Hacker News new | past | comments | ask | show | jobs | submit login
Telegram will now hand over phone number and IP for criminal suspects (theverge.com)
168 points by anigbrowl 4 months ago | hide | past | favorite | 125 comments



This shouldn't surprise anyone. If a company collects info about some user and the government comes to them with a legitimate warrant they have to handover the information about that user (or risk going to jail/other action by the court) . There is a reason other companies like signal go out of their way to collect as little as possible.


>the government comes to them with a legitimate warrant

Which government, such as the French government for all Russian users, the Russian government for all Ukraine users, or the USA government for all users?

Whose standard for warrants, and how much use of coercion and force are they allowed to use for enforcement. Can the USA kidnap the owners for non-compliance, can the Russians?


You’re asking very basic questions that the answers to have been the same for hundreds of years. If you do business in a country you have to answer to its laws or you risk asset forfeiture or arrest.


That would only be true if you step foot in that country or posses assets in that country, right? Though I imagine the US government can reach a lot farther than the Russian or Chinese governments.


Not quite.

Here: https://www.asil.org/sites/default/files/benchbook/jurisdict...

This is both a reasonable exposition and fairly short.

But also keep in mind data collection and transmission and sharing and rule enforcement are not really a jurisdiction thing.


Also bear in mind that government can convey restrictions on any other business in that country. See Brazil requiring ISPs to ban Twitter (even a penalty on individuals bypassing the block using VPNs!), or the US basically prohibiting any business with anyone in Russia.

Basically if you want to operate in a country, you probably need to obey their laws, no matter what you think of those laws. If you ignore them, you can't really be surprised if you get blocked or penalized from doing business there.


The ironic consequence of this is eventually if you want to use big tech for messaging privacy you'll be forced to basically pick one under the jurisdiction of an enemy non-extradition state like Russia or China. Sure their governments will farm and exploit the metadata even if encrypted, but they won't be handing it over to the west unless the deal is juicy.


Another option is to use free and open source encryption software, like gpg/pgp.

Like what most darknet markets use.


Eh, not really, because the US has shown it's happy to go ahead and make it illegal to have TikTok here as well. The real result is probably much, much simpler: Globally-operating apps won't make as much sense as they got away with in pre-regulatory eras of the Internet.

Big Tech has basically spent the past twenty years pretending their global status made them above the law of any one nation, but in reality, being a global company just means you're subject to all the laws of all the nations.


Or the countries you live or travel in have extradition treaties with the other country.


remarkably, these are not very basic questions, and the answers are not the same for hundreds of years since this is electronic records that cross international boundaries


Certainly principles of international jurisdiction are well settled and fairly consistent. In that sense the comment was correct. However, you are also correct that legal principles around information collection and transmission are both new and not well settled.

This feels like one of those hn discussions where everyone will end up talking past each other because of terminology failure.


I mean if you were shit talking France when living in England a few hundred years back you're likely to get put on the enemies of France list, even if your pages were for consumption in England. Now if you never left England there wouldn't be much to worry about, unless they suddenly became friends and decided to export your corpse for goodwill.


I have never paid telegram for their business


So, using the same logic, Meta should not be liable for what happens on Facebook because users do not pay…

That's some Barlowesque[1] thinking that would play into the hands of big tech.

If Telegram didn't want to answer to French law, they should've blocked French phone numbers from registering users. Problem solved.

[1] https://disconnect.blog/reclaiming-sovereignty-in-the-digita...


Meta sells my data to advertisers


I think you answered why the only real solutions are

a) don’t collect the data (signal approach)

b) hire an army of lawyers and compliance people (big tech approach)

c) ban users from entire countries where you don’t comply (common in crypto)

d) risk jailtime or asset forfeiture


Signal has both phone numbers and IPs.


Signal hand over IP logs, phone numbers, and the datetime of last connection. [0]

[0] https://signal.org/bigbrother/central-california-grand-jury/


That link states that they only have two data points tied to an account: time of account creation and time of last connection. Since phone numbers are used as the account identifier, law enforcement would need to supply the phone number for signal to look up the account, right?

Do you have any source for Signal supplying IP logs?


This all seems bad news for all Russian war channels, but I guess they had enough time to migrate already. Influencers influence the whole world anyway, so they should expect a knock on the door if so brave. Stupid drug dealers will find other ways to deal or will go deeper the crypto/tor hole. Childporn offenders are anyway legit target for Mr.Robot. Who's left then...? Music pirates - who cares, Spotify lives on, Soulseek does well to. Torrents apparently kill business only where it cannot exist at all due to cultural specifics.

This all somehow leaves perhaps not-so-big list of particularly interesting gentlemen then certain countries will undergo a lot of trouble to get to. No wonder then they did so this time, but wonder which particular among these is the culprit this time...


Bad news for the OSINT community who gets tonnes of leaks from Russian war telegram channels


I doubt the war channels are to be concerned, perhaps the secret chats, and leftover magic in the normal chats. Or even simpler - the phone of the devices allows mobile net tracking, for certain operations this is potentially more than enough.


This will depend on how the company is registered and represented in the states it operates in. It will also depend on the citizenship of the kidnapped owners (and whether it will be even necessary, as maybe extradition would also work).

In any case, a court in any particular state will be responsible for issuing the documents entitling the law enforcement to particular data. There's also the process to dispute issuance or legitimacy of such documents, again, through courts.

So, obviously, there isn't a single answer to your questions. But, obviously, they aren't without answer. Any specific case will produce a potentially different set of answers.


> Which government ... Whose standard

It depends entirely on where you land in your private jet.


Where ever they want to do business at. If they expect to be allowed to operate in France/the EU they will have to comply with legitimate French/EU warrants. No one is saying they can't fight it if there is a reason to.

>Can the USA kidnap the owners for non-compliance, can the Russians?

Jailing someone/holding a company in contempt that does business in your country for ignoring legal warrants isn't kidnapping. Trying to frame it that way is pretty silly and disingenuous.


What does it mean to "operate" in a country though? If I operate a service in the US and have no servers in Iran, no employees in Iran, no physical presence in Iran whatsoever, but Iranians are communicating with me over the global public internet, does that mean I have to comply with Iranian law? What about if its France and not Iran? What if these French/Iranian users are not only communicating with me, but also sending me money and/or cryptocurrency in exchange for that communication?


Personally I would contend that none of that counts as "operating" in France or Iran. You're operating entirely in the US, and it would be ridiculous for Iran or France to try to subject you to their laws just because people who live in their country are communicating with you or sending you money. (Though obviously those people are still subject to the laws of their respective countries in what they're allowed to do when interacting with you, just as you are subject to US law in your interactions with them.)

Of course, the fact that something is ridiculous doesn't prevent a sovereign country from trying to do it anyway. Iran can threaten to assassinate you for communicating with their citizens, and France can threaten to jail you if you ever travel to France or extradite you. Both of those threats are unjustified in my opinion and should not be supported or condoned by other countries (particularly not the US), but like I said; they're sovereign countries so we can't do much to stop them if they want to be unreasonable.


i disagree completely on this..

If you are serving people in Iran or France then you are operating in those countries regardless of where you or your servers are and so you do have to comply with their laws or risk facing the consequences.

Now, depending on where you are at the reach of the consequences can be negligible and not impact you at all or can be a major problem.

At minimum you will get your service banned in those countries.


In this example everything is happening on U.S. servers, with U.S. employees, on U.S. soil. How is that "operating in" Iran or France?

If someone physically flew over from Iran and talked to me in-person instead of over the internet would you make the same argument? That I'm "operating in Iran" and should be subject to Iranian law because I'm talking to an Iranian citizen? What if it was via a letter? How about a phone call?


So what? Legitimate warrants cannot exist? Companies exist somewhere, and they follow the rules that can be enforced on them. I'll take warrents by imperfect democracies over autocracies and dictatorship any day.


You ask these like they are some kind of gotcha moment, but all of these very simple questions have been answered for decades by international law. You think yourself clever but show yourself ignorant.


You have to follow the laws in the jurisdictions in which you do business.

If you want to not be subject to the laws of a country you need to blackhole that entire country.


Ha! The devil of the details.


Every time someone brings up Signal in these threads I cringe. One can make up stories about spam protection as much as he wants, but given how little (basically none) control one has over him phone number, no messenger strictly requiring a phone number can be considered "privacy-oriented" by any sane person.


What do you advocate for an alternative identifier and how do you combat spam without verifying a phone number?


no IDs, only connect to the users you choose to connect with

SimpleX comes to mind

https://simplex.chat/


Huh?

I think you are confusing "privacy-oriented" and anonymous! Signal is pretty privacy oriented since it has E2EE by default (and so does Whatsapp). Telegram would be much more privacy oriented if it had E2EE by default.


they have usernames now


You still can’t create an account without a phone number


User data is a liability, not an asset. However this is untrue when breaches, leaks and misuse aren’t prosecuted. It’s a shame we have ended up here.


This is only true if the cost of storing user data is greater than the profits it generates. When companies are allowed to sell out users and punishment for data leaks are just seen as the cost of doing business then why would you not store whatever data you can get your hands on?


> User data is a liability, not an asset.

Yeah Google and Facebook are all losing money in those liabilities.

No theyre not, they're printing money because user data is an asset. Stop repeating silly sound bytes.


User data is only an asset if your business model demands it, like Google and Facebook. If you don’t have, and won’t create, a way to monetize it then yes, it’s strictly a liability.


It's not that it is a liability, it's that it should be. Likewise, it currently is an asset, but shouldn't be monetizable.


When you quote part of my comment, it give a different message. Clever!


The incentive is to claim to collect as little as possible. What a company actually collects is between them and any influential state actor that can manage to make use of the data in secret. A company can't support the needs of such an actor and law enforcement at the same time.


you care confusing collecting data with persisting user data.

it is easy to prove what your app collects from OS's permission model and web traffic. People are less interested in whether you store it for future use or discard it immediately after receiving.

Even if you claim you don't persist any of user data, you would still be collecting it


"Legitimate warrant" is a flexible and fluctuating idea. When a new government takes over, they may want information on all potential opposition.


yep, and reading the news lately "legitimate warrant" means things like "has a harris poster on their lawn"


But my crypto bro friends said they would only communicate by Telegram because it is 1000% secure!


Now the question is, to which government Telegram will comply to share your info.

If I live in Germany, and I do a channel with offensive content against the government of an Arabian shitty country, let's say UAE for example. The content might be legal here but illegal there.

Will the UAE gov be entitled to get my IP address and other info? Leading them to be able to use that to harass me, like targeting me with Pegasus for example?


I think, firstly you will be punished by DE, because of hate speech, hehe


This was entirely predictable and inevitable. I don't understand what Durov thought would happen nor why he rejects E2EE as a liberating technology.

Policy will never be the key to digital privacy, it must always be accompanied by cryptography. The status quo of allowing a third party read and store your messages forever, slurping up all the metadata along the way, is insane.


I think it is pretty obvious why Durov did not opt for universal E2EE. His main purpose of making Telegram was to make the chat app that is the most usable of all. E2EE comes with a cost on user experience which was for him too high.

Example: Signal can't handle more than one phone logged in, and if for some case you don't open the desktop app for more than 30 days, it logs you out there and you can never get these messages to the desktop.


that is a limitation of signal not E2EE for an example see matrix

although E2EE chats do take more computing and storage especially with very large groups


Indeed this is. For some reason, all the implementations that I can recall suffer from some usability problems. I expect that if a solution that is acceptable for Durov is discovered, they will roll it out. Of course, my prediction might be wrong.


Good that the company is able to continue functioning with the CEO being trapped and under charges. Shame on France for pulling a nasty warrant mid air.


Well, the fact that Telegram wants to cooperate to me suggests that they previously could have been cooperating but weren't, which makes a charge of complicity make a lot more sense now. Thanks France!


[flagged]


Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.


It looks like we need tyranny from time to time so that people learn why lots of people died to earn basic rights...

It's always tempting. "We're only doing it to get the bad criminals!"

Sounds great. Until a tyrant decides you're bad.


Rubber hose cryptanalysis works every time, unless you design your protocol to not have any visibility into the data. Which is impossible in the case of Telegram feeds at the very least.


What will prevent Durov from reversing his “false promises” as soon as he is released and can leave France / the EU?

I have a feeling he will continue on the same path as before, as soon as he can travel outside of the EU.


Well that's a shame...


Governments are enemies of freedom I miss old 200x years, when Internet was so free and there was no any problems, lol



Dupes are submissions of the same article. I thought this one was better than the others I had seen on this topic.


You can't submit the same article twice for the most part. Dupes are duplicate discussions. There's an earlier article with some discussion and eventually maybe mods will merge them. No need to split up the discussion. Share your thoughts over there! You could even suggest this link in that thread as a better article option.


You totally can, the HN dupe detector is less than reliable. Submit something interesting at night and you'll often see it submitted the following day by someone else.

As a more general point, the fact is that if a discussion doesn't take off while an item is on the front page shortly after submission, it probably never will. The page sorting algorithm ends up prioritizing recency and traction. I agree this isn't ideal.


They are coming for you Tether


Honestly you have to be a bit dumb to write incriminating stuff on popular messaging apps like Telegram, Whatsapp, etc.

I would imagine any serious criminal org will have their own messaging infra by now.


> I would imagine any serious criminal org will have their own messaging infra by now.

I'm guessing they do not -- that would be inconvenient, expensive, unreliable, insecure, and/or conspicuous.

[Edit: "serious" criminal orgs run, e.g., custom-built submarines, so private comms infrastructure is clearly within their technical abilities. But having all org members communicating to a private centralized mothership seems risky from a surveillance perspective]


I'm guessing they do not -- that would be inconvenient, expensive, unreliable, insecure, and/or conspicuous.

Some do run their own platforms or share a self hosted platform set up by people in a non cooperating country. Sometimes the platform admins find out they were being MitM by mistake tech or law enforcement make. [1] Or not using the MitM detection Jabber is capable of. Jabber scales to millions of users per cluster, big enough for probably most criminal organizations. I doubt the cluster in question was specifically meant for criminals, but the smart criminals will find solutions best suited for their needs. In this case I think they chose poorly given VM's can be live migrated and snapshot including memory contents without interrupting the platform or raising suspicion.

In my humble opinion the big shared corporate platforms will attract the ultra-lazy arrogant and cavalier criminals and I'm sure law enforcement are fine with it. Easy busts still look good to justify big budgets. There are probably people that say they don't know anyone that's been busted on those platforms but they are probably not moving enough volume of illicit goods to warrant immediate attention. That information would be quite useful for getting a warrant however if the target was suspected of something else or if they were an influencer thinking or saying the wrong thing in public.

[Edit] Updated link to the snapshot describing potential mitigations including SCRAM PLUS which was not configured in this incident.

[1] - https://archive.ph/4wi5t


More insecure than an app that keeps track of everything in a database you cannot control and can be accessed by the authorities?

Even when deleting messages how can you trust these are actually being hard deleted?

I would imagine the inconvenience and cost are worth it but what do I know... I'm not a criminal :P


I know people who order drugs all the time via various messaging apps, in the US and throughout Latin America. Often the messages and menus are highly explicit.


Actually it's the criminals that use secure messaging services made for them that get in trouble.

There have been a few big busts the last years by the Dutch police of criminal rings, caught because of their choice in messengers.

The ones using Signal or Whatsapp are the smarter ones.


do you have any more info on this?


haha Durov is singing like a bird now that he go apprehended


This is not "haha". It's a pity. Even Russia haven't forced Telegram to do things that now they need to comply because Pavel became hostage of this situation


In a sense the surveillance in the "west" and in particular in the EU is worse than what you have in China.

At least the Chinese they know that all their conversations are being monitored and read by the government.

In the EU many people still live under the illusion of GDPR, data privacy, democracy etc...


Sounds good to me


About time. Criminals hiding behind some technicalities!


There is a difference between "criminal" and "criminal suspect."


If you’ve got something to hide, you’re guilty!

/s


We don't need privacy! Only criminals want those pesky "privacy policies,, to protect their operations! 1



Hm, given how many requests Meta and Google disclose annually

I dont think a warrant canary is really useful, it implies “we just got 1!” instead of “we just got an additional pile of 200 secret requests from G-7 national governments, one of which is already trying to incarcerate us for not being so forthcoming about compliance”


Given that you won't know the details of the 1 or 200 requests anyway, I think knowing the difference between 0 and >0 is useful. We do know what 0 means, and anything other than 0 means the platform's got the attention and jurisdiction of outside parties.


[flagged]


The CEO of Signal has not been arrested.

Also, Signal does supposedly comply with all lawful warrants. They give over what data they do have when properly requested. It is just they don't normally have much useful data to give.

Meanwhile, Telegram supposedly hasn't been properly handling lawful warrants in many countries and does have interesting data on their servers as only private secure messages are (meaningfully) encrypted and not most messages most users send on the platform


Of Signal?


How is enforcing subpoenas a form of terrorism?


[flagged]


The good old days when governments represented people, like before the 17th Amendment when states picked the Senate in smokey backroom deals. Wait that can't be right, maybe like before the 19th Amendment. Wait no, during the Jim Crow era. No, the McCarthyism era. Wait...uhh...hmm...

I don't know what time period you're thinking of with "It's not the good old days any more. Your government doesn't represent you." Seems like the government represents more people better today than it did in the past given before so many couldn't even vote at all and the government was far more active in suppressing minority rights.

And if its about them snooping in on conversations, these days they have to actually ask a lot of communication providers for data. Back in the day there was only one company providing electronic communications and the government was absolutely listening in to the conversations. Tons of those communications were happening over the air for anyone with the right antenna to listen in. US v. Miller was in 1976 and established what we now know as third-party doctrine.


Yeah I'm sure it was better in the good old days ahaha


No it’s just that now it affects everyone not just certain groups which is the tipping point for Society to reorganize

This is what is called out by Polybius, Socrates, Jefferson, Strauss/Howe as the socio-political cycle.


[flagged]


This is the most bullying way to make excuses for the government, but okay.

By the way, until convinced, he's not a criminal.

You don't even see the problem that's crept into your own language, do you?


>until convinced, he's not a criminal

Freud would absolutely approve.


Criminal _suspects_ are not the same as criminals.


The problem lies in "what is a crime?" here.

If you can get arrested for organizing a protest (that didn't even start that), do you still think that those people are criminals? Just look at all the people that got arrested recently in UK... It's sad, and telegram, not being a UK company (imho) shouldn't be forced to give UK government/police peoples ip addresses and phone numbers.


> telegram, not being a UK company (imho) shouldn't be forced to give UK government/police peoples ip addresses and phone numbers

They absolutely should if they want to operate in the UK.


Define operate in.

Does HN operate in the UK because I can access it here? Should they be subject to UK law?


Should the same rule exists in more authoritarian countries like China, North Korea, or Belarus?

If so should the government be allowed access to non-nationals outside the country? How about if a non-national is inside the country communicating with those outside? How about if those folks are journalist reporting where journalism is illegal (see Russia's laws on "fake news" on Ukraine).

I'm not saying your point of view is wrong, but I think its easy to jump to that conclusion as this is probably the least sympathetic case to set principle. But this _does_ set principle.


> Should the same rule exists in more authoritarian countries like China, North Korea, or Belarus?

If eg. Iran requested IP addresses from Pornhub (Aylo?) for all the visitors from iranian ip addresses who have viewed a gay video there, people would be changing their view pretty fast.


But they're registered in UAE (i think it's there).

They might get "visitors" from UK, but so do "coffeeshops" in amsterdam.


If they want to operate in country X, they have to abide by the laws of country X, I don't see what's controversial about this.


But they're operating in UAE (or whereever they're registred).

They just get visitors from UK.


Where they operate doesn't matter, and it should be pretty obvious why (hint, for the same reasons that American bleached chicken can't be sold in the EU)


The laws of country X are controversial.


All countries have laws that are controversial for some other country.


Yep.

Imagine iran requesting all the IP addresses of people who have viewed gay porn from pornhub (=Aylo or whatever it's called now)


I imagine that this would be reason enough for them to either comply with the law or not operate there, like every other business does? You seem to imply that it's ok for internet companies to be above the law, I don't see how that's compatible with self-determinism/democracy (loss of jurisdiction) nor in the interests of the people (because inevitably such companies will optimize their profits at the expense of the public and can't be held accountable, in your anarchic world order).


Let's say your set up a raspberrypi at home (I assume you live in US), install apache, install wordpress, set up port forwarding and write a blog about making pickles. Then someone writes a comment under "How much dill?" and writes "I'm from Iran and I'm gay".

Are you really operating in iran? You don't have servers there, you don't have employees there, you're not a registered company there, what ties do you have with iran? Someone from iran "came to visit"? Sure, so do brits with amsterdam and legal weed.


They definitely wouldn't stop operating in Iran and miss that sweet ad money


then it's fair game for Iran (or any other country) to fine them/block them for that.


No, they'd comply with Iranian censorship laws to get the ad money.


That’s not for telegram to decide and dictate to everyone else I’m not sure I’d call that sad


Yes how strange that a DARPA project, handed off to the National Science Foundation and then awarded to Sprint, would be torn from the common man and wrested from its rightful owners into the heartless clutches of government authority


> that a DARPA project

How much of what you use today has anything to do with DARPAs original design goals or funding?

> handed off to the National Science Foundation and then awarded to Sprint

The NSF handled links between Universities and their funding not the Internet in general. Sprint was a primary contractor under this system. None of this should be understood as "the Internet."

> would be torn from the common man

You do appreciate precisely how much open source software underpins everything we're doing, even in typing these comments to each other, over the internet, yes?

I mean.. show me the government plan to build a web browser.

> from its rightful owners

Do you pay taxes? Congratulations. You are the rightful owner.

> into the heartless clutches of government authority

Yea. Hacker News. Typical bastion of mindless worship of "government authority." Then again, if it has the natural right to exist, why does it need my taxes?


Pony Express, telegraph lines, railroads, a national highway system: what purpose and goals do you think were in mind here? So you could jaunt down Route 66 for a burger, and send back a 5c postcard??? Haha!

> How much of what you use today has anything to do with DARPAs original design goals or funding?

100%

  The National Center for Supercomputing Applications (NCSA) is a state-federal partnership to develop and deploy national-scale cyberinfrastructure that advances research, science and engineering based in the United States.[1][2] NCSA operates as a unit of the University of Illinois Urbana-Champaign,[3] and provides high-performance computing resources to researchers across the country. Support for NCSA comes from the National Science Foundation,[1][4] [5] [6] the state of Illinois,[2] the University of Illinois, business and industry partners,[7] and other federal agencies.
https://en.wikipedia.org/wiki/CERN

https://en.wikipedia.org/wiki/CERN_httpd

https://en.wikipedia.org/wiki/NCSA_Mosaic

https://en.wikipedia.org/wiki/NCSA_HTTPd

Are you even serious rn?

If you're right then I shall take out my equity in the form of SAM batteries. How many will fit on my balcony.


To put a fine point on it: what DARPA did, was to sponsor a company called BB&N to develop a piece of hardware called the Interface Message Processor (or IMP). And that's pretty much it.

The IMP was the first gateway doing what you'd think of today as Network Address Translation, isolating "LAN" from "WAN" and using arbitrary computation to rewrite packets between the two. Though at the time, far more work was needed than just address translation. Wholesale network protocol translation was needed, as every site network (and there were already many small site networks) used its own networking equipment; and each vendor's networking equipment spoke some random stack of proprietary protocols invented by that equipment vendor. (There were nascent standards with open reference-impl hardware, e.g. MIT's Chaosnet, but none of these were widely adopted.) This was true all the way up to the application layer — different networking equipment required different application software that spoke the network's supported application protocols!

The IMP was a programmable router, allowing arbitrary CPU packet translation. So each site network could program the very same IMP with the details of its own network — what each type of local-network packet looked like, and what that should translate to for the WAN; and vice-versa.

This allowed these site networks to be glued together into a larger network. The IMP translated packets, and also "wrapped" each (proprietary, site-local) address of each LAN host, giving it a globally-routable name — i.e. an Internet Protocol address. This allowed machines on these networks to — at least in theory — address other networks' machines. All without anyone having to rip out any networking equipment, or replace each network's host application software with new software speaking standardized protocols.

Once the IMP was released, a bunch of universities and corporations came along and said to BB&N, "oh hey neat, I'll buy one of these! Heck, I'll buy one for each campus!" — and promptly stuck them into each of their (existing!) networks. (Some of these purchases were partially funded by DARPA as well — but only if the buyer reached out to ask.)

This didn't actually get anyone any value at first, because the IMPs still needed to be programmed, not just with the details of their local networking standards, but with the details of what the "WAN standard" application packet protocols would/should be for these local networks to translate things into. There were no standards for that yet.

So the folks doing the networking at these orgs, all got together to discuss how to actually get these boxes they bought to talk to each-other — e.g. what application-layer protocols they would need to invent/standardize on, to then get these gateway boxes to translate into from the proprietary site protocols they were using.

That group became known as the Internet Engineering Task Force, and their meeting notes became known as RFCs. (Read https://datatracker.ietf.org/doc/html/rfc1 if you don't believe me.)

Note that they called this WAN network formed by these sites through the IMPs the "ARPA Network" — presumably because that's what BB&N referred to it as, in turn because DARPA funded the IMP with the intent of creating such a network.

But DARPA had no involvement in the actual development of the "ARPA Network"! They weren't even a site on it! They didn't attend the IETF meetings! Rather, DARPA just kinda stepped back and said "go ahead, have fun" — and watched as the Internet took shape.

(I would thus describe DARPA's funding of the BB&N IMP as probably the most successful case of "nudge theory" in history. Almost as if someone at DARPA was a time-traveller who knew that that much effort, and no more, was all that was needed to shift the timeline.)


Well yeah, and the government sponsored a little company called Los Alamos to develop a few things. But now we own them, I guess.


BB&N was and remains a private company, and isn't primarily a government contractor. It was a one-time government grant — and for much less than the full CapEx required to build the thing. DARPA essentially said "you want to build this? We'd sure like something like that to exist, so we'll give you some money to increase your chances/make it happen faster."

As it turns out, "throwing money at American-owned private companies who are being the [technological] change you [i.e. the state] wants to see in the world, to advance the technological edge America has over other countries" is a large part of DARPA's mandate. DARPA seeks to incubate a healthy private sector in nascent high-tech industries, so that it can later rely on competition in those industries, to produce a healthy, non-monopolistic set of viable military contract bidders for the military as a whole to choose from / set against one-another.



The only relevant link with discussion is the last one:

https://news.ycombinator.com/item?id=41628019 - 3 hours ago (6 comments)

And it's not a dupe, only a related submission (different article / link).


It’s sad to see HN become so full of bots.

> prompt: There’s an article on Hackernews titled “Telegram will now hand over your phone number and IP if you’re a criminal suspect”. Generate a comment in Hackernews style that supports this decision, implies that it’s because they didn’t encrypt the messages and uses Signal as an example of doing it right because “look! They haven’t had problems”

Not surprised. Telegram doesn't encrypt by default, so of course they're handing over phone numbers and IPs. If you don't lock things down like Signal does, you're going to have problems. Signal can’t hand over what they don’t have—encrypted end-to-end, no metadata. Simple as that.


I guess I'm a bot then.

Yes, channels and groups are most likely what makes Telegram a threat where Signal isn't. That's an excellent argument for decentralized social media.

You're probably exasperated that others don't see what to you seems like an obvious truth. Rather than mocking the opposing argument, it's probably still worth rehashing yours when the topic comes up, even if it feels like banging the same drum with nobody listening.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: