[HN Gopher] FBI document shows what data can be obtained from en...
___________________________________________________________________
FBI document shows what data can be obtained from encrypted
messaging apps
Author : oedmarap
Score : 167 points
Date : 2021-12-28 14:30 UTC (8 hours ago)
(HTM) web link (therecord.media)
(TXT) w3m dump (therecord.media)
| morpheuskafka wrote:
| I don't think this document has anything contrary to existing
| knowledge, but it does emphasize another significant reason that
| WhatsApp is not a great choice for privacy despite the use of
| E2EE. They readily hand over substantially more metadata, and
| while this is less likely to be enough evidence to convict
| someone of anything it is more than enough to seriously
| compromise privacy.
|
| > _Search warrant: Provides address book contacts and WhatsApp
| users who have the target in their address book contacts.
|
| > _Pen register: Sent every 15 minutes, provides source and
| destination for each message.
| sandworm101 wrote:
| This document is classified U//FOUO (unclassified//for official
| use only). The actual abilities of the FBI/NSA and like agencies
| are surely classified to some higher level.
| ananonymoususer wrote:
| U//FOUO is an obsolete caveat. It has been replaced by CUI
| (Controlled Unclassified Information).
|
| If this information has been publicly released, I would assume
| that it does not comprehensively list all of the
| methods/sources that could be in use. Thus, I would not trust
| this document to be accurate.
| vmception wrote:
| The real question is if you actually believe what this document
| writes about Wickr.
|
| Wickr is set up like an expected honeypot would be set up. So
| for people that don't or aren't willing to understand that, I'm
| wondering if this document validates them, or if the skepticism
| of this document's classification level validates the idea
| Wickr should be avoided for sensitive communications.
| champagnois wrote:
| Considering endpoints are compromised like swiss cheese in
| 2021 and third party apps are all compromised, people should
| be of the belief that they cannot trust anything they didn't
| write and build themself.
| lazide wrote:
| Or even if they did build the software, anything running on
| hardware they don't have a similar level of knowledge
| about. Which good luck with that.
|
| Which leaves anyone planning on doing something the US
| gov't (or China, or Russia if within their reach) wouldn't
| like left with some unpalatable and inefficient options.
|
| Either they blend in enough to not get any attention, or
| don't seem "dangerous" enough in the sense they are likely
| to get anywhere, or don't use any technology more
| complicated than a piece of paper and a #2 pencil.
|
| The last one was what osama bin laden was doing, and they
| still found him - it just took awhile.
|
| As long as the folks being targeted are legitimately out to
| do harm against innocents, these capabilities are 'ok'
| (scare quotes intentional here).
|
| They're going to be turned against political opponents or
| people that just seem 'bad' though at some point, and
| almost certainly already have been for years.
| champagnois wrote:
| There are ways to create secure communications if need
| be. I have thought of ways that would work to accomplish
| doing it.
|
| I won't detail the designs here, but we are talking very
| cheap to build and design.
|
| I am sure such devices exist and are in the wild, being
| used by spies.
|
| That said -- I am mostly disappointed with the degree to
| which our intelligence agencies are inwardly focused
| rather than breaking up foreign spy rings and operations.
|
| There are some scarey, harmful, and extremely complicated
| foreign spy rings on US soil. They have people working
| for all major tech companies and they are embedded in key
| positions.
|
| The FBI should be making "see something? say something"
| pushes in tech companies. They should have better
| followup and reward systems.
| maqp wrote:
| There are indeed. It's not just spies. My work wrt
| endpoint secure comms is FOSS and free for anyone to use
| https://github.com/maqp/tfc (the HW costs a bit naturally
| but in other respects).
| ycuser2 wrote:
| This is the coolest thing I have read in about a month.
|
| Never heard of data diode before. The hardware setup
| gives such a peace for the paranoic mind. Love it!
| maqp wrote:
| That's defeatist thinking. Just because some agencies of
| major governments can break into many devices doesn't
| necessarily mean they do.
|
| And there are other threats you'll want to defend from as
| well, including governments and agencies with smaller
| budget.
|
| Anyway, if endpoint security is part of your threat model,
| you'll be pleased to know I've spent the past decade
| looking into how to address the problem
| https://github.com/maqp/tfc
| novok wrote:
| The point of E2EE messengers is to prevent casual mass
| surveillance and to increase the cost & risk of mass and
| targeted surveillance. It's about increasing the noise
| floor of the internet and making everyone more safe as a
| result. It forces adversaries to use more legal mechanisms
| to improve your rights. It's about making you expensive to
| attack, much like afghanistan won the wars against the USSR
| and the USA by being expensive as fuck to attack while
| cheap to attack on their side. They're not about secure
| endpoints, which is a separate issue that can be worked on
| in parallel.
|
| So yes, you should make sure if your threat model cost
| benefit says you should:
|
| * You have a secure keyboard mechanism. No third party
| keyboard apps, used a wired / built in keyboard.
|
| * You use a secure OS and keep up to date. You verify
| updates are public and not made 'just for you', you turn
| off auto updates.
|
| * You watch the network behavior of your devices with
| external proxy devices to see if anything weird is
| happening, you filter out network interactions you don't
| like, use a VPN with the proxy device and so on.
|
| The more you use 0days, the more they get noticed and the
| more likely you are to burn them, so you've just increased
| the stakes towards surveilling you. Now the minimum
| standard to make you a person of interest has increased
| significantly, reducing the probability of it.
| champagnois wrote:
| Your last paragraph implies the person you speak of is a
| hacker, using 0day attacks? I hope such people get
| caught.
|
| I only worry about innocent westerners living in a
| society that is creeping toward authoritarianism in the
| name of some politically polarizing politician. I do not
| empathize with hackers breaking into systems and causing
| major problems.
| Bilal_io wrote:
| Innocent non-westerners also deserve and benefit from
| security and E2EE.
| edm0nd wrote:
| Amazon owns Wickr now. It has be abandoned by anyone doing
| anything shady that's for sure.
| fotta wrote:
| Previously discussed:
| https://news.ycombinator.com/item?id=29396643
| tomasreimers wrote:
| From the top: "FBIs ability to legally access..."
|
| Implying there are illegal ways to access?
| VWWHFSfQ wrote:
| Well anyone has the ability to illegally obtain access. If you
| hire a hacker or do it yourself. This document is about the
| legal ways.
| pangolinplayer wrote:
| reaaallyyy!?!?! its simple. assume no privacy. someone is always
| watching.
| yosito wrote:
| I'm skeptical of the accuracy of this document. Telegram is by
| default unencrypted and virtually public. Yet this document says
| the FBI can't get any message content?
| xwolfi wrote:
| It's by default encrypted, actually.
| cute_boi wrote:
| i don't think its e2e by default. I hope you are not talking
| about https.
| heavymark wrote:
| Server-client encryption by default, not end-to-end encrypted
| by default. https://telegram.org/faq#q-so-how-do-you-encrypt-
| data
| maqp wrote:
| Yeah, with client-server encryption. Which doesn't matter at
| all. Encryption where the service provider has the key, which
| is the case for
|
| * all Telegram chats by default
|
| * all Telegram group chats
|
| * all Telegram Win/Linux desktop chats
|
| is indistinguishable from end-to-end encryption where the
| service provider has a backdoor (ANOM[1])
|
| In both cases the service provider, and anyone who hacks
| them, can read your messages.
|
| [1] https://www.pcmag.com/news/fbi-sold-criminals-fake-
| encrypted...
| heavymark wrote:
| I assume they are referring to telegram "secret chats"? Also
| their own website notes all chats are "encrypted" by default.
| It's simply that by default they are not "end-to-end" encrypted
| unless you use secret chats for instance.
| 3np wrote:
| Telegram is not based in any jurisdiction collaborating with
| the FBI. I'm assuming the KGB has free access
| luckylion wrote:
| Telegram moved out of Russia precisely so they wouldn't be
| under their influence, so that's wild speculation. If the
| argument is that the KGB (or is it FSB now?) might go and
| just put a gun to their head: they could do that to literally
| anyone anywhere, so it doesn't matter.
|
| Telegram was in Berlin for a while but moved out of Germany
| for privacy/legal reasons as well (good call, considering
| that Germany is discussing trying to outlaw them) and moved
| to Dubai iirc.
| lowwave wrote:
| Telegram is influenced by FB of Russian VK (something like
| that). And VK has KGB tights. This is from Ukraine
| activists point of view just FYI. So your choices is Signal
| or Wire. Signal sever is in US, and Wire may or may not be
| in US. So there you go.
| emptysongglass wrote:
| The grandparent comment was already hearsay but yours
| really scrapes the bottom of the barrel. Durov was forced
| out of VK on threat of violence: there are no ties to VK.
| boeingUH60 wrote:
| No, there are ties, even though Durov was forced out.
| Durov sold his VK stake to a Russian oligarch with
| extensive government ties, such that they now control the
| majority of the company.
|
| https://www.reuters.com/article/russia-vkontakte-
| idUSL5N0KY3...
| emptysongglass wrote:
| I repeat, for clarity, there are no ties between Telegram
| and VK.
| boeingUH60 wrote:
| Okay, I agree with that.
| maqp wrote:
| You're probably right. Still, that doesn't make up for
| the fact Durov made his fortune with VKontakte that has
| the exact same toxic business model as Facebook. He began
| by exploiting tens of millions of VKontatke users. Now
| he's suddenly turned on his heels and "he's using his
| money for the good" by deploying tool he knows activists
| use, but that doesn't provide E2EE even for the small
| activist groups.
|
| I gave Durov a benefit of the doubt in 2013, but as I saw
| their E2EE stayed as a bolted-on gimmick, as opposed to
| forming a solid foundation, that image of a
| philanthropist fighting against surveillance capitalism
| disappeared real quick. Telegram's security model is
| indistinguishable from Facebook: Parent company gets
| everything except opt-in E2EE messages, and neither
| company encourages their use.
| maqp wrote:
| >Telegram moved out of Russia precisely so they wouldn't be
| under their influence
|
| Yes, because if you're an FSB operation, the rule #1 is to
| operate from Russia, that way nobody suspects you.
|
| >moved to Dubai
|
| Yet journalists who went there only found an empty office
| https://www.youtube.com/watch?v=Pg8mWJUM7x4
| sandworm101 wrote:
| It isn't "the KGB" anymore. In Russia it is now "the FSB".
| There are other KGBs in other countries such as Belarus but
| these aren't _the_ KGB. (KGB is Russian for "Committee for
| State Security".)
|
| https://en.wikipedia.org/wiki/State_Security_Committee_of_th.
| ..
|
| "Along with its counterparts in Transnistria and South
| Ossetia,[1] it is one of the few intelligence agencies that
| kept the Russian name "KGB" after the dissolution of the
| Soviet Union, albeit it is lost in translation when written
| in Belarusian (becoming KDB rather than KGB)."
| maqp wrote:
| That is the thousand dollar question. How would we know
| Telegram isn't an FSB front
|
| * The CEO isn't a developer
|
| * We know practically nothing about their developers, they're
| all anonymous
|
| * The server has access to overwhelming majority of messages
| (among fellow CS students only ~10% said they use secret
| chats, and most likely even they don't do that for every 1:1
| chat. Furthermore, groups can not be E2EE at all, and neither
| can Win/Linux desktop chats)
|
| * Journalists that went to see Telegram's offices at Dubai
| found an empty office, and their office neighbors said
| they've never seen Telegram developers let alone anyone enter
| the offices https://www.youtube.com/watch?v=Pg8mWJUM7x4 They
| did speculate Telegram might be using Dubai for tax evasion.
|
| * That being said, we know absolutely nothing about
| Telegram's financials, nothing official has ever been
| reported by the company. Yet the system manages to stay
| afloat year after year with 600M+ users.
|
| I'd love to be able to give good reasons why Telegram can't
| possibly be an op, but hand-waved opt-in E2EE for some
| clients, is the only one I can find, and that encryption has
| been most effective in online debates defending Telegram's
| bad security model.
| Scoundreller wrote:
| > How would we know Telegram isn't an FSB front
|
| As a Canadian talking to Canadians in Canada, I hope it's
| an FSB front. They seem like my most secure option.
| this_user wrote:
| If you think like that, you might as well use Chinese
| messengers. You know the state has access, but they
| probably don't care about you, and you can be pretty sure
| that western agencies don't have built-in access.
| Scoundreller wrote:
| As a Canadian, I think the Chinese have more interest in
| me than Russia.
| olah_1 wrote:
| > If you think like that, you might as well use Chinese
| messengers.
|
| True, but I don't really "get" Chinese style UI.
| [deleted]
| godelski wrote:
| The document is about what can be easily requested from
| companies, not what can be hacked. Because telegram hosts no
| servers in the US they can't trivially request it. They can get
| it other ways and of course by hacking. But the document isn't
| about what they can successfully hack or request through back
| channels. This is why people say that you have to trust
| Telegram, as opposed to fully E2EE systems (like Signal) which
| require (almost) zero trust.
| berns wrote:
| It's encrypted but not e2e encrypted. Why would you say that it
| is virtually public? Do you think you or the FBI can easily
| access Telegram messages?
| randomhodler84 wrote:
| Because telegram can access the messages. If the vendor can
| access the message data (eg: not end to end encrypted),
| anyone can. That is the bar. E2E||GTFO.
| yosito wrote:
| Just join a group chat. Every message that was ever sent in
| that chat will be immediately visible. So yeah, it's
| virtually public.
|
| Even your private messages only require you to enter an SMS
| code to view, so anyone that can intercept an SMS sent to
| you, can read your messages.
| maqp wrote:
| >So yeah, it's virtually public.
|
| Let's stop saying that as it implies users are somehow
| aware the service provider has access to the content, and
| that they make an informed decisions wrt their privacy.
|
| >Even your private messages only require you to enter an
| SMS code to view, so anyone that can intercept an SMS sent
| to you, can read your messages.
|
| The 2FA password is something everyone should enable. It's
| still an incremental security improvement if you have to
| use Telegram and your threatmodel is a banana dictatorship
| doing SMS interception but not server-side hacking.
|
| The right thing to do is get yourself and your loved ones
| the hell out of Telegram as soon as possible; Signal is
| your best bet here. Cwtch/Briar if you need to also protect
| metadata.
| emptysongglass wrote:
| > The right thing to do is get yourself and your loved
| ones the hell out of Telegram as soon as possible; Signal
| is your best bet here. Cwtch/Briar if you need to also
| protect metadata.
|
| No, this is not the right move. It's engaging with the
| ecosystem of messaging products balancing ease of use,
| ethics of the business and people behind it, and your own
| threat profile. Most will never be under threat of a
| state actor that necessitates getting their friends and
| family "the hell out of Telegram as soon as possible".
|
| I also use Matrix but personally speaking I find Moxie
| Marlinspike a deeply unethical person who will gleefully
| slander the competition including up to suing them in his
| quest for supremacy. So I don't touch Signal because on
| my tripod of interests to balance, I don't want to go
| anywhere near his ethics.
|
| Use Signal or Session or Element or Telegram but stop
| telling people not to use a thing because you believe
| E2EE is the next Jesus Christ. Only sith deal in
| absolutes.
| maqp wrote:
| >Most will never be under threat of a state actor that
| necessitates getting their friends and family "the hell
| out of Telegram as soon as possible".
|
| This isn't just about nation states. Companies get hacked
| by common criminals all the time. Consider the case of
| the Finnish psychotherapy center Vastaamo
| https://www.wired.com/story/vastaamo-psychotherapy-
| patients-...
|
| Now imagine all the private messages you've shared to
| your SO or dearest friends. I bet there's gazillion times
| more stuff to extort you with for the rest of your life,
| than the notes about few sessions with your therapist,
| have.
|
| So yeah, get the hell out of all "private" messaging
| platforms that aren't E2EE by default. You deserve the
| peace of mind of never having to feel like the TENS OF
| THOUSANDS of Vastaamo case victims.
|
| >but stop telling people not to use a thing because you
| believe E2EE is the next Jesus Christ
|
| Stop telling people to ignore best practices wrt security
| just because they cause your privileged life -- where you
| don't have to worry about actual oppression -- slight
| inconvenience. There's a good reason majority of top
| vendors for secure comms like Signal, Jitsi, Wire,
| Element, iMessage, Threema, Briar, Cwtch all default to
| E2EE.
|
| Telegram is free to not E2EE, but they should be UPFRONT
| about it. Not say things like "heavily encrypted" when in
| reality it uses the messaging industry's bare minimum,
| that is client-server encryption.
|
| Telegram devs also actively mislead by presenting two
| facts next to each other "Telegram uses E2EE called
| MTProto" and "All Telegram chats use MTProto". What a
| novice can't understand is "Telegram also makes the
| idiotic choice to call its non-E2EE cloud messaging
| protocol ALSO MTProto."
|
| So it's not wonder why a LOT of my contacts have been
| flabbergasted to learn Telegram isn't actually using E2EE
| for everything like WhatsApp. Telegram's marketing had
| succeeded in telling them it was more secure than
| WhatsApp, and thus E2EE.
|
| Whether or not this misconception was intentional, it's
| now Telegram's job to either make a public statement and
| correct the record, or preferably, make it E2EE:
|
| There is no reason for Telegram to deploy E2EE for
| everything except supergroups. If all the other vendors
| can pull that off, so can they. Pavel Durov has so much
| money but the only cryptographer he ever hired was his
| brother Nikolai who isn't even a cryptographer but a
| geometrician. Durov has the money to hire Moxie for a
| year to deploy Signal protocol, yet he won't. You should
| be terrified of both why he won't, and what his
| foolishness in the context of Vastaamo can, and
| eventually will do.
| crateless wrote:
| > Most will never be under threat of a state actor that
| necessitates getting their friends and family "the hell
| out of Telegram as soon as possible".
|
| I think you should qualify that as "most people - in the
| western hemisphere/democracies - will never be under
| threat of a state actor that necessitates getting their
| friends and family "the hell out of Telegram as soon as
| possible"
| randomhodler84 wrote:
| E2E||GTFO. Anything else is tyranny. I don't think you
| understand your adversary. Moxie is the most ethical
| individual in this space. Get the hell out of telegram,
| and get your other friends to do so asap.
| emptysongglass wrote:
| > E2E||GTFO
|
| Please don't do that here. It's both personally insulting
| and a motto used by fanatics, not an argument for
| anything.
|
| Who is "my adversary" exactly and what do they want with
| me?
|
| No, I don't think Moxie's past and current behavior is
| indicative of a person who subscribes to ethics. I think
| he's vain, eager to be in the spotlight and eager to
| profit off a cryptocurrency invented by a company he has
| a very complicated history with [1].
|
| [1] https://www.coindesk.com/tech/2021/04/09/signal-
| founder-may-...
| maqp wrote:
| "Who is "my adversary" exactly and what do they want with
| me?"
|
| He will extort money from you based on your private
| message history, when they eventually leak from
| Telegram's effectively plaintext database.
|
| >I think he's vain, eager to be in the spotlight and
| eager to profit off a cryptocurrency
|
| That says more about you than about Moxie. You've shown
| your character, now strongly consider showing yourself
| out.
| emptysongglass wrote:
| > That says more about you than about Moxie. You've shown
| your character, now strongly consider showing yourself
| out.
|
| I'm sorry, what? Do you want to explain how giving
| evidence of Moxie acting poorly is a reflection of me? Or
| why you're now personally attacking me?
|
| I didn't do any such thing to you, please kindly treat me
| with respect.
| randomhodler84 wrote:
| Your adversary wants the clear text of your messages. The
| clear text exists on server, or they exist on a client
| device. Client device is the only acceptable solution.
| Make it hard for them, they must hack your client, rather
| than send an email. It IS an argument against snake oil,
| server side "encryption".
|
| Sorry, this is a hacker board. I, and others hackers,
| agree with me. E2E||GTFO.
| jeroenhd wrote:
| Telegram does have end-to-end encrypted one-on-one chats, I
| suppose this document refers to that.
|
| Telegram group chats are very much available to law enforcement
| if they can convince Telegram to hand over the data.
|
| It could also be that Telegram (and any other foreign chat
| company) is more reluctant to (and more difficult to force to)
| share data with the FBI.
| skinkestek wrote:
| Upvoted. Some more details FWIW:
|
| > Telegram group chats are very much available to law
| enforcement if they can convince Telegram to hand over the
| data.
|
| Telegram public channels and groups are open, including for
| law enforcement. They also say openly that they cooperate
| with everyone to take down certain illegal material from
| channels and open groups.
|
| Telegram claimed as late as a few months ago - and nobody has
| proven otherwise in any form as far as I can see - that not a
| byte of their users private data (i.e. not on open groups or
| channels) have been handed over to any government.
|
| I cannot prove this and also I'm getting more careful with
| Telegram these days (this might come as a surprise for some
| of you who know my history of defending Telegram) but I still
| think
|
| 1. if it was possibly to prove something else there are
| enough Telegram haters just on HN to make sure to leak it
|
| 2. just to be clear I still think it is a very good
| alternative for friend-to-friend-communication, group
| communication etc, I'm just looking for alternatives as I go
| forward, and also I am worried when I see police using it at
| work.
| throwaway525142 wrote:
| > They also say openly that they cooperate with everyone to
| take down certain illegal material from channels and open
| groups.
|
| Can you provide a link for that? I could only find that
| they'd hand over your personal account info if they get a
| court order claiming that you're a terror suspect (from
| https://telegram.org/privacy):
|
| > 8.3. Law Enforcement Authorities
|
| > If Telegram receives a court order that confirms you're a
| terror suspect, we may disclose your IP address and phone
| number to the relevant authorities. So far, this has never
| happened. When it does, we will include it in a semiannual
| transparency report published at:
| https://t.me/transparency.
| jeroenhd wrote:
| Don't get me wrong, I use Telegram every day despite their
| flaws. Their data security guarantees may be terrible, but
| their user experience is still outstanding. It's a
| testament to how good a chat ecosystem can be if you don't
| rely on Electron.
|
| I have no reason to distrust the Telegram team, but the
| data model is simply not designed to keep messages secret.
| It's Telegram's biggest shortcoming, in my opinion. Things
| like channels don't need encryption, but group chats can
| use some WhatsApp-style crypto.
|
| WhatsApp's UX (basically: trust all E2E keys, and show a
| little notification if the keys changed) makes E2E
| available to the common smartphone user without the hassle
| of say Matrix's manual verification. For those with a more
| security-oriented mindset, there's always the ability to
| show encryption status changes so you could investigate.
|
| I'll probably be using Telegram for a few years despite its
| shortcomings. It feels a bit iffy to talk about sensitive
| personal matters through Telegram, but I know it'll be a
| while before I can convince any large group of friends to
| move to something more secure.
|
| For now I'm bridging my Telegram accounts through Matrix,
| so it's not like I'd benefit much from the added security
| anyway.
| maqp wrote:
| >if they can convince Telegram to hand over the data.
|
| Or if they hack Telegram's servers. Or ask some other agency
| like the NSA (that hacks systems all the time) to do that for
| them.
|
| As for the legal aspects, I'm fairly sure Telegram can be
| made to comply, no individual user's is worth losing
| (tens/hundreds of) millions of customers in that particular
| country. It's not like Telegram can't do that technically*,
| the server-side database encryption key is by definition in
| the RAM of the server system.
|
| * That hasn't prevented them from actively misleading
| customers with their split-key-and store-parts-under-
| multiple-jurisdictions -scheme.
| yosito wrote:
| > Or if they hack Telegram's servers
|
| Or they join the group chat
| maqp wrote:
| Sure, that works for public groups but generally the
| private group chats with sensitive private information
| about peoples' personal/business life are not public.
| adamcstephens wrote:
| I'm curious how you think the US law enforcement agencies
| would compel Telegram to comply.
| BenoitP wrote:
| Why are group chats more exposed?
| sandworm101 wrote:
| Encrypting messages for one person to read is relatively
| simple. Encrypting a message so that it can be read by
| multiple parties requires either sending multiple messages
| or agreeing a stable shared secret for the group chat. If
| you want to add/drop people from group seamlessly, while
| keeping everything encrypted, your app or your users will
| have to jump through lots of hoops. Most don't make the
| effort.
| maqp wrote:
| It's also the case doing that securely required pushing
| the boundaries of modern cryptographic protocols.
| Telegram's protocol graphs are novices' doodles compared
| to Signal's group encryption stuff formally described
| here: https://signal.org/blog/pdfs/signal_private_group_s
| ystem.pdf
| hanniabu wrote:
| On the other hand Signal has made a lot of questionable
| choices (such as adding a crypto payment that was just a
| money grab) that it has made me lost trust in the team
| and their motives. I no longer trust their build images
| and even if you build your own you have no idea what
| software the person you're talking to is running.
| maqp wrote:
| Sure, you do you. Personally I haven't seen anyone in
| e.g. the major infosec expert bubble abandon Signal for
| introducing mobilecoin. It's an opt-in feature, it
| doesn't make the message side security code harder to
| audit, and it's not like Moxie isn't painstakingly
| engineering everything to be secure from the get-go. I
| haven't once been disappointed in a new feature. OTOH
| consider Telegram that adds group video calls that nobody
| asked for: is it E2EE? Nope. Another security disparity
| to make explaining and understanding its security even
| more nightmarish.
| sergiomattei wrote:
| The surface area for trust is expanded significantly.
|
| Here in Puerto Rico we made our governor quit over exposed
| chat logs from a Telegram group. Encryption wouldn't have
| saved it: someone took screenshots and leaked them to
| press.
| xerxesaa wrote:
| As I recall, even one on one chats are not e2e encrypted
| unless you explicitly start a "secret chat". Please correct
| me if I'm mistaken.
| skinkestek wrote:
| As someone who regularly defend Telegram against all kinds
| of nonsense: you got it exactly right : )
| jeroenhd wrote:
| You're right! Despite their weird custom protocol, their
| E2E chats are still considered completely safe to use.
|
| In my experience, though, very few people use E2E chats,
| even in direct chats.
| skinkestek wrote:
| It is because you and others got your facts wrong.
|
| Telegram is not unencrypted. This is a lie spread by certain
| WhatsApp and Signal fanboys (not all, count me in with the
| Signal fans - I just happen to be a reasonable one that to some
| degree know what I'm talking about) with the excuse that "of
| course we mean end-to-end-encrypted when we say encrypted".
|
| What we see now is the resulting confusion: why don't law
| enforcement have access to it if it virtually unencrypted?
| Well, the answer is despite all claims of how lousy the
| encryption is for some weird reason[1] it doesn't seem to leak
| data.
|
| Now that we have seen the confusion that stems from saying
| "encrypted means end-to-end-encrypted when we say it does", can
| we stop repeating that nonsense?
|
| Also, can we think twice before mindlessly repeating such stuff
| in the future even if it was originally said by some extremely
| smart people that are well respected for good reasons?
|
| Because those very smart people were the same who recommended
| WhatsApp for a long time until it became painfully clear to
| everyone that:
|
| - WhatsApp leaks metadata to Facebook which cooperates happily
| with basically any government as far as I understand
|
| - WhatsApp has uploaded _unencrypted_ backups to Google Cloud
| (yes, probably over https, but Google got all you messages and
| it was known that they would datamine it.)
|
| - and more"
|
| PS: Some time around half a year before Telegram launched
| WhatsApp actually sent data _unencrypted_ , i.e. as plaintext.
| And they sent it over port 443..!
|
| PPS: Stay safe folks, opsec is probably more important than the
| exact messenger you use. My bets today are Signal in the short
| run and Matrix as soon as possible, but personally I send
| photos to my parents using Telegram and receive a lot more info
| back from various groups.
|
| [1]: Meaning either this is a bigger honeypot than An0m and
| everyone Three Letter Agency including _both_ FSB _and_ NSA are
| in on it or Telegram actually got something right. Or they have
| just been extremely lucky for 9 years in a row or something.
| egberts1 wrote:
| Telegram, as a capability, does not do "end-to-end
| encryption" for one-on-one chat.
|
| And Telegram most certainly cannot encrypt group chat.
| vincnetas wrote:
| What are the obstacles with current technology to use OTP
| encryption technology. As far as i know its unbreakable. Of
| course you are limited to people you know in person, but that
| should be not an issue for people for who private communication
| is of most importance.
| airza wrote:
| You need some way of safely exchanging a codebook the length of
| every message, and you can never reuse an otp page. These
| together seem to make it... basically infeasible?
| cumshitpiss wrote:
| A key in a OTP scheme can only be used once, and the key size
| has to be the same as the message size. This isn't practical
| for messaging app
| vincnetas wrote:
| sd card stores 128GB thats enough SMS messages for multiple
| lifetimes.
| stunt wrote:
| I worked long enough in telecom industry to know that there is no
| way for regulators to leave major communication platforms without
| some sort of surveillance. They can't sleep without it, and they
| don't take "Oh! sorry it's encrypted" as an answer.
|
| I don't buy this. Maybe it's true about FBI, but other agencies
| have the keys for right or wrong reasons.
| LinuxBender wrote:
| I was also in that industry and agree. We could rewrite the
| firmware on phones over-the-air live and this was long ago. The
| only reason we didn't do this for customers was the one-off
| chance we brick a phone and cause higher customer support load.
| We could read and write to anything on the phone remotely. Such
| capabilities would surely not be abandoned.
| acosmism wrote:
| is facebook messenger omitted because they dont have access to
| it?
| m1117 wrote:
| I think including FB messenger is unnecessary, they have a copy
| of passwords.txt
| smolder wrote:
| No, it's because they can request everything from FB and
| instagram, including message content.
| bonestamp2 wrote:
| Probably the opposite... the same reason SMS is not included --
| because they have full access to it.
| neom wrote:
| 18 U.S. Code SS 2703 - Required disclosure of customer
| communications or records - Contents of Wire or Electronic
| Communications in Electronic Storage.
|
| "can render 25 days of iMessage lookups and from a target
| number."
|
| I thought iMessage was E2EE and with all the iJunk turned off
| this isn't possible?
| ComodoHacker wrote:
| I believe this refers to people lookups, not messages content.
| VWWHFSfQ wrote:
| It's the metadata. Not the message contents.
| rnotaro wrote:
| Related thread about the same document from a month ago (November
| 30th) with 450+ comments :
| https://news.ycombinator.com/item?id=29396643
| exabrial wrote:
| Since you do not [most likely] have root access to your phone,
| you cannot directly examine what Apple/Google has installed on
| _your specific_ phone. Any of these applications could have its
| memory examined transparently if the operating system is evil.
| gwbas1c wrote:
| Yes, and don't forget: Anyone who wants to steal your password
| can covertly look over your shoulder. They can also physically
| break into your house by smashing a window, or running a
| bulldozer through your wall.
|
| Security always requires a certain amount of trust. If you
| can't get that trust, meet in person and keep your electronic
| communication vague.
| vmception wrote:
| Yes, that actually highlights the absurdity of the government's
| stances to encryption.
|
| They can still do an actual investigation on the person and try
| to dump from the physical devices they find (whether it
| requires a court order first, or not).
|
| Of course, this is expensive, and often it is not possible to
| know who to go to, or whether they can access that person, or
| they don't have enough information yet to determine if a crime
| has been committed. But that's the point. In the US, for
| example, the constitution was constructed specifically to be an
| alternative to how England and its colonies were governed.
|
| Governments have had a small window of time where electronic
| communications had a combination of: existing, not being
| private, and being understood by law enforcement. That window
| is closing and is just a reversion to the mean.
|
| Of course they are going to say "everyone using this convenient
| poorly implemented system without privacy helps us greatly in
| investigations", but thats not the point. They have to do an
| actual investigation now and target the devices itself
| physically, and even after all that only sometimes that will
| yield anything, depends on the OS version and app used, and app
| version.
| iRobbery wrote:
| "The service was acquired by video conferencing software maker
| Zoom in May 2020."
|
| thats when i revoked all my keybase information.
| giuliomagnifico wrote:
| This has been already posted at least five times
| dathinab wrote:
| Messages are decrypted when you read them.
|
| It's reasonable to believe that at any point in time Root
| exploits exist for both iOS and Android.
|
| It's viable that the FBI or someone they cooperate with has such
| exploits from time to time (which doesn't mean they are reliable,
| or cheap to use).
|
| If you root-hack a phone you can easily get all messages the user
| sees after you hacked it.
|
| Even without root hacking you might get some, in some
| circumstances.
|
| EDIT: I should have read the article first, it's more about what
| content they get _without_ hacking.
| CameronNemo wrote:
| You make some good points, but I need to point out that hacking
| a phone to obtain message contents is different from serving a
| warrant to a third party. Legally and practically.
|
| https://en.wikipedia.org/wiki/Expectation_of_privacy
|
| https://en.wikipedia.org/wiki/Third-party_doctrine
|
| https://en.wikipedia.org/wiki/Dragnet_(policing)
___________________________________________________________________
(page generated 2021-12-28 23:02 UTC)