According to Tass, Telegram is now forced provide information to law enforcement agencies. This could mean there forced by the Russian government to decrypt some or in the worst case all messages.
Telegram was founded by Russian entrepreneur Pavel Durov, and has become a popular alternative to other apps like WhatsApp or Signal, especially in countries like Russia or Iran. The app markets itself as a secure, encrypted app, but it’s end-to-end encryption isn’t enabled by default which means their users have to open a “Secret Chat” to turn it on. Some security researchers and cryptography experts have repeatedly questioned the app’s security.
Iran’s government was allegedly able to compromise dozens of Telegram accounts last year. What they basically compromised here was the fact that they abused the SMS system in order to catch and manipulate or steal the secret codes in order to verify the accounts back in 2016.
To avoid such kind of attack, which was apparently done in Iran and in Germany, Durov and Telegram recommend enabling two-step, or two-factor, authentication. Most users already using 2FA in order to protect themselves against such attacks.
FSB wants to see all Telegram details
The FSB stated that there want to see all the details about the Telegram messenger to see what’s behind the ‘secret chats’. If there refused to get the needed information Putin or a law court could ban Telegram from Russia.
How to attack the messenger without compromising the SMS?
It’s still possible to attack Telegram because it’s crypto-system seems to be weak. The Russian government could hack it or the other way is that Durov now needs to provide the information to open Telegram. It’s right now unclear what will happen here because I assume that Durov is forced to not talk about this, even if you can’t be never be sure if it’s true or now what is a real problem.
Public Server and Security? You must be kidding me, if you want security build you own server and don’t depend on external servers that’s the final conclusion here, if you’re not able to setup your own private communication server then you shouldn’t think about securing anything – that’s the real conclusion. I mean it’s not like that millions of guides out there how to setup your own private server including messaging right?
The government will always try to get your data especially from services which they can’t look behind, this is not new and I understand both sides, of course there some bad guys using it but that’s not the mass and the old ‘we doing it for security’ is a lame excuse but since no one ever has found a solution for it we have to accept it and all you can do at the end if you’re not a tech person is to move to another messenger which is not compromised or questioned like eg. Threema or Riot.
But I forgot, 3$ seems too much for everyone – but hey, how about using your recently purchased 1000$ GPU in order to mine the 3 bucks to buy Threema.