
Telegram moves to protect identity of Hong Kong protesters - hardmaru
https://www.reuters.com/article/us-hongkong-telegram-exclusive/exclusive-messaging-app-telegram-moves-to-protect-identity-of-hong-kong-protesters-idUSKCN1VK2NI
======
codedokode
They should only notify users if they both have each other's phone. Otherwise
it is trivial to create several thousands of accounts and upload thousands of
numbers from each to get a mapping between an id and a phone number. Here is a
quote from a head of Russian company that claims to do this:

> A phone number used by [Telegram] account @silovikicat was discovered using
> a program titled "Insider-Telegram" developed by the "Center of research of
> legitimacy and political protest". The head of the "Center" Eugene
> Venediktov explains: "Currently the database contains over 10 million of
> numbers. We just go through all possible numbers and check whether they are
> registered in Telegram: for example, we take all numbers starting with a
> prefix +7911 and check them. You automatically see all contacts from you
> address book in your Telegram, don't you? We just have a very "fat" address
> book with phones of all users from our country."

> When a phone number provided by Eugene is added into an address book,
> Telegram automatically matches it with account @silovikicat («Siloviks'
> cat»).

Having a phone number means that the government can track its rough location
and know owner's identity.

This also means that other messengers using similar contact discovery allow to
de-anonymize its users the same way.

[1] (in Russian) [https://meduza.io/feature/2019/08/10/kto-takoy-tovarisch-
may...](https://meduza.io/feature/2019/08/10/kto-takoy-tovarisch-mayor)

~~~
heyoni
This feature should never have been enabled in this one-way manner but being a
social platform means trying everything to get users tied down to it.

It’s just like Venmo. I’m seeing users in my newsfeed because they’re in my
contacts but not because we added each other. Really bizarre.

~~~
codedokode
Even better, Telegram should allow to register without a phone numbner (they
could charge a little sum in Bitcoins if they are afraid that there will be
bot registrations). This could even increase their user base because there are
users who don't want to give away a phone number.

~~~
eitland
Agree, except for Bitcoin (or rather, have Bitcoin but Stripe and other
options as well.)

~~~
ubercow13
That defeats the purpose, no?

~~~
eitland
No, only if you are

\- fighting someone who controls Stripe well enough to browse transaction logs

\- or you are fighting someone who can access your bank transactions (more
likely in this case) and manage to correlate them correctly with Telegram
account creation time

Both seems like huge steps forward compared to sms validation.

Furthermore: Bitcoin is not much safer for the ordinary citizen. If anything
it is way easier to trace than cash and I guess slightly more different to
trace than bank transfers.

Or am I missing something?

------
lysp
> The fix Telegram is working on would allow users to disable matching by
> phone number. That option represents a balance between making it easy for
> users to find their contacts and the privacy needs of those who rely on the
> app for protection against state security agents.

> Telegram hopes to help protect Hong Kong protesters with the update, the
> source said. But wide adoption of the optional security setting would make
> the app far harder to use for the vast majority of its more than 200
> consumers, who rely on uploading phone contacts to identify friends and
> family members on the app, the source said.

Make the match 2 way then.

If you both have reach other's number allow the match. If it's one sided -
deny.

~~~
Thorrez
200 consumers, ouch

------
myself248
> Protesters believe Chinese security officials have exploited the function by
> uploading large quantities of phone numbers.

> The app automatically matches phone numbers with the user names in the
> group. Chinese authorities then only need to request the owners of the phone
> numbers from the local telecom service in order to learn the users’ true
> identities.

> Telegram has detected evidence that Chinese authorities may have uploaded
> numbers to identify protesters, said a person with direct knowledge of the
> situation.

Signal does/did this too:
[https://news.ycombinator.com/item?id=12590979](https://news.ycombinator.com/item?id=12590979)

~~~
Mediterraneo10
> The app automatically matches phone numbers with the user names in the
> group. Chinese authorities then only need to request the owners of the phone
> numbers from the local telecom service in order to learn the users’ true
> identities.

This is a flaw common to services that rely on phone numbers as IDs. In many
countries, one cannot purchase a SIM card without showing ID (and the seller
makes a photocopy of the ID to provide to the authorities). That means that
there cannot be true anonymity. Know the phone number, know the person.

I am always baffled when people claim that PGP-encrypted e-mail is passé
because it leaks metadata, when Signal and Telegram leak metadata too and,
furthermore, metadata that can be immediately associated with a specific
person in many countries.

~~~
spondyl
re: needing an ID for SIM cards, that's interesting!

Here in New Zealand, I can freely purchase any prepay SIM without ID and use
it straight away. Most, if not all dairies carry them too.

~~~
codedokode
In Russia one cannot (in theory; actually it's possible sometimes). In Japan
an ID is required as far as I know.

~~~
inferiorhuman
In Japan ID is required for voice service, but I think not for data only.

~~~
ubercow13
You can't sign up for Signal with a data only SIM

~~~
PTcartelsLOL
Yes, you can. Data only SIM cards can receive SMS's. At least in Portugal they
do.

~~~
ubercow13
Oh, interesting. I don’t think they can in Japan

------
roenxi
If Telegram were protecting the identity of HK protestors they would say this.

If they were selling the HK protestors out to the Chinese government they
would also say this.

True trustworthyness can only come from open source code and concepts designed
into the protocol. I don't think this can be achieved on Apple's platform,
might be possible on Android.

~~~
bishalb
I am not sure how open sourcing the code would help? If they have a bad
intent, they could publish a "clean" source code and deploy something else.

~~~
IIAOPSW
You can compile the open source and compare the result to the version on the
store.

~~~
throwaway1997
The protestors aren't using the encryption features. They just don't want
their phone numbers to be revealed as being associated with the groups used to
coordinate the demonstrations.

------
saagarjha
> But wide adoption of the optional security setting would make the app far
> harder to use for the vast majority of its more than 200 consumers, who rely
> on uploading phone contacts to identify friends and family members on the
> app, the source said.

This is false: regardless of Telegram’s nags to upload my phone book to them,
I find it quite easy to use the app without doing this.

~~~
jen_h
You are correct.

I will never understand why apps that profess allegiance to privacy upload
entire contact lists.

Sure, users will complain it’s harder. They’ll always complain, but you’re
protecting them _and their contacts who have NOT provided consent._

------
baby
That’s when you realize that every insignificant feature Signal was working on
is actually freaking useful in real life.

Btw why all these apps require a phone #? Is it required by the gov?

------
input_sh
Can we stop referring to Telegram as an "encrypted app"?

End-to-end encryption only works in "secret chats" and voice calls. Outside of
those, it's as encrypted as HN is (connection happens over TLS, but that's
about it).

~~~
batat
Also there are no secret chats on desktop client at all.

------
solarkraft
This should have been a feature from the beginning. Not everyone wants their
Telegram profile to be discoverable by anyone who has their number.

------
foobiekr
The only actual way to protect them is to purge any potentially compromising
data immediately.

------
kome
the obsession with phone numbers is crazy, we should stop to use them as ID

~~~
thekyle
A big pro of using phone #s is that it allows users to effectively take their
social network with them from app to app instead of being locked in.

IMO phone numbers are a pretty terrible system (you would never ask people to
remember dozens of IP addresses for all the websites they want to visit but
historically people have been expected to remember phone #s for all the people
they want to contact), but they are the system we have and it could be worse.

------
xivzgrev
“But wide adoption of the optional security setting would make the app far
harder to use for the vast majority of its more than 200 consumers, who rely
on uploading phone contacts to identify friends and family members on the app,
the source said.”

With only 200 users on the app me thinks adoption will be fast - think they
forgot a “K”

~~~
mappu
_> think they forgot a “K”_

an "M" \- 200 million users as of March 2018.
[https://telegram.org/blog/200-million](https://telegram.org/blog/200-million)

~~~
logicallee
That's pretty funny :)

------
ryanlol
Just a reminder that Telegram has shipped deliberate backdoors in the past
[https://habr.com/post/206900/](https://habr.com/post/206900/)

It is terribly unlikely that they’d have their users best interest in mind.

~~~
jen_h
There’s also that tidbit from the Steele Dossier about it being cracked.

------
wtdata
These are good news. But, why don't they use Signal to start with?

~~~
newscracker
This was covered in other news pieces. In Signal, your number gets exposed to
everyone else in the group (similar to WhatsApp). The protestors didn’t want
their numbers to be exposed to other people they were talking to. Telegram
doesn’t, by default, show your number to others you chat with unless you
choose to. Telegram also allows usernames to be used to contact and refer to
people. The other factor is that Telegram allows really large groups (like
200K members), which Signal and WhatsApp don’t.

------
29_29
Why not use Hacker News to Organize a protest?

