The Unusual Claims of Pavel Durov Unveiled
Is Telegram secure and for what circumstances does it offer security?
Pavel Durov, the enigmatic mind behind Telegram, is no stranger to bold and controversial statements. Some of his claims seem almost fantastical, while others lack a solid factual basis.
Take, for example, Durov's assertion that he has left Russia for good. Yet, records show he has visited Russia more than 40 times over the past 13 years, according to some investigations. His accusations against WhatsApp and Signal are also questionable, given the lack of substantial evidence to support them. Interestingly, Telegram, despite its claims of end-to-end encryption, turns out to be relatively easy for analysts to scrutinize, with some messages stored unencrypted on Telegram servers, similar to platforms like Facebook and Instagram.
Speaking of transparency, reports on data transmission to Russian users have been missing updates for six months and earlier, leading to suspicion about the integrity of these reports.
Is Durov exploiting this ambiguity to bolster his brand and promote Telegram? It's a fair question, given the unverified nature of some of his statements. Yet, it's essential to remember that these uncertainties do not irrefutably prove Telegram's sharing of information with Russian or other intelligence services.
The Telegram-FSB Connection: A Mysterious Tangle
Investigations suggest that Telegram's connection to Russia's Federal Security Service (FSB) might be more tangled than initially thought. Durov's long-time partner, Ivan Vorobiev, and his company, Global Network Management, are under scrutiny. Vorobiev, himself a figure shrouded in mystery, has sparked concerns, given his known history with the FSB in Russia.
However, these fears are not unfounded. The investigation assumes that if a businessman associates with the FSB in Russia, his foreign business is also affiliated with the FSB, or that Telegram's servers are inherently unsafe. However, evidence is lacking, and it's important to note that providers in Europe who work with DATAIX, a company owned by Vorobiev, adhere to strict EU personal data control standards.
If Durov was indeed cooperating with the FSB, one might question the need for this intricate scheme involving intermediate servers when Telegram could directly hand over any user's message to the FSB at any given moment. After all, as it stands, Telegram stores all our messages in a readable format, except for secret chats.
The Vulnerability of Telegram: Unencrypted Headers
All messages sent through Telegram consist of two parts: an unencrypted header and an encrypted message. Despite experts raising concerns about this protocol issue for years, it remains unresolved. The unencrypted header, which identifies the device for the server (auth_key_id), puts Telegram's security standards under question.
Compared to other messaging apps that encrypt headers, Telegram's peculiarities make such encryption currently impractical. This fact has earned Telegram critique from renowned cryptographer Michal Zajac, who likens it to an 'FSB honeypot.'
Though Zajac's critique holds merit, it's important to remember the complexity of implementing the attack he describes. To execute the attack successfully:
- One would need to "listen" to all Telegram traffic and analyze it.
- Telegram servers must be under full control of the FSB to intercept traffic outside Russia or traffic from VPN or TOR.
The Fine Line Between Fact and Speculation
Reports of Ukrainian users being arrested after communicating with Russian bots bring up legitimate questions about Telegram's connection to the FSB. However, it's crucial to separate fact from speculation. For instance, it's unclear if these instances are a result of hacked Telegram accounts or SMS interception.
Another Russian media outlet, 'First Department,' has analyzed cases where people were arrested for messages sent on Telegram. Their analysis suggests the FSB may obtain information from devices and suspects Telegram's cooperation with the FSB. However, the argument contains several logical errors.
For instance, excluding the first version - the use of honeypots - is dubious when considering the possibility of FSB agents using genuine Ukrainian channels while concealing their presence. Excluding the third version - the compromise of channel administrators - seems premature, given the format of conversations presented in criminal cases and the potential for a delay in linking participants to their real identities.
Ultimately, while it cannot be definitively ruled out that Telegram is cooperating with the FSB, concrete evidence is lacking, making it essential to approach such claims with skepticism.
The Future of Telegram: A Mixed Bag
Despite its controversies and potential vulnerabilities, Telegram remains popular. It straddles the line between a classic social network and a secure messaging platform, using outdated solutions that make it vulnerable but integrated features that make it convenient, such as end-to-end encryption.
Durov's questionable image doesn't inspire trust, and the association with a business partner with ties to the FSB casts further doubt. However, accusations of Telegram leaking Belarusian or Russian activists' chats to the KGB or FSB remain unproven, with no basis for such claims, especially considering isolated cases of suspected leaks.
A Question of Trust: Signal vs Telegram, Protonmail
For sensitive communication, it's worth considering secure alternatives like Signal or Protonmail, as well as Gmail with subsequent message deletion. While Telegram COULD POSSIBLY be linked to hostile intelligence agencies, using more secure channels minimizes potential risks.
Protecting Yourself in an Uncertain World
Navigating the complex world of digital security requires vigilance and careful consideration. For Belarusians, adopting best practices like using secure messaging apps, double-checking sources, verifying contacts, using VPNs, and being mindful of who you communicate with can help ensure your privacy and safety online.
The ever-evolving landscape of cybersecurity calls for constant vigilance and adaptation. Stay informed, stay safe.
References:1. OCCRP, "Telegram's Long-time Technical Head Has a History of Collaborating with Russia's Security Services."2. Telegram, "Statement on OCCRP Allegations."3. The Intercept, "The OCCRP's Telegram Allegations: A Technical Analysis."4. Wired, "Telegram Could Be a Spy Tool for the Kremlin."5. First Department, "Telegram, FSB, and the Arrests of Russian Journalists and Activists: How Law Enforcement Finds You on Telegram and How to Avoid It."
- The controversy surrounding Telegram's alleged connection to Russian intelligence services raises questions about its lifestyle, especially given its founders' history and partnerships.
- As concerns about technology and general-news continue to grow, the debate over whether certain messaging apps, like Telegram, offer sufficient security features remains ongoing, with critics advocating for alternatives like Signal or Protonmail for sensitive communications.
