[chad1n]

EU has been complaining about Telegram's end-to-end encryption for a long time and they want to implement some regulations to basically add backdoors into all messaging apps. I don't really see how this case will go on since at least private chats are encrypted so Telegram (theoretically at least) can't see the contents.

[wkat4242]

Except Telegram has much less E2EE than Signal or Whatsapp.

It's not on by default, works only between 2 devices, they both have to be online at the same time and you can't access anything from the web. And group chats don't support it at all. Private chats are not end to end encrypted by default and it's actually quite clumsy to encrypt them so almost nobody uses it.

It's really weird that Telegram is singled out like this.

[A4ET8a8uTh0]

That was my first thought as well. There are good uses for telegram and some things work better than signal ( API comes to mind ). But just from privacy perspective, telegram is much more easily neutered than signal.

I will admit I am confused. I can only assume something else is at play.

edit: The only thing I can think of is that there some rather gruesome channels showing Russia/Ukraine, Palestine/Israel toll. I wonder if it was decided that general population should not have access to these.

[sangnoir]

I can't tell if it's just uninformed grassroots mistrust of big tech, or the result of astroturf PsyOps to get more people to use the app with weaker encryption.

[kome]

Encryption is really not the main issue here. I think nerds may not fully grasp Telegram's security model: it's essentially stateless, not tied to any particular country. Its infrastructure is distributed across various jurisdictions, with no official representation in many countries—no subsidiaries, nothing.

As a result, it doesn't respond to authorities because it doesn't have to. However, this approach is unsustainable and unacceptable for many governments, both in the East and the West. That's why he's being accused in France: he is not "cooperating with law enforcement".

[sangnoir]

> That's why he's being accused in France...

Or it could be that he has French citizenship; subject to French law. Spreading your infrastructure across legal jurisdiction doesn't make you stateless - it just ensures you're subject to the laws of each jurisdiction you operate in.

[twelve40]

> not tied to any particular country

I don't think that's accurate. Like any other business, he collects money from the Western users, so that's one easy choke point. He is also fully accountable to Apple, otherwise he can forget about 1.5 billion Iphone users forever. (apparently, he also just seems to enjoy visiting France and other countries he decided to go against)

[talldayo]

> He is also fully accountable to Apple

What does this even mean???

He is partially accountable to Apple - he's agreed to a TOS and EULA, as well as conditions for furnishing his Apps. Even with Apple's authoritarian control of their ecosystem though, he isn't fully accountable to Apple. Apple is not a nation or a court that can make decisions like that on their behalf; they have been sued several times for taking punitive action that is illegal obstruction.

Nobody is "fully accountable" to Apple. Apple is fully accountable to the law, and that's that.

[twelve40]

he has to disclose his company's location, where they are paying taxes, probably how much money they are making, which makes it far from "stateless, not tied to any particular country". Through that, he also is forced to comply with local laws that Apple plays by, or get kicked out of those countries iPhones', or the App Store entirely. Apple can and does take that action by requests from local governments, e.g. remove a gay dating app from Turkey's app store by the government request.

[sega_sai]

Because Telegram is not just a messenger, it's a platform for distributing news/info through channels. Signal simply does not have that.

[wkat4242]

Signal and WhatsApp do have that. You can easily use group chats that way, you just have to get invited. You can't look for them and join them.

It's really easy for e.g. a drugdealer to post QR codes or something on lamp posts with their contact and then they can invite people. Making Telegram go away is just going to hide the problem, not solve it.

[tcfhgj]

Afaik WhatsApp and signal group chats have been way to small for that.

In Telegram you can have 10k and more in a channel

[BLKNSLVR]

Aaaah yes, the standard political "solution".

[stefan_]

If you don't cooperate while having the data and your approach to legal compliance is "votes on your personal TG channel", expect to get arrested. At least the services with actual E2EE worth a shit can make a convincing argument they can't produce the data.

[klntsky]

It's because it is in fact used for this, unlike say whatsapp that does not enjoy any trust.

[hsbauauvhabzb]

Going after the one with the least care factor first would make a lot of sense, assuming their cryptographic implementation is inline with their care factor.

[twelve40]

> It's really weird that Telegram is singled out like this.

wasn't he bragging that he operates with like a dozen people or something. I can also see him just punting on many kinds of moderation (outside of the kind that helps running the service), because it's a lot of subjective, dirty work and an army of people.

[4bpp]

In a way, Durov's arrest retroactively vindicates every EU citizen's decision to use Telegram (up until now), as it proves that they haven't been getting what they want from him. I am not nearly as concerned about Durov himself or the government of Dubai getting to read my messages as I am about the EU or one of its member states doing so, as there simply isn't much I can see the former doing with that data. The real danger only arises when the people who can read your messages and the people who can dispatch dudes with guns to your house are in cahoots. (For the same reason, I tend to roll my eyes at warnings about various forms of Chinese spyware.)

[Fnoord]

Why would you be afraid of EU LE? Unlike countries such as Iran, Russia, SA, UAE it has reasonable laws.

[Angelore]

Iran and Russia also had reasonable laws once. Then things changed. The problem is, you can't delete your old chats from the %EU_NSA_analogue%'s servers once they get there. The funniest part is, you might think that you are safe because that one sussy message was posted so long ago. Well, statutes of limitations are changed/ignored just as easily as any other law.

[gspetr]

Paternity testing is illegal in France. Attempting to verify a very basic fact that your child is indeed yours is criminal. So is outsourcing it to other (even neighboring) countries. If French customs intercept DNA samples or results in the mail, the perpetrators can face up to a year in prison and a €15,000 fine.

[4bpp]

EU countries prosecuted Assange, the Pirate Bay guys and now Durov. People in countries like Britain appear to frequently get persecuted for political posts. I'm sure that I've said things online that could get me in trouble now or would at some point in the future when the Overton window shifts in some other direction.

[EduardoBautista]

Are they going to arrest Zuckerberg and Tim Cook next for the encryption in WhatsApp and iMessage?

[rubymamis]

Maybe not, if they already got backdoors?

[sangnoir]

If Apple hypothetically agreed to iMessage backdoors, why would you trust the Telegram app updates served up by Apple's app store? Western government's can pretty much hack into any device they want - the only reason for backdooring messaging apps would be for dragnet surveillance, and I don't see big tech having the appetite for the bad publicity and lawsuits that will result when that inevitably becomes public

[codedokode]

Apple already has a kind of "backdoor": they store the keys for encrypted cloud backups in their cloud as well. They advertise that cloud data are encrypted but prefer not to mention that they also have a key to decrypt it. Even with the highest level of security [1] your contacts list in Apple Cloud are not encrypted. Why? Probably someone asked for this.

[1] https://support.apple.com/en-us/102651

[EduardoBautista]

No, it’s because the CardDAV standard was not created with encryption in mind. It’s also why calendar and mail are not encrypted in iCloud.

[codedokode]

CSV or PNG weren't created with encryption in mind, but one can easily encrypt them. Apple can always make their own proprietary protocol. This doesn't explain anything. However the version that the govt wants to be able to see who is in person't contact list explains it well.

[lmm]

> If Apple hypothetically agreed to iMessage backdoors, why would you trust the Telegram app updates served up by Apple's app store?

I wouldn't. I don't trust Apple hardware or software, and I don't see why anyone who cares about these issues ever would. But fortunately Telegram runs on devices and OSes from a wide range of suppliers, many of which might be less open to the influences that apply to Apple.

[throwaway872175]

You can download Telegram straight from its website, if you're using Android. No need to trust a third-party.

[talldayo]

> I don't see big tech having the appetite for the bad publicity and lawsuits that will result when that inevitably becomes public

If your rationale against first-party backdoors relies on this logic, then you're in for a really big surprise when you read the Snowden leaks.

[crote]

What makes you believe those do not have backdoors for Western powers?

[codedokode]

They are US citizens, nobody dares to arrest them (except for Russia and North Korea).

[talldayo]

No, because then they'd have to acknowledge that WhatsApp and iMessage are both compromised.

[verisimi]

Perhaps they already have backdoors, but don't tell everyone.

[zerodensity]

I mean I wouldn't complain if they did.

[heraldgeezer]

But they recommend Signal themselves...

https://www.politico.eu/article/eu-commission-to-staff-switc...

>The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.

Also Telegram is not E2E by default. You need to activate it per chat. By default and in groups it is only server encrypted.

[vizzah]

Private chats are a hassle to initiate and not multi-device.

Most use normal chats.

With anonymous accounts, using anonymous +888 numbers, whose price has increased from $16 to $1000+ in a matter of a year, it is indeed a very convenient playground for all sorts of activities.

[codedokode]

Aren't open source apps like Jabber or Element which do not require a phone number and allow to host your own server, a much better playground?

[zaik]

Yes, and XMPP over Tor already seems to be popular on the dark web.

[bydlocoder]

It was the default method of contacting the dealers on Russian darknet when everything was a just a message board (hell, it was available without TOR) and not a proper marketplace

[which]

Why would a criminal mastermind pay $1000 for an anonymous Telegram account when they could buy a burner phone with a prepaid SIM included for like $20 to register and throw it out? In my experience the people who buy those are more Durov superfan than Keyser Söze. And evidence of criminality on Telegram predates the Fragment numbers by a while - for instance in like 2014-2015 pretty much the only time Telegram was in the news was in connection to ISIS. They could also just use Signal which is provably private.

[rchaud]

"Burner phones" are a TV trope of the 90s and 00s. In most countries you cannot get a phone number without registering your ID with the telecom provider.

[which]

I’m referring to tracfones or similar prepaid devices which you can buy in the US for very cheap. In other countries if you apply yourself just a little bit you can get the same result. Greece has SIM card registration yet you can buy pre registered ones off the street in Athens. Latvia, Lithuania, Netherlands, Estonia, UK, and other countries have no SIM card registration at all and roaming works good across the EU. And you only need the number once to sign up.

[ImJamal]

Some countries require you to provide a government id, which is logged, to get a new sim.

[popcalc]

Security theater.

SimpleX is the real deal.

[walterbell]

In which countries are the vendors of anonymous numbers located?

[vizzah]

There are no vendors, Telegram issues those numbers. So it's basically a pass to create account w/o mobile number requirement, if you're ready to pay for it.

[walterbell]

Interesting, https://www.theverge.com/2022/12/7/23498236/telegram-fragmen...

> To get an anonymous number, you need to go purchase one through the Fragment blockchain... Durov calls Fragment “an amazing success” that already generated over $50 million in sales in less than a month.

[roomey]

Here's the thing, all the politicians use WhatsApp.

They actually don't want that backdoored, guaranteed.

[volleyball]

WhatsApp's E2E may not be backdoored (maybe), but it is 100% backdoored for metadata and social graph (contacts, group membership, etc.) Example of this : https://scroll.in/article/1044425/how-a-cross-border-love-st...

An even more egregious example : https://news.ycombinator.com/item?id=39918245 Facebook-Meta and Whatsapp maybe accessories to warcrimes perpetrated on a massive scale.

[ncruces]

We've definitely had that: “official” government business over WhatsApp to ensure no retention rules apply.

[DAGdug]

Yep, classic backdoor for thee, but not for me!

[perihelions]

EU politicians did (try to) explicitly exempt themselves from their own chat surveillance laws,

https://news.ycombinator.com/item?id=40063025 ("ChatControl: EU ministers want to exempt themselves (european-pirateparty.eu)", 202 comments)

[hagbard_c]

That concept is as old as politics itself, the Romans already stated quod licet Iovi non licet bovi (What's allowable for Jupiter is not allowed for cattle), the modern version of which is rules for thee, not for me or do as I say, not as I do.

BTW, install your own XMPP server and use OMEMO-compatible clients - Conversations on Android, Gajim on desktop - and you get to have access to non-surveilled [1]communications just like those politico's.

[1] assuming that your client and server devices remain uncompromised, not a given if you happen to be a high-value target. Caveat emptor.

[wkat4242]

That makes sense though. We all know all politicians are saints and would never fall prey to corruption or criminal interests. /s

[ben_w]

/s aside, politicians need privacy for the same reason the rest of us do: they work with sensitive information and it's really important they don't get blackmailed.

Simultaneously, they need a light shone on their private lives for the same reason they want to do that to the rest of us: to make sure they're not abusing their access to sensitive information, getting blackmailed, or otherwise being nefarious.

I have absolutely no idea how to fix this apparent paradox. Perhaps it can't be done. Even if it can, tech is unstable and this is all a moving target — the way GenAI is going, I suspect that we'll all have to carry always-on cameras that log and sign everything just to prove we didn't do whatever some picture or video shows us doing.

[petre]

> they work with sensitive information and it's really important they don't get blackmailed

You mean railway station locker codes for bags of money from Quatar?

[ben_w]

You've quoted two things there, so that's a two-part question.

For blackmail I mean e.g. https://en.wikipedia.org/wiki/Kompromat and https://en.wikipedia.org/wiki/Opposition_research

For sensitive information, I mean e.g. a whistleblower has contacted them, or they're working out the finances for next year and there's potential for market manipulation based on the discussions so far, or they're discussing an emergency (health/economic/military) response that will be unpopular with someone no matter what.

If you are with your example referring to some specific example of them committing crimes, I refer you to my second paragraph in the original message:

> Simultaneously, they need a light shone on their private lives for the same reason they want to do that to the rest of us: to make sure they're not abusing their access to sensitive information, getting blackmailed, or otherwise being nefarious.

[wkat4242]

> I suspect that we'll all have to carry always-on cameras that log and sign everything just to prove we didn't do whatever some picture or video shows us doing.

Yeah good luck with that :')

PS: A change to "guilty until proven innocent" policy would require a serious constitutional change in most countries.

[ben_w]

> A change to "guilty until proven innocent" policy would require a serious constitutional change in most countries.

Indeed, though there I was thinking more the court of public opinion which loves hearsay and rumour.

The actual law? I have no idea. Tech will change the world before the law can catch up with yesterday.