
Telegram probably isn't as secure as ISIS thinks - tptacek
http://motherboard.vice.com/read/encryption-app-telegram-probably-isnt-as-secure-for-terrorists-as-isis-thinks
======
tptacek
If you wondering why cryptographers haven't claimed the $300,000 prize offered
by Telegram, this is a good start:

[http://thoughtcrime.org/blog/telegram-crypto-
challenge/](http://thoughtcrime.org/blog/telegram-crypto-challenge/)

I don't think you should use Telegram.

~~~
sz4kerto
What should I use for casual, daily chatting with friends that runs on
Android, iOS, Linux, Windows, Windows Phone, web, and allows group messaging
and message history search?

~~~
klagermkii
I keep seeing these dire warnings whenever Telegram is mentioned, and I don't
understand the hate. Is it some super secure platform? Probably not, but
people needing a provably NSA-resistant chat client is such a tiny percentage
of the people interested in regular chatting. None of the warnings I see have
the nuance of "don't use it if you think it'll keep you safe from the
government, but otherwise it's a pretty nice service to use" nor do they list
the chat services that they feel are more secure.

Compared to the alternatives of Skype, WhatsApp, SMS, Hangouts, iMessage, etc
it's a good chat service, with a relatively lightweight native client on
multiple platforms, actual working sync, and good recovery when used on poor
Internet connection.

~~~
sarciszewski
> I keep seeing these dire warnings whenever Telegram is mentioned, and I
> don't understand the hate.

The hate stems from two main sources:

1\. They're claiming to be secure in a very flamboyant (even _arrogant_ )
manner by challenging the world's cryptographers to break their protocol, but
the contest is structured to be unwinnable regardless of how shitty their
crypto actually is.

2\. Telegram spends less time improving their crypto (which is full of WTFs)
and instead markets themselves to people who aren't technical enough to figure
out how shitty it really is.

Seriously, avoid Telegram. If you want Signal to work on more platforms, send
a check to Open Whisper Systems and help them build up their team to cover
more area.

~~~
mSparks
Terrorists are secure whatever they do.

The 4 or 5 people in the nsa that actually do any work don't stand a chance
against several hundred million baby breeders with ak47s.

------
fabulist
It really bothers me that VICE Motherboard (I've not read much from their
other sections), who markets themselves as a controversial, alternative news
source, distinguishes themselves by publishing more reasonable and better
researched articles.

I've never gotten the impression from any other reporting (Wired, CNN) on this
issue that they so much as skimmed Moxie Marlinspike, Michael Green, or anyone
else's criticisms of Telegram.

------
nnq
How can one even remotely think that an app like Telegram _can_ be secure, as
long we know the very platforms it's running on are hackable (there are more
than enough 0days on the market)?! Yeah, maybe it's expensive and a bit
friendly-fire-ish to target platform holes on a large scale, but still...

My bet is that the real bad guys always use face2face when possible, and
voice/video with codewords and visual cues when there's no other choice... and
maybe an encripted sdcard carried by hand/mail when they really need to cary
large volumes. They can't be stupid enough to use anything else for such high
risk stuff!

 _I 'd guess that the only people actually depending on good consumer-lever
crypto are whistleblowers, anti-goverment protesters and individuals and
companies that truly value their privacy for one reason or another! Are these
the people we want to hurt here?!_

~~~
nickpsecurity
Glad at least one person mentions it albeit near the bottom of the comments.
I've been telling them that since before the Snowden leaks. Nice summary of
required assurance activities and areas where issues pop up:

[http://pastebin.com/y3PufJ0V](http://pastebin.com/y3PufJ0V)

The one exception is Ottela's Tinfoil Chat. It needs a robust, low-level
implementation instead of Python. Yet, he cleverly dodged much of the TCB
problem by creatively applying what he learned from others plus input we gave
him on Schneier's blog for high assurance security & general improvements. So,
you can build on and use that* but the rest depend on what top-tier and
organized crime can buy attacks for. Ridiculous....

* Again, without Python and with TCB enhancements. OpenBSD at the least for its lower 0-days.

------
mtgx
The most disappointing thing about Telegram is that they are completely
unwilling to accept any kind of criticism or use any outside suggestions for
improving their crypto. Kind of goes against the whole "open source" thing
they're doing there.

Also the fact that it doesn't even have end-to-end encryption by default means
it shouldn't even be in the same class as "secure messengers". It's better
suited in the Skype/Hangouts class of apps.

------
seren
The thing is that as a random user, you might want to keep the content of your
message secret for various reason (like ad profiling for example).

Once you are more or less identified as a terrorist, from the point of view of
an intelligence organization, they might be sad to not get the content of the
messages, but is they can have the graph of your contact, they'll be more than
happy (and find the weakest link in there).

Incidentally I have also checked that the Telegram and Signal app are
requesting a Location permission on Android. I don't know if it is sent to
some sort of central server, but this does seem not safe if youe life depends
on it.

------
kds
Misleading title. This has nothing to do with privacy and encryption. Just to
quote a couple of recent Pavel Durov's tweets: "To media covering us this
week: Telegram channels are public broadcasts. They are the opposite of
private chats. Please don't mix the two."... "Our policy is simple: privacy is
paramount. Public channels, however, have nothing to do with privacy. ISIS
public channels will be blocked."

------
rekoros
Here's why Telegram is important: it is the only communication service with
mass worldwide adoption that isn’t backed by a corporation, venture
capitalists, or a government.

Everything else—including the company's cocky and downright insulting
attitude—doesn't matter nearly as much. I actually think a lot of what they
say gets lost in translation.

We recently integrated with Telegram (without their knowledge, support, or
blessing, of course—because Telegram), which sent me on a little research
journey. Results are here: [https://sameroom.io/blog/announcing-support-for-
telegram/](https://sameroom.io/blog/announcing-support-for-telegram/)

~~~
nickpsecurity
You mean its security or impressions from a pro looking at its code matter
less than who backed it? I think not. Its design, implementation, and evidence
they're correct matter more than who backs it. It has to measure up before
those things are even an issue.

------
ocdtrekkie
Confirming ISIS uses your app probably isn't the best way to secure future
investors. ;)

~~~
draugadrotten
A number of intelligence services with growing budgets would be happy to
invest in such an app.

~~~
FractalNerve
No idea about credibility of the sources used, but I stumbled over this:
[http://revolution-news.com/us-government-funds-favorite-
nsa-...](http://revolution-news.com/us-government-funds-favorite-nsa-proof-
apps/)

 _edit: atm. 111 points and I love that. Wish pg could fix my karma, I really
like even numbers and I feel that the karma crave is addictive.._

btw. I agree with you. It's clever and the tools intelligence services have
created for these purposes are fascinating

------
EGreg
If the headline is true then that is excellent.

But I think Pavel Durov should make a system that gives up terrorists'
communications if it detects indicators eg words that will lead to planning a
violent attack. And without informing everyone about it.

------
kds
Nicely implemented chat services are in demand, or so it seems. They might be
sold into the billions and monetized with ads, and I guess the negative spin
comes from purely business origin, though disguised as concerns of crypto
professionals.

BTW, if Telegram crypto was that much insecure why members of the so-called
"security community" haven't yet compromised the Telegram chat for real
(regardless of any contests and petty rules) and proven they had been right?

I don't rule out this as impossible - I just think that without such proof
it's all just a kind of stupid whining.

------
Canada
All of the metadata problems he complaind about also apply to Signal.

