back to article Telegram chat app founder claims Feds offered backdoor bribe

The founder of chat app Telegram has publicly claimed that feds pressured the company to weaken its encryption or install a backdoor. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," Pavel Durov said on Twitter. "It would be naive to think …

  1. This post has been deleted by its author

    1. Lee D Silver badge

      Re: Secure Chats

      Or just don't send messages that you haven't encrypted yourselves too.

      If YOU encrypt the message properly, you could CC: in the head of GCHQ, let WhatsApp double-encrypt it, or give it away in packets of cornflakes, and it would make no difference.

      What you can't hide - and what spooky agencies should be using - is the metadata. What account you spoke to. When. For how long. How large a message. Who else did that speak to? Can you tie that to another person? That's what'll convict you if you can't provide a reasonable defence, and that's what they'll use to trace the networks (whether or not they bother or can get anything useful, that's subjective).

      But the actual ENCRYPTION of a message is something that is quite easy to do. Do it offline and you know your key isn't compromised and don't have to rely on WhatsApp to secure it for you.

      One of the stated purposes of encryption is that you can broadcast the message over a non-secure channel. Beyond that, it really doesn't matter. There are no such things as known-plain-text attacks, etc. any more with modern encryption, even.

      If you're worried about the guy at the other end being your intended target of the message, that's what keys are for (you would have to verify them by some other means - again, an entry point for a spy agency, but pretty much they can just print their public key on posters and put them up around London if they like, that's why it's CALLED a public key - it doesn't help at all in decrypting the message and only the PRIVATE KEY that generated it could do ever that).

      But the medium of transport? You could put it on Twitter with all the permissions open. You'd be giving nothing away about the content of the message by doing so that you aren't giving away by every other possible means. But they still won't know WHAT was said.

      1. Anonymous Coward
        Anonymous Coward

        Re: Secure Chats

        What you can't hide - and what spooky agencies should be using - is the metadata. What account you spoke to. When. For how long. How large a message. Who else did that speak to? Can you tie that to another person?

        Actually, you can. The problem is that you as a provider have to somehow combine your own need for diagnostics and tracking data with a means to protect your customers. That is not a technical problem, it is a legal one, also because of the flipside of selling secure comms: if it's really good, you will end up with bad people using it. You need to have plans in place for dealing with that, one way or the other.

        1. Alan Brown Silver badge

          Re: Secure Chats

          "What you can't hide - and what spooky agencies should be using - is the metadata. "

          Which is why certain Usenet "personalities" were long suspected to be the online version of numbers stations.

          It's also rumoured that all those Claudia Schiffer gifs that were regularly posted during the 1990s contain some rather interesting stegenography.

          1. John Brown (no body) Silver badge
            Black Helicopters

            Re: Secure Chats

            "Which is why certain Usenet "personalities" were long suspected to be the online version of numbers stations."

            I think we have our own right in AManFromMars ;-)

      2. Anonymous Coward
        Headmaster

        Re: Secure Chats

        Nothing beats a one time pad...

        ... oh great, now I've done it, they will be onto me for knowing maths!

        Oh, and I assume some of the signals/metadata can be hidden in plain sight at times. Just find a noisy enough area. But there are (again, using MATHS!!!) some amazing techniques to recoup signals from below the noise floor* as for example with Voyager and NASA.

        *Hopefully that will get me back in their good books...

        1. Anonymous Coward
          Anonymous Coward

          Re: Secure Chats

          FWIW, thank the US Navy and below noise signal recovery. How else do you track an Ohio-class sub. Yes, link required but damned if I can pull it up right now. .

          1. John Smith 19 Gold badge

            " below noise signal recovery. How else do you track an Ohio-class sub. "

            How intriguing.

            Sonar driven by Gold code?

          2. Anonymous Coward
            Anonymous Coward

            Re: Secure Chats

            > thank the US Navy and below noise signal recovery

            To put an example slightly more relevant to most people: GPS signal recovery. Picking a Doppler-shifted, random-looking, -160 dbW excuse for a signal is a work of art in itself. And that's not even the most complicated part of making the darn thing work.

      3. ElReg!comments!Pierre

        Re: Secure Chats

        >What you can't hide - and what spooky agencies should be using - is the metadata. What account you spoke to. When. For how long. How large a message. Who else did that speak to? Can you tie that to another person?

        Oh, they're using that, a lot, but you definitely can hide it, by broadcasting largely enough that almost anyone could have read it. Radio broadcast, classified in a widely-distributed newspaper (or on Craigslist), Usenet, etc. You could even setup a Yahoo! mail account, that's true plausible deniability ;-)

        1. Dave 15

          Re: Secure Chats

          D-day, the instructions to start the campaigns in France were sent to everyone during a standard broadcast by the BBC. Code words, code language, simple to arrange and easy.

        2. Anonymous Coward
          Anonymous Coward

          Re: Secure Chats

          Oh, they're using that, a lot, but you definitely can hide it, by broadcasting largely enough that almost anyone could have read it.

          The most fun approach is poisoning the well by dumping extra associations in there that are provably false, which you can then use to discredit the entire collection. We've come up with quite a few ways to screw around with mass surveillance, and thinking them up is as much fun as implementing them. We ourselves see who talks to whom in our logfiles, but those live in a jurisdiction that requires a high standard of evidence before warrants are granted. None of that nudge, nudge, wink, wink sh*t here, nor do staff have access without clearance (more to protect them, access to private information without the owner's permission is a criminal offence here).

        3. Anonymous Coward
          Anonymous Coward

          Re: Secure Chats

          Numbers chan els, anyone?

      4. Oh Homer
        Big Brother

        Jurisdictional concerns are "nonsense"?

        After what we all now know, as a matter of documented fact, about how the US intelligence agencies operate, clearly the idea that anything pertaining to security that comes from the US is inherently untrustworthy, is certainly not "nonsense", and any supposed security researcher who casually dismisses this proven conflict of interests must be gravely afflicted by bias.

        On the other hand, open source entirely mitigates such concerns, since any attempt to compromise its security is subject to public scrutiny. It can still happen briefly (e.g. via hacked repos), perhaps even long enough to cause serious damage, but ultimately it will be found out, and sooner rather than later.

        But certainly in terms of services based in the US, the only safe assumption one can possibly make is that they are all under the thumb of the US intelligence agencies, and therefore cannot be trusted. I believe that is a very reasonable assumption under the circumstances. Moreover there is absolutely no way to ascertain their trustworthiness, given that said intelligence agencies can not only coerce and compromise them, but also gag them to ensure they are legally prohibited from even revealing this coercion.

        1. John Smith 19 Gold badge
          Unhappy

          "On the other hand, open source entirely mitigates such concerns,"

          Only if people actually study it.

          Given there have been vulns found in 20YO FOSS libraries it seems a lot of people have assumed someone else has done the looking.

          And they haven't

          1. Orv Silver badge

            Re: "On the other hand, open source entirely mitigates such concerns,"

            "Given there have been vulns found in 20YO FOSS libraries it seems a lot of people have assumed someone else has done the looking."

            Writing secure code is very hard.

            Writing secure crypto is extremely hard.

            The problem is the only people who can find some of these vulns are people in the tiny sliver of overlap between top-notch cryptographers and top-notch programmers. And it's going to be the even tinier sliver of people who meet those requirements and are in academia, because someone with those skills who's in private practice is not going to just give them away.

          2. Oh Homer
            Headmaster

            Re: "Only if people actually study it."

            Well I'd expect that, at the very least, the aforementioned security researchers would study it, since that is their sole purpose.

            But yes, the general availability of information does not automatically make us informed, it's merely an opportunity to become informed.

            Unfortunately, neither proprietary software nor services afford us that opportunity at all, either in practice or even in principle, so they are untrustworthy by design. This is only compounded by a political environment where we may assume, as a matter of near certainty, that the software or service in question is bound to be compromised by a hostile government.

            With that kind of certainty, security researchers are more likely to actually go looking for security beaches, especially when it's suspected they've been deliberately injected, but of course this is only possible if the exact corresponding (or indeed any) sources are available, or at least something that can be packet sniffed and/or reverse engineered, and sadly that isn't really possible with a remote service.

            1. John Smith 19 Gold badge
              Unhappy

              "availability of information..not automatically..informed..merely an opportunity..become informed."

              My point exactly.

              It's a necessary condition to find vulns. It's not sufficient.

              If nobody looks at the code that's who will find the vulns.

              Nobody. Except various TLA's who have a brief to "widen access" to anybody they can't access already.

            2. Anonymous Coward
              Anonymous Coward

              Re: "Only if people actually study it."

              With that kind of certainty, security researchers are more likely to actually go looking for security beaches

              .. because THAT'S where we'll fight them.

              :)

        2. Anonymous Coward
          Anonymous Coward

          Re: Jurisdictional concerns are "nonsense"?

          But certainly in terms of services based in the US, the only safe assumption one can possibly make is that they are all under the thumb of the US intelligence agencies, and therefore cannot be trusted.

          Well done. We arrived at that conclusion some 15 years ago, and have acted accordingly ever since. It's worse than that ("they're dead, Jim, dead Jim, dead Jim" - sorry :) ): you don't need to refer to vague agencies as a reason to mistrust US resources, you can simply look at US law. Once you realise just what a mess federal legislation is you'll avoid US based services like the proverbial plague.

          1. Orv Silver badge

            Re: Jurisdictional concerns are "nonsense"?

            Upvote for the video reference.

            "Boldly going forward

            'cause we can't find reverse."

      5. T. F. M. Reader

        Re: Secure Chats

        What you can't hide - and what spooky agencies should be using - is the metadata. What account you spoke to. When. For how long. How large a message.

        I suppose you can do something about that, too, with a provider's assistance. What if the recipient of the message you sent id encrypted between the sender and the provider with a session key, the sender of the message is encrypted between the provider and the sender with another session key, a random delay is introduced between storing and forwarding to thwart correlation analysis, messages are padded to hide the real size, and messages and keys are deleted by the provider upon delivery, with no logs kept?

        That will leave MITM in real time (fake certs, etc.) as the only feasible - metadata only if the sender and the recipient exchange keys and encrypt the contents themselves - attack vector, and mass slurping of stored comms (data or metadata) will become impossible.

        What also will become impossible is for the provider to monetize their customers' data and metadata, so such a service will have to be paid for. Ah...

        I do not know if there is a provider that offers such a service.

      6. Dinsdale247
        Big Brother

        Re: Secure Chats

        "What you can't hide - and what spooky agencies should be using - is the metadata. What account you spoke to. When. For how long. How large a message. Who else did that speak to? Can you tie that to another person? That's what'll convict you if you can't provide a reasonable defence, and that's what they'll use to trace the networks (whether or not they bother or can get anything useful, that's subjective)."

        https://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/

    2. Anonymous Coward Silver badge
      Paris Hilton

      Re: Secure Chats

      "I still wouldn't take an umbrella into the Kremlin on a Tuesday though"

    3. Ivan Headache

      Re: Secure Chats

      The pigeon flies east in the spring.

      1. Dan 55 Silver badge
        1. Anonymous Coward
          Anonymous Coward

          Re: Secure Chats

          The rain in Spain falls mainly on the plain.

          Not sure I'm doing this right.

          1. Michael H.F. Wilkinson Silver badge
            Coat

            Re: Secure Chats

            The dead alligator jumps over the comfy sofa

          2. Anonymous Coward
            Anonymous Coward

            Re: Secure Chats

            Not sure I'm doing this right.

            Me neither. The rain in Spain falls primarily in the hills, due to relief rainfall.

            1. sebt
              Joke

              Re: The Rain in Spain

              The orographic lift induces a greater average precipitation in topographically-elevated zones of the Iberian Peninsula.

              Now THAT's what I call encryption. Well, at least the neither Trumpolini (nor any members of our UK government) will be able to decrypt it.

              1. Stevie
                Joke

                Re: Now THAT's what I call encryption.

                That's what I call encoding.

                Because I know the difference.

                The rain in Staines goes mainly down the drains.

              2. Anonymous Coward
                Anonymous Coward

                Re: The Rain in Spain

                Now THAT's what I call encryption. Well, at least the neither Trumpolini (nor any members of our UK government) will be able to decrypt it.

                Oh, hiding stuff from Trump is actually easy. As long as you use words of more than 3 syllables he won't understand it, and if it's longer than a tweet he won't even bother reading it. I'm only worried about the remaining clever people with malicious intent that he hasn't ejected yet.

          3. David 132 Silver badge
            Pint

            Re: Secure Chats

            The rain in Spain falls mainly on the plain.

            But the water in Majorca don't taste like what it oughta.

            https://youtu.be/u4VFqbroi1I

            1. Stevie

              Re: Secure Chats

              The gypsy mutant industrial vacuum cleaner dances about a mysterious night time camp fire.

              1. ElReg!comments!Pierre

                Re: Secure Chats

                You guys are so obvious. The trick is to give away an easily disproved offence in order to hide more serious intentions, because having nothing to hide is obviously a deception.

                my spanish nephew loves the golden rain

    4. Anonymous Coward
      Anonymous Coward

      JTRIG/GRU QA Manual Page One/Line One

      " control the communications channel "

    5. Paul 195

      Re: Secure Chats

      "But the tulips will bloom in spring"

      1. John G Imrie

        Re: Secure Chats

        The significant owl hoots in the night.

        1. David 132 Silver badge

          Re: Secure Chats

          The significant owl hoots in the night.

          The good mother makes bean soup for the errant boy.

          Sorry, I think I'm in the wrong secret conversation.

        2. Chemical Bob

          Re: Secure Chats

          The gazebo prances fluffy in the moonlight.

          1. John Brown (no body) Silver badge

            Re: Secure Chats

            My hovercraft is full of eels.

            1. Throatwarbler Mangrove Silver badge

              Re: Secure Chats

              My balls are against the wall.

            2. Anonymous C0ward

              Re: Secure Chats

              Drop your panties, Sir William, I cannot wait till lunchtime.

          2. Cheshire Cat
            Go

            Re: Secure Chats

            > The gazebo prances fluffy in the moonlight.

            I attack the gazebo with my +1 sword!

            ... how many xp do I get?

            1. David 132 Silver badge
              Coat

              Re: Secure Chats

              I attack the gazebo with my +1 sword!

              I put on my robe and wizard hat.

              1. Ivan Headache

                Re: Secure Chats

                I'm sorry. I have a cold.

            2. Chemical Bob

              Re: Secure Chats

              "I attack the gazebo with my +1 sword! ... how many xp do I get?"

              Around here you'll get sued for property damage...

  2. Charlie Clark Silver badge

    Don't look over there

    The real strength of Telegram is the group support and a fantastically responsive WebRPC client. Encryption claims require the relevant code to be open source. The spooks might moan about end-to-end encryption but what they really want is to be able to control the whole device.

    But for companies like Telegram the market is where Slack is currently. Encryption is a box to be ticked but the money is in integration and automation for teams.

    1. Anonymous Coward
      Anonymous Coward

      Re: Don't look over there

      > for companies like Telegram the market is where Slack is currently.

      Yeah, proprietary XMPP. I've seen so many of them come and go over the years. Meanwhile, my XMPP account has been ticking on for 16 years and is nowadays tightly integrated with my computing infrastructure while not depending on any single actor or closed source code.

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't look over there

        > Yeah, proprietary XMPP.

        Put another way: by all means do extend XMPP with proprietary protocol that offers value-added functionality, but do not wall-garden the whole thing *and* degrade gracefully in the face of generic / unsupported clients.

    2. Orv Silver badge

      Re: Don't look over there

      Telegram's strength for me is its ability to work over very marginal connections. I've successfully made exchanges on nothing but the 10-15 second blips of cell coverage I got going through subway stations.

      Most people I know are switching to Discord, which has a mobile client that's just awful by comparison. I get a push notification about a message, then I open the client and it has to sit there and spin while it retrieves the message that it was already pushed.

  3. Anonymous Coward
    Anonymous Coward

    Has a point

    While not necessarily agreeing with his statement, as quoted, that "a backdoor will be found" in the rival US-based "privacy" app, there are a number of unexplained or poorly argumented design or policy decisions behind that application, as well as schoolboy errors¹ (errors?) to make it a credible option, the opinion of a "self-described occasional security researcher" notwithstanding.

    In other words, the application in question may not leak the actual content of conversations, that would be way too obvious, but it does provide ample opportunities for those with access to the right places to gather and analyse the metadata at their complete leisure. This being, at the end of the day, perhaps a more valuable target than the data itself.

    Mr Durov's comment that "[i]t would be naive to think you can run an independent/secure cryptoapp based in the US" is probably spot on though.

    ¹ Such as the leaking of plaintext in the Android logs, which the developer somehow spinned as being the packager's fault.

  4. phuzz Silver badge

    TCP/IP was mainly funded by the US government too, just saying.

    1. Orv Silver badge

      Yeah, and look how secure it is. ;)

  5. Anonymous Coward
    Anonymous Coward

    Trucrypt

    I can believe this article just because my favorite encryption software, truecrypt was leaned on by the Feds and I honestly believe it was the Feds that caused it to stop being developed. I still use it. I use the dual key function so I can unencrypt whatever the evil feds want showing dummy files while the true encrypted files stay hidded. I also use special keys in my password such as ♦♣♠• and more than 20 characters. :)

    1. Adam 52 Silver badge

      Re: Trucrypt

      You may have just blown your plausible deniability, unless you have substantially more confidence in El Reg's Anonymous Coward feature than I do.

      1. Adam 1

        Re: Trucrypt

        Nah. We have https comments now, so it's all good. It is TLS all the way .... to the cloudflare CDN.

    2. Anonymous Coward
      Anonymous Coward

      Re: Trucrypt

      I can believe this article just because my favorite encryption software, truecrypt was leaned on by the Feds and I honestly believe it was the Feds that caused it to stop being developed.

      Hasn't that forked into Veracrypt now? I use Cryptomator because a number of mount tools integrate that to allow me encrypted storage on insecure facilities. Not that I use those (I use my own resources) but it's just a good habit to nurture.

  6. Anonymous Coward
    Anonymous Coward

    Could just be mud-flinging, of course. For me, Signal's insistence of using Google's Playstore has always felt wrong. An app for privacy bottlenecked through the globe's biggest information hoovers just doesn't make any kind of sense. Running, also, on Google's OS...you could get away with pretty well anything there.

    1. Anonymous Coward
      Anonymous Coward

      Signal no longer needs google filth

      Although, it does then use more power, but without the 100s of google services running, the battery life's probably no worse.

  7. jason.bourne
    Childcatcher

    Pick Three

    If your chat app of preference is private, go ahead and put three of your deepest darkest secrets into it. No, not those three. Pick three secrets that could get you excommunicated from the world if anyone found out.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like