internet companies/services.

If you look at his previous company VK. It is by far a superior experience to
Facebook, given how intuitive, fast and sleek it is. Images load 3 times as
fast and has many features which FB does not have. I use daily to keep in
touch with my friends in Belarus, Ukraine and Russian. I only wish more of my
friends used it. He has an incredible eye for design and product.

When people refer to VK being a clone of Facebook. This is innovation. Did
Facebook invent the idea of Social Networking? It must be extremely annoying
to be constantly referred to as "Russia’s Mark Zuckerberg" and having VK being
constantly compared to FB.

Here he has had a brilliant opportunity for a fresh start, freedom to create
something better than before and I'm sure he will take advantage of it.

As Steve Jobs put it. "Getting fired from Apple was the best thing that could
have ever happened to me. The heaviness of being successful was replaced by
the lightness of being a beginner again, less sure about everything. It freed
me to enter one of the most creative periods of my life." Steve Jobs, 2005"

Everyone should look forward for what is to come with Telegram. There is some
really great technological innovations going on. They've invented a new
protocol([https://core.telegram.org/techfaq](https://core.telegram.org/techfaq))
and have a great API to utilise this
technology([https://core.telegram.org/](https://core.telegram.org/)).

I'm sure you'll like it. Check it out:
[http://www.telegram.org](http://www.telegram.org)

~~~
osipov
Pavel is widely seen by the Russian developer community as a sort of a
douchebag who flaunts his wealth in ways that would seem crass to someone from
Silicon Valley. Just look at the guy throwing paper planes made from money at
a crowd of onlookers:
[http://youtu.be/2pxTpFqX6rI?t=25s](http://youtu.be/2pxTpFqX6rI?t=25s)

~~~
tomp
I view money planes as a joke. In any case, which is better, openly giving
money away, or secretly colluding to keep employee wages down? Personally, I
prefer his "crassness" to the crassness of the SV elite.

~~~
dreamweapon
No one objected to his "openly giving money away"; it was that he made a
public display of basically _pissing_ it away, and watching the commoners
scramble for it. And what starts with sophomore-level crassness the sort Durov
made himself famous for tends to morph into the more genteel, but
systematically more pernicious (that is to say: white-collar) crassness you're
referring to, later on.

------
valar_m
_During the standoff with the SWAT team, which took place soon after, he
wouldn’t answer the door. They went home after an hour._

Wait, what? Is that what police in Russia normally do? This would never, ever
happen in the United States. LAPD actually even has a "Wrong Doors Unit" which
goes around repairing broken down doors when the cops raid the wrong
address.[0]

[0] [http://www.dailynews.com/20080316/repairs-help-rebuild-
lapds...](http://www.dailynews.com/20080316/repairs-help-rebuild-lapds-image-
when-wrong-door-broken-down)

~~~
V-2
You are judging it by Western standards. They may have nothing on him and
don't actually mean to arrest him etc., it's just intimidation tactics

~~~
valar_m
Yeah it definitely sounded like an intimidation attempt, though a rather ill-
conceived one. If they had a search warrant, it seems odd to me that they
chose not to force entry.

If they didn't have a warrant, I would think they would have a plan if consent
was not given to enter -- getting punked out when intimidation was your goal
is a pretty embarrassing result.

~~~
V-2
It's sort of a Russian tradition, valar_m. Even the most powerful were
harassed like that, and even in Stalin era the police would just back off
sometimes. It's not them punking out; it's showing contempt. "We are not in a
rush, little one". The purpose is to wear the victim down.

"[General] Zhukov had always been notified about meetings so this impromptu
one worried him. The night before the meeting, three men came to Zhukov’s home
for a random search, but they had no warrant. Zhukov threatened to use
weapons, forcing them off his property. After they left, he did not sleep the
entire night, fearful of the next morning."

[https://huhtaj.wordpress.com/scholarly-writing/power-
struggl...](https://huhtaj.wordpress.com/scholarly-writing/power-struggle-the-
zhukov-stalin-conflict/)

He pulled a rifle against NKVD functionaires and they walked away. Was it THAT
soft under Stalin's regime? No, it's just toying. Cat and mouse. It's about
sending a message: we can get you any time we want, even if you're a world
famous general or Russian Zuckerberg etc.

American, or, in general, Western commentators often don't understand this
type of moves because they belong to a different political vocabulary, so to
speak. "Hah! They even had no warrant, how amateurish of them" \- no, that's
the POINT.

This could likely be part of some behind-the-scenes "negotiations" between
Kremlin and the owner of VK...

Police brutality and abuse in the West (or probably anywhere, for that matter)
is a fact of life, but this is not the same thing.

~~~
valar_m
I know "thanks!" comments are frowned upon, but I wanted you to know that I
appreciate your response. You are absolutely correct, at least in my case,
about Westerners being unfamiliar with the underpinnings of this society.
Thanks for shedding a little bit of light.

~~~
V-2
I never frown upon being thanked ;) pleased to know my two cents were useful

------
ajuc
> 67 years ago Stalin defended from Hitler his right to suppress Soviet people

Great quote.

~~~
osipov
A very naive view targeted at equally naive Western audiences. Repression in
USSR after WW2 was negligible compared to 1930s.

~~~
asgard1024
It wasn't negligible in my country (Czechoslovakia), where the USSR was the
model. I think almost everybody felt relief when Stalin (and Gottwald) died.
Maybe Stalin didn't oppress people much after the war, but he still got the
_right_ to do so, and the Durov's sentence is 100% correct.

~~~
osipov
All governments oppress people. The real issue is to what extent they do so
and what fraction of the people consider themselves oppressed. Unfortunately
the frontlines after WW2 where redrawn and Czechoslovakia was in the
unenviable position of having to defend the Warsaw Pact while its population
wasn't fully supportive of this position. Those who opposed (anti-Stalinists)
were oppressed. As a mirror image, consider Greece where pro-Stalinist
communists were oppressed in 50s and 60s.

------
Evgeny
_A few weeks later, he and other VKontakte executives folded 5000-ruble notes
— worth about $155 at the time — into paper airplanes and threw them out an
office window, sparking a fight in the street below._

I'm wondering if that can be qualified as "mean". Doesn't look like a nice
thing to do. I also can't see what was the motivation other than "Look, I'm
rich".

~~~
michaelhealy
I believe this was after a VK executive received a bonus from the company and
someone had made a joke along the lines of "look you've made it".

The employee responded to say that money wasn't his motivation. Instead, it
was the idea of creating and building stuff.

To prove his point, he threw the bonus money out of the window in paper
planes.

This could imply that money really wasn't/isn't the motivation.

Maybe this was slightly foolish given the media's/public interpretation. I
don't think this act had a "mean" intention.

~~~
dreamweapon
_I don 't think this act had a "mean" intention._

It certainly wasn't "mean". But given the hardships many people in Russia (who
don't happen to be petrochemical, banking, and/or internet oligarchs) face, it
went well beyond "slightly foolish."

------
eklavya
I think people ignore one very important aspect of Telegram which is privacy.
All other chat apps just want all my private data. There is no privacy at all,
I feel almost naked. After coming to know about Telegram I couldn't be
happier. I don't care if the encryption in strong or not, at last I have a
chat app which many people use and isn't a total privacy nightmare.

~~~
eklavya
Downvote all you want but please share your perspective also.

~~~
Karunamon
That's just it - there is no privacy. You've got a client which stores
plaintext messages server side, just waiting to be broken into by
(hackers/government agents/kiddies). The messages are being sent unencrypted
unless you enable the "secure" (it really isn't) mode anyways, so we can also
add "people who can sniff your traffic" to the list of adversaries.

That's pretty much the polar opposite of "private".

~~~
knivets
> "secure" (it really isn't)

There was a contest held by Pavel, with $200k prize who will break this "weak
security". No one succeeded.

~~~
tptacek
You're being downvoted because that's not how cryptanalytic research works.

~~~
eklavya
You are missing my point, privacy from data brokers and advertising industry
:)

~~~
Karunamon
Ah, so you mean the kind of "privacy" that's both the easiest to complain
about and has the most minimal impact on your life?

~~~
eklavya
That is really subjective. People having all sorts of private info about me is
a big deal for me.

------
ghostface
What smart phone chat apps are considered safe? moxie mentioned TextSecure.
Any other notable examples?

~~~
tptacek
After TextSecure, I'd consider the OTR applications.

------
myth_drannon
Life is too short to be a revolutionary hero. Be a law abiding citizen and do
what Zuckenberg,Page and other American CEOs did, quietly give control control
over our privacy to the government. Social networks are too important for mass
surveillance. Russians are too optimistic because only 20 years ago they had
an attempt of a complete governance system change.

~~~
meowface
False dichotomy. You can permit law enforcement to make warranted requests
against specific users or groups while still not allowing them access to all
the data. You don't have to choose between "revolutionary hero" and "let the
government do whatever they want with your company and your users", at least
not in North America. In a country like Russia it may be different.

~~~
Htsthbjig
"You can permit law enforcement to make warranted requests against specific
users or groups while still not allowing them access to all the data."

Can you? With the Patriot Act?

The fact is that the US gobertment can talk to any worker of any company of
the US and blackmail her into doing whatever they want. If this person tells
anybody, he goes to jail.

"You don't have to choose between "revolutionary hero" and "let the government
do whatever they want with your company and your users", at least not in North
America. In a country like Russia it may be different."

You mean like Lavabit?: [https://lavabit.com/](https://lavabit.com/)

~~~
Karunamon
As much as i admire Levison, at least part of that problem was his own making,
namely by being a dick to the agents and charging rates for the work that is
way too high.

It is possible to disagree with police without being outright antagonistic to
them.

~~~
desdiv
_...and charging rates for the work that is way too high._

Funny, when I read about the $3500 part I was surprised at how little he asked
for. My impression from various HN threads[0][1] is that someone of Levison's
caliber could easily fetch $200 per hour.

[0]
[https://news.ycombinator.com/item?id=5769348](https://news.ycombinator.com/item?id=5769348)

[1]
[https://news.ycombinator.com/item?id=182369](https://news.ycombinator.com/item?id=182369)

