This document is classified U//FOUO (unclassified//for official use only). The actual abilities of the FBI/NSA and like agencies are surely classified to some higher level.
The real question is if you actually believe what this document writes about Wickr.
Wickr is set up like an expected honeypot would be set up. So for people that don't or aren't willing to understand that, I'm wondering if this document validates them, or if the skepticism of this document's classification level validates the idea Wickr should be avoided for sensitive communications.
Considering endpoints are compromised like swiss cheese in 2021 and third party apps are all compromised, people should be of the belief that they cannot trust anything they didn't write and build themself.
The point of E2EE messengers is to prevent casual mass surveillance and to increase the cost & risk of mass and targeted surveillance. It's about increasing the noise floor of the internet and making everyone more safe as a result. It forces adversaries to use more legal mechanisms to improve your rights. It's about making you expensive to attack, much like afghanistan won the wars against the USSR and the USA by being expensive as fuck to attack while cheap to attack on their side. They're not about secure endpoints, which is a separate issue that can be worked on in parallel.
So yes, you should make sure if your threat model cost benefit says you should:
* You have a secure keyboard mechanism. No third party keyboard apps, used a wired / built in keyboard.
* You use a secure OS and keep up to date. You verify updates are public and not made 'just for you', you turn off auto updates.
* You watch the network behavior of your devices with external proxy devices to see if anything weird is happening, you filter out network interactions you don't like, use a VPN with the proxy device and so on.
The more you use 0days, the more they get noticed and the more likely you are to burn them, so you've just increased the stakes towards surveilling you. Now the minimum standard to make you a person of interest has increased significantly, reducing the probability of it.
Your last paragraph implies the person you speak of is a hacker, using 0day attacks? I hope such people get caught.
I only worry about innocent westerners living in a society that is creeping toward authoritarianism in the name of some politically polarizing politician. I do not empathize with hackers breaking into systems and causing major problems.
That's defeatist thinking. Just because some agencies of major governments can break into many devices doesn't necessarily mean they do.
And there are other threats you'll want to defend from as well, including governments and agencies with smaller budget.
Anyway, if endpoint security is part of your threat model, you'll be pleased to know I've spent the past decade looking into how to address the problem https://github.com/maqp/tfc
Or even if they did build the software, anything running on hardware they don’t have a similar level of knowledge about. Which good luck with that.
Which leaves anyone planning on doing something the US gov’t (or China, or Russia if within their reach) wouldn’t like left with some unpalatable and inefficient options.
Either they blend in enough to not get any attention, or don’t seem “dangerous” enough in the sense they are likely to get anywhere, or don’t use any technology more complicated than a piece of paper and a #2 pencil.
The last one was what osama bin laden was doing, and they still found him - it just took awhile.
As long as the folks being targeted are legitimately out to do harm against innocents, these capabilities are ‘ok’ (scare quotes intentional here).
They’re going to be turned against political opponents or people that just seem ‘bad’ though at some point, and almost certainly already have been for years.
There are ways to create secure communications if need be. I have thought of ways that would work to accomplish doing it.
I won't detail the designs here, but we are talking very cheap to build and design.
I am sure such devices exist and are in the wild, being used by spies.
That said -- I am mostly disappointed with the degree to which our intelligence agencies are inwardly focused rather than breaking up foreign spy rings and operations.
There are some scarey, harmful, and extremely complicated foreign spy rings on US soil. They have people working for all major tech companies and they are embedded in key positions.
The FBI should be making "see something? say something" pushes in tech companies. They should have better followup and reward systems.
There are indeed. It's not just spies. My work wrt endpoint secure comms is FOSS and free for anyone to use https://github.com/maqp/tfc (the HW costs a bit naturally but in other respects).
> The FBI should be making "see something? say something" pushes in tech companies.
I'm sure this will not foster distrust, will do wonders for morale among immigrant tech workers, and will in no way leave them primed to be recruited by foreign intelligence services.
U//FOUO is an obsolete caveat. It has been replaced by CUI (Controlled Unclassified Information).
If this information has been publicly released, I would assume that it does not comprehensively list all of the methods/sources that could be in use. Thus, I would not trust this document to be accurate.
You make some good points, but I need to point out that hacking a phone to obtain message contents is different from serving a warrant to a third party. Legally and practically.
> If you root-hack a phone you can easily get all messages the user sees after you hacked it.
This is not even necessary if you're in bed with hardware manufacturers, which could be the case with governments.
All is needed is a system level daemon running in background, disguised as service or device driver pushed as mandatory upgrade, having access to the underlying iron. The user employs super strong cryptography? Who cares if we can read what is sent to the screen and tunnel it over the network to us. Passwords? Who cares if we can sniff the touch screen data to get the tapped points coordinates containing the position of keys on the virtual keyboard.
Point is that there is zero protection against surveillance if the adversary has control over the hardware. Which is the reason why flashing an FOSS operating system on a closed hardware/firmware platform, although being indeed a good thing, isn't enough to claim victory.
I'm skeptical of the accuracy of this document. Telegram is by default unencrypted and virtually public. Yet this document says the FBI can't get any message content?
> Telegram group chats are very much available to law enforcement if they can convince Telegram to hand over the data.
Telegram public channels and groups are open, including for law enforcement. They also say openly that they cooperate with everyone to take down certain illegal material from channels and open groups.
Telegram claimed as late as a few months ago - and nobody has proven otherwise in any form as far as I can see - that not a byte of their users private data (i.e. not on open groups or channels) have been handed over to any government.
I cannot prove this and also I'm getting more careful with Telegram these days (this might come as a surprise for some of you who know my history of defending Telegram) but I still think
1. if it was possibly to prove something else there are enough Telegram haters just on HN to make sure to leak it
2. just to be clear I still think it is a very good alternative for friend-to-friend-communication, group communication etc, I'm just looking for alternatives as I go forward, and also I am worried when I see police using it at work.
Don't get me wrong, I use Telegram every day despite their flaws. Their data security guarantees may be terrible, but their user experience is still outstanding. It's a testament to how good a chat ecosystem can be if you don't rely on Electron.
I have no reason to distrust the Telegram team, but the data model is simply not designed to keep messages secret. It's Telegram's biggest shortcoming, in my opinion. Things like channels don't need encryption, but group chats can use some WhatsApp-style crypto.
WhatsApp's UX (basically: trust all E2E keys, and show a little notification if the keys changed) makes E2E available to the common smartphone user without the hassle of say Matrix's manual verification. For those with a more security-oriented mindset, there's always the ability to show encryption status changes so you could investigate.
I'll probably be using Telegram for a few years despite its shortcomings. It feels a bit iffy to talk about sensitive personal matters through Telegram, but I know it'll be a while before I can convince any large group of friends to move to something more secure.
For now I'm bridging my Telegram accounts through Matrix, so it's not like I'd benefit much from the added security anyway.
> They also say openly that they cooperate with everyone to take down certain illegal material from channels and open groups.
Can you provide a link for that? I could only find that they'd hand over your personal account info if they get a court order claiming that you're a terror suspect (from https://telegram.org/privacy):
> 8.3. Law Enforcement Authorities
> If Telegram receives a court order that confirms you're a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency.
> Can you provide a link for that? I could only find that they'd hand over your personal account info if they get a court order claiming that you're a terror suspect (from https://telegram.org/privacy):
Maybe I can:
First a note: "your personal account info" while somewhat correct makes it sound broader than what the paragraph below says: "your IP address and phone number".
That said, here is one that that at least partially confirms this:
> "Our mission is to provide a secure means of communication that works everywhere on the planet. In order to do that...we have to process legitimate requests to take down illegal public content (sticker sets, bots, and channels) within the app."
(emphasis mine)
There seems to be more in the search results here (if you have access to kagi, if not apply now:)
>if they can convince Telegram to hand over the data.
Or if they hack Telegram's servers. Or ask some other agency like the NSA (that hacks systems all the time) to do that for them.
As for the legal aspects, I'm fairly sure Telegram can be made to comply, no individual user's is worth losing (tens/hundreds of) millions of customers in that particular country. It's not like Telegram can't do that technically*, the server-side database encryption key is by definition in the RAM of the server system.
* That hasn't prevented them from actively misleading customers with their split-key-and store-parts-under-multiple-jurisdictions -scheme.
Sure, that works for public groups but generally the private group chats with sensitive private information about peoples' personal/business life are not public.
Encrypting messages for one person to read is relatively simple. Encrypting a message so that it can be read by multiple parties requires either sending multiple messages or agreeing a stable shared secret for the group chat. If you want to add/drop people from group seamlessly, while keeping everything encrypted, your app or your users will have to jump through lots of hoops. Most don't make the effort.
It's also the case doing that securely required pushing the boundaries of modern cryptographic protocols. Telegram's protocol graphs are novices' doodles compared to Signal's group encryption stuff formally described here: https://signal.org/blog/pdfs/signal_private_group_system.pdf
On the other hand Signal has made a lot of questionable choices (such as adding a crypto payment that was just a money grab) that it has made me lost trust in the team and their motives. I no longer trust their build images and even if you build your own you have no idea what software the person you're talking to is running.
Sure, you do you. Personally I haven't seen anyone in e.g. the major infosec expert bubble abandon Signal for introducing mobilecoin. It's an opt-in feature, it doesn't make the message side security code harder to audit, and it's not like Moxie isn't painstakingly engineering everything to be secure from the get-go. I haven't once been disappointed in a new feature. OTOH consider Telegram that adds group video calls that nobody asked for: is it E2EE? Nope. Another security disparity to make explaining and understanding its security even more nightmarish.
The surface area for trust is expanded significantly.
Here in Puerto Rico we made our governor quit over exposed chat logs from a Telegram group. Encryption wouldn’t have saved it: someone took screenshots and leaked them to press.
The document is about what can be easily requested from companies, not what can be hacked. Because telegram hosts no servers in the US they can't trivially request it. They can get it other ways and of course by hacking. But the document isn't about what they can successfully hack or request through back channels. This is why people say that you have to trust Telegram, as opposed to fully E2EE systems (like Signal) which require (almost) zero trust.
It is because you and others got your facts wrong.
Telegram is not unencrypted. This is a lie spread by certain WhatsApp and Signal fanboys (not all, count me in with the Signal fans - I just happen to be a reasonable one that to some degree know what I'm talking about) with the excuse that "of course we mean end-to-end-encrypted when we say encrypted".
What we see now is the resulting confusion: why don't law enforcement have access to it if it virtually unencrypted? Well, the answer is despite all claims of how lousy the encryption is for some weird reason[1] it doesn't seem to leak data.
Now that we have seen the confusion that stems from saying "encrypted means end-to-end-encrypted when we say it does", can we stop repeating that nonsense?
Also, can we think twice before mindlessly repeating such stuff in the future even if it was originally said by some extremely smart people that are well respected for good reasons?
Because those very smart people were the same who recommended WhatsApp for a long time until it became painfully clear to everyone that:
- WhatsApp leaks metadata to Facebook which cooperates happily with basically any government as far as I understand
- WhatsApp has uploaded unencrypted backups to Google Cloud (yes, probably over https, but Google got all you messages and it was known that they would datamine it.)
- and more¨
PS: Some time around half a year before Telegram launched WhatsApp actually sent data unencrypted, i.e. as plaintext. And they sent it over port 443..!
PPS: Stay safe folks, opsec is probably more important than the exact messenger you use. My bets today are Signal in the short run and Matrix as soon as possible, but personally I send photos to my parents using Telegram and receive a lot more info back from various groups.
[1]: Meaning either this is a bigger honeypot than An0m and everyone Three Letter Agency including both FSB and NSA are in on it or Telegram actually got something right. Or they have just been extremely lucky for 9 years in a row or something.
I does have, it is well known and it has existed for years.
The remaining criticism now is that the default for one-on-one chats is still the more convenient normal point-to-point-encrypted chat type instead of E2E-encrypted (which, in Telegrams implementation is less convenient since it doesn't sync between clients, which again is reasonably for those messages where one really cares about secrecy in the context of day-to-day messaging apps).
As usual: I only observe this from the outside. For what I know maybe Putin reads my messages before he goes to bed every night to fall asleep because I mostly use ordinary point-to-point encrypted messages which can be intercepted if Telegram is a secret FSB front or if Telegram isn't careful. Note however that for all we know maybe Biden reads my mail too to fall asleep since that too isn't end-to-end encrypted.
I only comment on observable facts or statements that haven't been debunked. The last means I haven't verified the crypto of any app, I take it for granted that if it is broken someone will figure out just like when WhatsApp sent plaintext messages over port 443, and even faster with Telegram since there are so many who wants to find flaws in it.
With WhatsApp the claim was that if someone snuck a backdoor into it there are enough people watching it to make sure that it would be found out soon.
My point is that even more people are sceptical to Telegram and even dislike it strongly so there should be even better chances of someone discovering if something was broken.
If you are still here, what do these regions and the fact that they are colored mean?
I'm honestly interested.
I only intend to defend Telegram against lies (most of the time the claim that "it is not encrypted"), not to cover up any actual problems so if you comment on it or write a post about it I will read it and probably will upvote it.
Because telegram can access the messages. If the vendor can access the message data (eg: not end to end encrypted), anyone can. That is the bar. E2E||GTFO.
Let's stop saying that as it implies users are somehow aware the service provider has access to the content, and that they make an informed decisions wrt their privacy.
>Even your private messages only require you to enter an SMS code to view, so anyone that can intercept an SMS sent to you, can read your messages.
The 2FA password is something everyone should enable. It's still an incremental security improvement if you have to use Telegram and your threatmodel is a banana dictatorship doing SMS interception but not server-side hacking.
The right thing to do is get yourself and your loved ones the hell out of Telegram as soon as possible; Signal is your best bet here. Cwtch/Briar if you need to also protect metadata.
> The right thing to do is get yourself and your loved ones the hell out of Telegram as soon as possible; Signal is your best bet here. Cwtch/Briar if you need to also protect metadata.
No, this is not the right move. It's engaging with the ecosystem of messaging products balancing ease of use, ethics of the business and people behind it, and your own threat profile. Most will never be under threat of a state actor that necessitates getting their friends and family "the hell out of Telegram as soon as possible".
I also use Matrix but personally speaking I find Moxie Marlinspike a deeply unethical person who will gleefully slander the competition including up to suing them in his quest for supremacy. So I don't touch Signal because on my tripod of interests to balance, I don't want to go anywhere near his ethics.
Use Signal or Session or Element or Telegram but stop telling people not to use a thing because you believe E2EE is the next Jesus Christ. Only sith deal in absolutes.
E2E||GTFO. Anything else is tyranny. I don’t think you understand your adversary. Moxie is the most ethical individual in this space. Get the hell out of telegram, and get your other friends to do so asap.
Please don't do that here. It's both personally insulting and a motto used by fanatics, not an argument for anything.
Who is "my adversary" exactly and what do they want with me?
No, I don't think Moxie's past and current behavior is indicative of a person who subscribes to ethics. I think he's vain, eager to be in the spotlight and eager to profit off a cryptocurrency invented by a company he has a very complicated history with [1].
Your adversary wants the clear text of your messages. The clear text exists on server, or they exist on a client device. Client device is the only acceptable solution. Make it hard for them, they must hack your client, rather than send an email. It IS an argument against snake oil, server side “encryption”.
Sorry, this is a hacker board. I, and others hackers, agree with me. E2E||GTFO.
> Most will never be under threat of a state actor that necessitates getting their friends and family "the hell out of Telegram as soon as possible".
I think you should qualify that as "most people - in the western hemisphere/democracies - will never be under threat of a state actor that necessitates getting their friends and family "the hell out of Telegram as soon as possible"
Now imagine all the private messages you've shared to your SO or dearest friends. I bet there's gazillion times more stuff to extort you with for the rest of your life, than the notes about few sessions with your therapist, have.
So yeah, get the hell out of all "private" messaging platforms that aren't E2EE by default. You deserve the peace of mind of never having to feel like the TENS OF THOUSANDS of Vastaamo case victims.
>but stop telling people not to use a thing because you believe E2EE is the next Jesus Christ
Stop telling people to ignore best practices wrt security just because they cause your privileged life -- where you don't have to worry about actual oppression -- slight inconvenience. There's a good reason majority of top vendors for secure comms like Signal, Jitsi, Wire, Element, iMessage, Threema, Briar, Cwtch all default to E2EE.
Telegram is free to not E2EE, but they should be UPFRONT about it. Not say things like "heavily encrypted" when in reality it uses the messaging industry's bare minimum, that is client-server encryption.
Telegram devs also actively mislead by presenting two facts next to each other "Telegram uses E2EE called MTProto" and "All Telegram chats use MTProto". What a novice can't understand is "Telegram also makes the idiotic choice to call its non-E2EE cloud messaging protocol ALSO MTProto."
So it's not wonder why a LOT of my contacts have been flabbergasted to learn Telegram isn't actually using E2EE for everything like WhatsApp. Telegram's marketing had succeeded in telling them it was more secure than WhatsApp, and thus E2EE.
Whether or not this misconception was intentional, it's now Telegram's job to either make a public statement and correct the record, or preferably, make it E2EE:
There is no reason for Telegram to deploy E2EE for everything except supergroups. If all the other vendors can pull that off, so can they. Pavel Durov has so much money but the only cryptographer he ever hired was his brother Nikolai who isn't even a cryptographer but a geometrician. Durov has the money to hire Moxie for a year to deploy Signal protocol, yet he won't. You should be terrified of both why he won't, and what his foolishness in the context of Vastaamo can, and eventually will do.
I assume they are referring to telegram "secret chats"? Also their own website notes all chats are "encrypted" by default. It's simply that by default they are not "end-to-end" encrypted unless you use secret chats for instance.
That is the thousand dollar question. How would we know Telegram isn't an FSB front
* The CEO isn't a developer
* We know practically nothing about their developers, they're all anonymous
* The server has access to overwhelming majority of messages (among fellow CS students only ~10% said they use secret chats, and most likely even they don't do that for every 1:1 chat. Furthermore, groups can not be E2EE at all, and neither can Win/Linux desktop chats)
* Journalists that went to see Telegram's offices at Dubai found an empty office, and their office neighbors said they've never seen Telegram developers let alone anyone enter the offices https://www.youtube.com/watch?v=Pg8mWJUM7x4 They did speculate Telegram might be using Dubai for tax evasion.
* That being said, we know absolutely nothing about Telegram's financials, nothing official has ever been reported by the company. Yet the system manages to stay afloat year after year with 600M+ users.
I'd love to be able to give good reasons why Telegram can't possibly be an op, but hand-waved opt-in E2EE for some clients, is the only one I can find, and that encryption has been most effective in online debates defending Telegram's bad security model.
If you think like that, you might as well use Chinese messengers. You know the state has access, but they probably don't care about you, and you can be pretty sure that western agencies don't have built-in access.
It isn't "the KGB" anymore. In Russia it is now "the FSB". There are other KGBs in other countries such as Belarus but these aren't the KGB. (KGB is Russian for "Committee for State Security".)
"Along with its counterparts in Transnistria and South Ossetia,[1] it is one of the few intelligence agencies that kept the Russian name "KGB" after the dissolution of the Soviet Union, albeit it is lost in translation when written in Belarusian (becoming KDB rather than KGB)."
Telegram moved out of Russia precisely so they wouldn't be under their influence, so that's wild speculation. If the argument is that the KGB (or is it FSB now?) might go and just put a gun to their head: they could do that to literally anyone anywhere, so it doesn't matter.
Telegram was in Berlin for a while but moved out of Germany for privacy/legal reasons as well (good call, considering that Germany is discussing trying to outlaw them) and moved to Dubai iirc.
Telegram is influenced by FB of Russian VK (something like that). And VK has KGB tights. This is from Ukraine activists point of view just FYI. So your choices is Signal or Wire. Signal sever is in US, and Wire may or may not be in US. So there you go.
The grandparent comment was already hearsay but yours really scrapes the bottom of the barrel. Durov was forced out of VK on threat of violence: there are no ties to VK.
No, there are ties, even though Durov was forced out. Durov sold his VK stake to a Russian oligarch with extensive government ties, such that they now control the majority of the company.
You're probably right. Still, that doesn't make up for the fact Durov made his fortune with VKontakte that has the exact same toxic business model as Facebook. He began by exploiting tens of millions of VKontatke users. Now he's suddenly turned on his heels and "he's using his money for the good" by deploying tool he knows activists use, but that doesn't provide E2EE even for the small activist groups.
I gave Durov a benefit of the doubt in 2013, but as I saw their E2EE stayed as a bolted-on gimmick, as opposed to forming a solid foundation, that image of a philanthropist fighting against surveillance capitalism disappeared real quick. Telegram's security model is indistinguishable from Facebook: Parent company gets everything except opt-in E2EE messages, and neither company encourages their use.
I worked long enough in telecom industry to know that there is no way for regulators to leave major communication platforms without some sort of surveillance. They can't sleep without it, and they don't take "Oh! sorry it's encrypted" as an answer.
I don't buy this. Maybe it's true about FBI, but other agencies have the keys for right or wrong reasons.
I was also in that industry and agree. We could rewrite the firmware on phones over-the-air live and this was long ago. The only reason we didn't do this for customers was the one-off chance we brick a phone and cause higher customer support load. We could read and write to anything on the phone remotely. Such capabilities would surely not be abandoned.
Since you do not [most likely] have root access to your phone, you cannot directly examine what Apple/Google has installed on _your specific_ phone. Any of these applications could have its memory examined transparently if the operating system is evil.
Yes, that actually highlights the absurdity of the government's stances to encryption.
They can still do an actual investigation on the person and try to dump from the physical devices they find (whether it requires a court order first, or not).
Of course, this is expensive, and often it is not possible to know who to go to, or whether they can access that person, or they don't have enough information yet to determine if a crime has been committed. But that's the point. In the US, for example, the constitution was constructed specifically to be an alternative to how England and its colonies were governed.
Governments have had a small window of time where electronic communications had a combination of: existing, not being private, and being understood by law enforcement. That window is closing and is just a reversion to the mean.
Of course they are going to say "everyone using this convenient poorly implemented system without privacy helps us greatly in investigations", but thats not the point. They have to do an actual investigation now and target the devices itself physically, and even after all that only sometimes that will yield anything, depends on the OS version and app used, and app version.
Yes, and don't forget: Anyone who wants to steal your password can covertly look over your shoulder. They can also physically break into your house by smashing a window, or running a bulldozer through your wall.
Security always requires a certain amount of trust. If you can't get that trust, meet in person and keep your electronic communication vague.
What are the obstacles with current technology to use OTP encryption technology. As far as i know its unbreakable. Of course you are limited to people you know in person, but that should be not an issue for people for who private communication is of most importance.
You need some way of safely exchanging a codebook the length of every message, and you can never reuse an otp page. These together seem to make it… basically infeasible?
Imagine how much of a threat to the current security and encryption model it would be if a remote desktop server was running quietly in the secure enclave. You likely would never be able to know it is running. What good is end to end messaging if you can be watched using the app?
I don't think this document has anything contrary to existing knowledge, but it does emphasize another significant reason that WhatsApp is not a great choice for privacy despite the use of E2EE. They readily hand over substantially more metadata, and while this is less likely to be enough evidence to convict someone of anything it is more than enough to seriously compromise privacy.
> Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.
> Pen register: Sent every 15 minutes, provides source and destination for each message.
