Of course this is not true.
- distributed vs. centralized architecture and security are not directly related. A centralized architecture with end-to-end encryption can be very secure; a decentralized, non-encrypted solution can be very insecure
- Telegram offers end-to-end between two parties
- Telegram also offers 'channels', i.e. broadcasting. Nobody claimed that these are 100% confidential.
By definition the channels that they are blocking are public.
They offer end to end encryption, which should be as secure as reasonably possible in any communication medium.
Hopefully they will make their server code public soon so it can be reviewed. There are promises to do so, but they want to implement a federation protocol before doing so.
I like to think this is similar to a telephone company.
A terrorist entity has a known telephone number which they use to actively reach people. I would expect the telephone company would drop that number/account once alerted.
Ultimately, data is the greatest currency in the world today. Everything can be recorded and analysed. But the question is, who owns it, and at what point should it become property of those who wish to protect (or cynically - control) us.
The issues here seem to come from a world that has moved beyond scrambling government's legislation to keep up with data. And a government's perception that they have the right to access whatever they want.
But, ultimately people will inevitably try to claim ownership, control it, use it, and prevent others from using it. Equally, those who create it will wish for it to remain private.
These are Telegram channels, which is a private individual broadcasting messages to others publicly (as opposed to 1-1 private messaging, which is encrypted end-to-end).
It seems perfectly reasonable that they can and will moderate channels, but not conversations.
1 to 1 private messaging is not encrypted by default, logs are stored on a server and made available to all devices by a certain user. If you enable 1-1 encryption, it is only possible to read the conversation on those 2 devices that iniated it, as only those have the keys to decrypt it.
I am not sure if it was telegram who found it. I don't use it so I don't have any loyalty here. The discovery probably came from investigations. Maybe they caught some terrorists and found Telegram on the mobile device.
I believe the intelligence has learned terrorists are using Telegram or similar software for communication for a period of time. They just couldn't hack out the actual messages, hence why the governments are constantly asking for less encryption on civilian communication, or the ability to intercept the traffic for analysis. But you know what, you have to trust the software doing its claim. I know there are people eager to do reproducible build to verify that the client software is actually what it claims to be.
Alarmist article. Telegram is banning ISIS's public channels, not snooping on and censoring their private communications. That is moderation of a public facing platform which isn't an invasion of privacy and doesn't necessarily compromise Telegram's security.
They raise the question of the about face from its founder who vowed never to change policy regarding communication. They paint a picture of Russian govt previously pressuring him to release VK info on Ukranian opposition, etc. And the somewhat incongruence between previous interviews positions on communications and today's moves.
No. The article was definitely about condemning Telegram. Otherwise it would have mentioned that other people producing stuff (for example: Cars, Open Source Software etc.) used by terrorists also sleep fine.
I really doubt Washington Posts' sympathies lie with poor ISIS because they lost some social media accounts. If they were condemning anyone (which they weren't), it was Pavel Durov himself, not Telegram.
This piece was about Durov's sudden 180 degree turn from "I will not censor anyone under any circumstance" to "I will have to censor some people under some circumstances, but not when it counts." It also recalls similar events at VKontakte, where he refused to give up data until he was forced to leave the country (presumably leaving VKontakte vulnerable to the government).
(Edited to clarify that I meant it was Pavel Durov as opposed to his company.)
Naive question I have about telegram. Even if the end to end connection is encrypted, you know the ip address of both sender and receiver ? So you have a fairly good idea where the packet are going ?
Basically even if the messages are secure, Telegram owns all the metadata, i.e. who is speaking with whom, at which frequency etc ?
I would expect some smart one using Tor or using throw-away cards / using false identification to obtain a mobile plan. But every trace of someone on Earth will eventually lead to somebody and then somebody else, and finally "you."
Is Signal actually any different from Telegram on the topics OP mentioned? I know their crypto is supposed to be way better, but I don't know about the rest.
Shane Harris' looked at ISIS' use of Telegram in the Daily Beast a few days ago. [1] And Marcy Wheeler's post yesterday [2] relates John Brennan's complaints about the challenges encryption is causing for law enforcement "especially in Europe". Marcy writes:
"If terrorists were using WhatsApp (which a lot of the fearmongering focused on), the metadata, at least, would be available via Facebook. But since Telegram is not a US company, it cannot be obliged under Section 702 of FISA, and that surely creates just the kind of gap Brennan was talking about."
How does it matter what the US can do? There are other countries in the world and the US are not the world police who should be able to snoop on any data of people everywhere. Spy on your own citizens.
it is asking you for your phone number because it is a message they broadcastet through telegram.
That said, here's the text:
We were able to identify and block these public ISIS channels thanks to your reports. Thank you!
Here's an explanation of the blocking process from our FAQ:
All Telegram chats and group chats are private amongst their participants. We do not process any requests related to them. But sticker sets, channels, and bots on Telegram are publicly available. If you find sticker sets or bots on Telegram that you think are illegal, please ping us at abuse@telegram.org.
Our mission is to provide a secure means of communication that works everywhere on the planet. In order to do that in the places where it is most needed (and to continue distributing Telegram through the App Store and Google Play), we have to process legitimate requests to take down illegal public content (sticker sets, bots, and channels) within the app. For example, we can take down sticker sets that violate intellectual property rights or porn bots in countries where pornography is illegal.
User-uploaded stickers sets, channels, and bots by third-party developers are not part of the core Telegram UI. Whenever we receive a complaint at abuse@telegram.org regarding the legality of public content, we perform the necessary legal checks and take it down when deemed appropriate.
Please note that this does not apply to local restrictions on freedom of speech. For example, if criticizing the government is illegal in a country, Telegram won‘t be a part of such politically motivated censorship. This goes against our founders’ principles. While we do block terrorist (e.g. ISIS-related) bots and channels, we will not block anybody who peacefully expresses alternative opinions.
I've diff-ed the two and they basically mentioned channels explicitly in a few places.
< But sticker sets and bots on Telegram are publicly available. [...]
---
> But sticker sets, channels and bots on Telegram are publicly available. [...]
< [...] we have to process legitimate requests to take down illegal public content in Telegram (sticker sets, bots) [...]
---
> [...] we have to process legitimate requests to take down illegal public content in Telegram (sticker sets, bots, channels) [...]
< User-uploaded stickers sets and bots by third-party developers are not part of core Telegram UI. [...]
---
> User-uploaded stickers sets, channels and bots by third-party developers are not part of core Telegram UI.
< [...] While we do block terrorist (e.g. ISIS-related) bots, we will not block bots that peacefully express alternative opinions.
---
> [...] While we do block terrorist (e.g. ISIS-related) bots and channels, we will not block bots that peacefully express alternative opinions.
< [...] Please include the phone number you use on Telegram in international format in your message.
---
> [...] If you’re using a virtual number of any kind, please also mention VOIP in the subject line. Don't forget to include the phone number you use on Telegram in international format in your message.
This thread seems to be generating a great deal of redundancy.
If you're here to ask, "How come they were able to ban channels when Telegram is supposed to be private?", as sk4kerto mentioned channels are a feature for broadcasting information to the public.
If you're wondering how Telegram works, here is their documentation.
That's not expert discussion, that's just low infrmation ranting. It is more informative to note that the most wanted terrorists in the world were using it to communicate publicly with impunity.
It's hard to tell the difference between "using with impunity" and "totally being monitored by organizations who don't wish to tip their hand." Neither is particularly more speculative than the other.
Edit: ...for a service as new and questionable as Telegram.
Even if MTProto is insecure I want someone I trust to tell me so.
it's very likely insecure but the amount of negative press on the subject of telegram is worrying, would you rather people use whatsapp?
I know they're not touting themselves as the bastion of security (like telegram does) but I'd rather people used telegram because at the very least the protocol is open source, and once they have federation and a released server it will be possible to improve on the security probably.
If Telegram is so terrible, why is there so much hubbub in the news about terrorists using it?
(Counterpoint: Maybe because since it's broken, allowing the media to perpetuate how secure Telegram is can only be beneficial. "Gosh darn those terrorists sure got us good with that Telegram app".)
Sigh, this makes Telegram look "guilty" now, and worst of all, it will put pressure on other app developers now to do the same. Next we'll hear some Congressman says that Google and Apple should be monitoring their apps for "terrorist talk" and report to authorities in real-time. But I guess Facebook has already been doing that for years.
Let's wait until this blows over, but next year we really need to start pushing companies to adopt end-to-end encryption, or vote with our feet (Signal, etc).
Unfortunately by closing these channels it seems we have lost an opportunity for dissenting voices to reach ISIS supporters. If I was involved in the soft war against ISIS I don't think I would have wanted this to happen. The more they are driven underground the less influence moderate positions will have.
Edit: to be clear, I'm not expecting any miracles, that everyone could be talked off the ledge but some fraction definitely could. Perforating their echo chamber at least provides an opportunity to inject FUD into their discussions, undermine other's authority, play people off against each other, gives an opportunity to try and identify culprits, gives insights into what they are currently thinking, possibly targets that have been discussed, what the common recruitment strategies are etc. There are a lot of amateurs in their ranks (however dangerous) and these channels are probably a rich source of intelligence.
These people don't care about moderate voices. It would be like convincing Lenin to embrace capitalism. If cutting the head off someone or raping children is a normal course of business, some moderate voice isn't going to make a single difference.
Underestimating or dehumanizing your opponent is a sure-fire way to lose a war. These people don't get supporters by merely "waiting for the crazy to hop in". They brainwash the weak. It's far more effective to weaken or remove the framework that allows this brainwashing to happen, than to lump everybody into the crazybucket.
ISIS is successfully organizing and recruiting using these channels. Is there any indication at all that these channels allowed dissenting voices to reach ISIS supporters? That these voices had any impact on them at all? That if they had any impact, it was large enough to be a worthwhile tradeoff?
This idea that just by talking to someone no matter their opinion or how extreme they are in pursuing it, you can convince them to be wrong, may be attractive but it's questionable at best. American politics, conspiracy theorists, antisemites, nazis there is absolutely no shortage of people with extreme opinions that are confronted with dissenting voices. You will find it challenging to find these voices having any positive impact at all though.
As far as I know, Telegram channels are a one-way broadcasting tool. Only channel moderators can post on them. It's separate from groups, where everyone can chime in.
Why on Earth would we want to ban ISIS channels rather than closely tracking ISIS channels for opsec failures and dropping bombs or SWAT teams on participants?
They shouldn't be able to do so but even if they could they wouldn't do it. It'd show that the claims they make on the security of their product are invalid.
E2E is only for one-on-one chats, and it's not even enabled by default. Channels, broadcasts, groups and whatever else they call multi-user conferences are NOT E2E encrypted and servers should have full access to the plaintexts.
Even if they were encrypted, these are groups with hundreds of users. The odds that one of the users is a spy (or that they just leave their phone on a bus) is basically 100%.
Encryption only protects confidentiality of message contents, you can still see who's talking to who (traffic analysis), when they're doing it, etc. See traffic analysis.
Meanwhile, Telegram's cofounder Pavel Durov wrote about the Paris attacks on Instagram yesterday:
"I think the French government is as responsible as ISIS for this, because it is their policies and carelessness which eventually led to the tragedy. They take money away from hardworking people of France with outrageously high taxes and spend them on waging useless wars in the Middle East and on creating parasitic social paradise for North African immigrants. It is a disgrace to see Paris in the hands of shortsighted socialists who ruin this beautiful place. I hope they and their policies go away forever and this city will once again shine in its full glory – safe, rich and beautiful."
Seems victim blaming is in vogue. What then, is the excuse that they'll use for the victims of Islamists in Kenya, Nigeria, Mali, Egypt, Phillipines, Indonesia, Lebanon, Turkey, Bosnia, Libya, Tunisia, Thailand, etc...?
There's always a 'but they did this...' that I hear coming from the apologists. When will the Sunni community actually admit that maybe, just maybe there's a problem if so many of their ranks resort to terrorism? There are plenty of peoples who are far more oppressed, that don't commit terrorist attacks...
Excuse my French but that man is a piece of shit. Victim blaming at its finest and a totally uncalled for, totally irrelevant, very misinformed political opinion.
I do realize I'm on HN and this is not the place to discuss this, but I had to react as this hits a nerve (obviously).
If you think the French welfare state is a production of our current socialist government, newsflash: it's not. As for France being a paradise for immigrants, we can't even get the Syrians refugees to come here to fulfill the quotas Europe imposed on us.
I can't find any more words to say how disgusted I am by that comment.
France is a democracy. The French government has been elected and represents the people of France.
Plus all the things he refers to are not especially the doing of our current government. I do not like our current president or the current ruling party, but come on...
But that does not mean they're a victim, if you're a french citizen who elected a government that then went on to do ABC that does not mean that you as a citizen supported that.
"represents the people of France"
What does that mean though? does that mean that if a government that i elected goes on to do awful things, represent me?
Governments do horrific things their citizens don't support from time to time, i don't think that the US government represented all americans when they decided to drop atomic bombs in 1945.
> i don't think that the US government represented all americans when they decided to drop atomic bombs in 1945
Offtopic but I wish this historical meme would die. Atomic bombs were probably the most humane option that was on the table; if you want to talk about atrocities America inflicted on Japan, let's talk about firebombings.
Since backing off the war completely wasn't a realistic option, they basically had a choice between nuking Japan until it surrenders, or prolonging the war on land and sea, and the latter was estimated to take much more lives on both sides.
I'm not saying that the US chose to go with the first option out of altruistic reasons, but dropping the atomic bombs wasn't an atrocity compared with the usual firebombing, and saved a lot of lives that would be lost if the war continued.
It's a bit crazy how internet services are being blamed.
Why not the smartphone maker?
Or even better why not the weapons manufacturers, or bullet makers or bomb making material manufacturers?
I mean really, how many bullets are going to end up in the hands of "good guys" vs "bad guys" (this is sarcasm relating to how people use apps being abused for wrong purposes).
The current situation in France is making me very conflicted about privacy and public liberties.
I am a strong believer of the value of privacy for a modern society. I even want to dedicate my life to help building privacy enhancing technologies and censorship-resistant networks. Because I think that an "advanced" world can only thrive if information is unrestricted, or unstoppable.
But today I face a dilemma. The dilemma of choosing between freedom and privacy, and security.
I am French, and have a lot of family in Paris. My brother lives two streets from the Bataclan and lost one of his friends. Some of my friends lost 5, sometimes 10 people that night. Imagine loosing two thirds of your group of friends in a few hours. This is frightening.
When I look at France. I see a great country, with a lot of humanity and when I look at the French, I see a freedom loving people who share a love for good food, good music and generally speaking, the good things that life has to offer.
But I also see the failure of my country in the suburbs. With entire neighborhoods that have been left uncontrolled by the government at some point, and who never went back to that state despite lots of efforts. These neighborhoods are rigged with crime and violence, and have been a fertile environment for religious lunatics to grow stronger for the last twenty years.
And I have mixed feelings. The French National Assembly has extended the state of urgency to three months. Strengthening the regalian power of the state and weakening the counter-balancing power of the Judicial branch.
Hundreds of raids have been coordinated through France, most being in those "uncontrolled areas". And it seems to work.
Which prompt me to think that this might be for the better. For the most part of my "short" life, I have thought that a people should never "trade freedom for security". But I have come to the, perhaps wrong, conclusion that there can't be "freedom without security" either.
Maybe we should give up some freedom to let the "good guys" crackdown hard on the "bad guys".
But maybe it isn't. Maybe fear is clouding my judgement.
I'm really curios, why do you think that less privacy and more government control means safety?
Suppose that this less privacy equals greater safety, is it smart allowing the government to have this sort of power over us? Sure maybe the current government is awesome and really wants to keep us "safe", what if the next president is an evil tyrant who suddenly has all that power.
People can ultimately use any tool to do evil imho, would you like the government to control who can buy knives and cars for example? both of them can be used to do evil acts.
I'm very sorry to hear about the losses your friends and family have endured. My comments below are not meant to dismiss those losses.
So, here are some questions to ask if you want to prevent fear from clouding your judgment of the security vs. freedom question:
If the authorities knew where they needed to raid already, why didn't they raid there before the attacks?
On the other hand, if they have all of the surveillance we read about in the news and more, why weren't the attacks prevented? How will more of the same surveillance work any better than the massive amount already in place?
Finally, how do you trust the authorities claims now that their emergency techniques work, if you didn't trust their techniques before?
Again, none of this is meant to belittle the losses sustained or the seriousness of the attacks. But I believe that terrorism is a social and political problem first, a criminal problem second, and a surveillance problem least. So the solutions need to be long-term social and political moves to counteract the economic and ideological conditions that breed terrorists.
I do understand your viewpoint – theres an unfairness in large-scale terrorist attacks that's very hard to deal with, and commentators can all too often be a bit shallow in dismissing that.
The thing is… there's little evidence that limiting privacy would prevent terrorist attacks. Maybe unless you are talking about a complete elimination of all private communication—something which I think most people would rightly reject outright—then there will always be private channels available for communication. I think most people will accept that some form of government access to communication is sometimes warranted – but that such access must be strictly controlled, judicially overseen, and limited in scope and time. Previous experience as a society suggests that any excessive government power will be abused.
The issue here is not one of a government which is limited in its power to 'crack down' on terrorism. It's what you've identified – neighbourhoods riddled with poverty and crime. There are a breeding ground for disenfranchisement, and we know it's the tactical approach of groups like Daesh to encourage and recruit from these disenfranchised areas.
You can only realistically solve this problem by solving disenfranchisement. That's a complex socioeconomic issue, though – and not something I have the answer to. But the idea that this is 'freedom vs. privacy' doesn't stand up to examination.
I wrote this to Pavel Durov, and maybe it will help bring some more clarity to the freedom vs security debate:
Listen, as a fellow social platform developer and someone who has to seriously consider these issues, I have a suggestion. Why don't you consider terrorism as an epidemiological model, using your network to spread a certain undesirable virus/meme (whose symptoms include violence). Then you can borrow from known bio literature about battling viruses:
Markers (based on previous samples
Antibodies (preventing recipients from getting infectious messages)
Obstacles (making difficulty of spreading organically harder)
And work to promote herd immunity. You can add this to the system without any government or yourself being aware of the contents of the messages. Have the computer system be like an organization that maintains herd immunity in its population, while at the same time (being electronic) having zero interest in reporting people and message content to others.
One of the first things you'll notice is mass media (one to many transmission taken to the extreme) is the biggest risk to herd immunity. Free speech like every other right may have limits... speech to 100 people may be totally unenmbered but speech to 1,000,000 comes with responsibility, or else it's just a freerider on a system. YOU Pavel have a responsibility since your code is your (meta-)"speech" once such a large audience engages with your product!
Stop shutting down ISIS channels. It's GOOD that they use your software. Look at the incident of Craigslist shutting down its prostitution section -- people just moved elsewhere. Instead, think about whether "right to free speech" and "right to privacy" must be absolute or whether there is justification to BALANCE them against public welfare at ANY point on the continuum. Perhaps if the system can detect with good confidence some violent speech, it is better to LET IT HAPPEN and alert the operators so they can refer it to the authorities. Either way, Pavel, as long as the developers are few they have the power and can be bullied by governments. So use this power to set the lead: build VIRUS DETECTION not BANNING into the system, and only drop privacy in the case of some imminent danger. Make the networks have an immune system. But do not simply make people move somewhere else.
when are american companies like twitter going to step up and do the same?
isis's use of social media to spread their anti-american propaganda should not be protected by freedom of speech
Telegram itself is open source. Which means anyone with some technical knowledge can build it from the source. So banning some channels doesn't seem wise enough.
Considering we killed off the largest single intelligence asset on terrorism in the world (OBL), instead of interrogating him, this doesnt surprise me at all.
What on earth makes you think Osama Bin Laden would start detailing everything he knew to his captors, assuming he allowed them to take him alive in the first place? I'm not seeing much benefit to keeping evidently successful propaganda channels alive either.
92 comments
[ 4.1 ms ] story [ 223 ms ] threadThey offer end to end encryption, which should be as secure as reasonably possible in any communication medium.
Hopefully they will make their server code public soon so it can be reviewed. There are promises to do so, but they want to implement a federation protocol before doing so.
A terrorist entity has a known telephone number which they use to actively reach people. I would expect the telephone company would drop that number/account once alerted.
The issues here seem to come from a world that has moved beyond scrambling government's legislation to keep up with data. And a government's perception that they have the right to access whatever they want.
But, ultimately people will inevitably try to claim ownership, control it, use it, and prevent others from using it. Equally, those who create it will wish for it to remain private.
And, they will fail.
>Equally, those who create it will wish for it to remain private.
Maybe. Maybe not. People may wish all day long.
It seems perfectly reasonable that they can and will moderate channels, but not conversations.
Why do you comment if you have zero information?
I believe the intelligence has learned terrorists are using Telegram or similar software for communication for a period of time. They just couldn't hack out the actual messages, hence why the governments are constantly asking for less encryption on civilian communication, or the ability to intercept the traffic for analysis. But you know what, you have to trust the software doing its claim. I know there are people eager to do reproducible build to verify that the client software is actually what it claims to be.
This piece was about Durov's sudden 180 degree turn from "I will not censor anyone under any circumstance" to "I will have to censor some people under some circumstances, but not when it counts." It also recalls similar events at VKontakte, where he refused to give up data until he was forced to leave the country (presumably leaving VKontakte vulnerable to the government).
(Edited to clarify that I meant it was Pavel Durov as opposed to his company.)
Basically even if the messages are secure, Telegram owns all the metadata, i.e. who is speaking with whom, at which frequency etc ?
https://twitter.com/snowden/status/661313394906161152?lang=e...
"If terrorists were using WhatsApp (which a lot of the fearmongering focused on), the metadata, at least, would be available via Facebook. But since Telegram is not a US company, it cannot be obliged under Section 702 of FISA, and that surely creates just the kind of gap Brennan was talking about."
[1] http://www.thedailybeast.com/articles/2015/11/16/this-is-isi...
[2] https://www.emptywheel.net/2015/11/18/brennan-was-probably-t...
That said, here's the text:
We were able to identify and block these public ISIS channels thanks to your reports. Thank you! Here's an explanation of the blocking process from our FAQ:
All Telegram chats and group chats are private amongst their participants. We do not process any requests related to them. But sticker sets, channels, and bots on Telegram are publicly available. If you find sticker sets or bots on Telegram that you think are illegal, please ping us at abuse@telegram.org.
Our mission is to provide a secure means of communication that works everywhere on the planet. In order to do that in the places where it is most needed (and to continue distributing Telegram through the App Store and Google Play), we have to process legitimate requests to take down illegal public content (sticker sets, bots, and channels) within the app. For example, we can take down sticker sets that violate intellectual property rights or porn bots in countries where pornography is illegal.
User-uploaded stickers sets, channels, and bots by third-party developers are not part of the core Telegram UI. Whenever we receive a complaint at abuse@telegram.org regarding the legality of public content, we perform the necessary legal checks and take it down when deemed appropriate.
Please note that this does not apply to local restrictions on freedom of speech. For example, if criticizing the government is illegal in a country, Telegram won‘t be a part of such politically motivated censorship. This goes against our founders’ principles. While we do block terrorist (e.g. ISIS-related) bots and channels, we will not block anybody who peacefully expresses alternative opinions.
FAQ link: https://telegram.org/faq#q-there-39s-illegal-content-on-tele...
Old: https://web.archive.org/web/20151117022238/https://telegram....
New: https://telegram.org/faq#q-wait-0-o-do-you-process-take-down...
< But sticker sets and bots on Telegram are publicly available. [...]
---
> But sticker sets, channels and bots on Telegram are publicly available. [...]
< [...] we have to process legitimate requests to take down illegal public content in Telegram (sticker sets, bots) [...]
---
> [...] we have to process legitimate requests to take down illegal public content in Telegram (sticker sets, bots, channels) [...]
< User-uploaded stickers sets and bots by third-party developers are not part of core Telegram UI. [...]
---
> User-uploaded stickers sets, channels and bots by third-party developers are not part of core Telegram UI.
< [...] While we do block terrorist (e.g. ISIS-related) bots, we will not block bots that peacefully express alternative opinions.
---
> [...] While we do block terrorist (e.g. ISIS-related) bots and channels, we will not block bots that peacefully express alternative opinions.
< [...] Please include the phone number you use on Telegram in international format in your message.
---
> [...] If you’re using a virtual number of any kind, please also mention VOIP in the subject line. Don't forget to include the phone number you use on Telegram in international format in your message.
If you're here to ask, "How come they were able to ban channels when Telegram is supposed to be private?", as sk4kerto mentioned channels are a feature for broadcasting information to the public.
If you're wondering how Telegram works, here is their documentation.
https://core.telegram.org/mtproto
https://twitter.com/matthew_d_green/status/58224970928632627...
https://twitter.com/matthew_d_green/status/58291636575066931...
https://twitter.com/matthew_d_green/status/58224562510382694...
There are much better links he could have provided, I agree, but Matthew Green is not a low-information ranter.
Edit: ...for a service as new and questionable as Telegram.
https://news.ycombinator.com/item?id=6940665
it's very likely insecure but the amount of negative press on the subject of telegram is worrying, would you rather people use whatsapp?
I know they're not touting themselves as the bastion of security (like telegram does) but I'd rather people used telegram because at the very least the protocol is open source, and once they have federation and a released server it will be possible to improve on the security probably.
I you want easy-to-use secure messenger you should use Signal. (https://whispersystems.org/)
Here's Snowden's response: https://twitter.com/snowden/status/661313394906161152?lang=e...
"In short, for better protection, use anything else."
(Counterpoint: Maybe because since it's broken, allowing the media to perpetuate how secure Telegram is can only be beneficial. "Gosh darn those terrorists sure got us good with that Telegram app".)
http://www.cnet.com/news/facebook-scans-chats-and-posts-for-...
Let's wait until this blows over, but next year we really need to start pushing companies to adopt end-to-end encryption, or vote with our feet (Signal, etc).
http://motherboard.vice.com/read/encryption-app-telegram-pro...
Edit: to be clear, I'm not expecting any miracles, that everyone could be talked off the ledge but some fraction definitely could. Perforating their echo chamber at least provides an opportunity to inject FUD into their discussions, undermine other's authority, play people off against each other, gives an opportunity to try and identify culprits, gives insights into what they are currently thinking, possibly targets that have been discussed, what the common recruitment strategies are etc. There are a lot of amateurs in their ranks (however dangerous) and these channels are probably a rich source of intelligence.
Underestimating or dehumanizing your opponent is a sure-fire way to lose a war. These people don't get supporters by merely "waiting for the crazy to hop in". They brainwash the weak. It's far more effective to weaken or remove the framework that allows this brainwashing to happen, than to lump everybody into the crazybucket.
This idea that just by talking to someone no matter their opinion or how extreme they are in pursuing it, you can convince them to be wrong, may be attractive but it's questionable at best. American politics, conspiracy theorists, antisemites, nazis there is absolutely no shortage of people with extreme opinions that are confronted with dissenting voices. You will find it challenging to find these voices having any positive impact at all though.
Have you ever tried convincing an athiest that there is a god, or a christian that there isn't a god?
E2E is only for one-on-one chats, and it's not even enabled by default. Channels, broadcasts, groups and whatever else they call multi-user conferences are NOT E2E encrypted and servers should have full access to the plaintexts.
"I think the French government is as responsible as ISIS for this, because it is their policies and carelessness which eventually led to the tragedy. They take money away from hardworking people of France with outrageously high taxes and spend them on waging useless wars in the Middle East and on creating parasitic social paradise for North African immigrants. It is a disgrace to see Paris in the hands of shortsighted socialists who ruin this beautiful place. I hope they and their policies go away forever and this city will once again shine in its full glory – safe, rich and beautiful."
https://www.instagram.com/p/-MrPWGr7aL/?taken-by=durov
There's always a 'but they did this...' that I hear coming from the apologists. When will the Sunni community actually admit that maybe, just maybe there's a problem if so many of their ranks resort to terrorism? There are plenty of peoples who are far more oppressed, that don't commit terrorist attacks...
I do realize I'm on HN and this is not the place to discuss this, but I had to react as this hits a nerve (obviously).
If you think the French welfare state is a production of our current socialist government, newsflash: it's not. As for France being a paradise for immigrants, we can't even get the Syrians refugees to come here to fulfill the quotas Europe imposed on us.
I can't find any more words to say how disgusted I am by that comment.
"I think the French government is as responsible as ISIS for this"
France is a democracy. The French government has been elected and represents the people of France.
Plus all the things he refers to are not especially the doing of our current government. I do not like our current president or the current ruling party, but come on...
But that does not mean they're a victim, if you're a french citizen who elected a government that then went on to do ABC that does not mean that you as a citizen supported that.
"represents the people of France"
What does that mean though? does that mean that if a government that i elected goes on to do awful things, represent me?
Governments do horrific things their citizens don't support from time to time, i don't think that the US government represented all americans when they decided to drop atomic bombs in 1945.
I'm not aware of any atrocities committed by our current government.
[edited after cooling down]
Offtopic but I wish this historical meme would die. Atomic bombs were probably the most humane option that was on the table; if you want to talk about atrocities America inflicted on Japan, let's talk about firebombings.
Dropping the bombs to scare the japanese empire saved tons of lifes.
I'm not saying that the US chose to go with the first option out of altruistic reasons, but dropping the atomic bombs wasn't an atrocity compared with the usual firebombing, and saved a lot of lives that would be lost if the war continued.
Why not the smartphone maker?
Or even better why not the weapons manufacturers, or bullet makers or bomb making material manufacturers?
I mean really, how many bullets are going to end up in the hands of "good guys" vs "bad guys" (this is sarcasm relating to how people use apps being abused for wrong purposes).
I am a strong believer of the value of privacy for a modern society. I even want to dedicate my life to help building privacy enhancing technologies and censorship-resistant networks. Because I think that an "advanced" world can only thrive if information is unrestricted, or unstoppable.
But today I face a dilemma. The dilemma of choosing between freedom and privacy, and security.
I am French, and have a lot of family in Paris. My brother lives two streets from the Bataclan and lost one of his friends. Some of my friends lost 5, sometimes 10 people that night. Imagine loosing two thirds of your group of friends in a few hours. This is frightening.
When I look at France. I see a great country, with a lot of humanity and when I look at the French, I see a freedom loving people who share a love for good food, good music and generally speaking, the good things that life has to offer.
But I also see the failure of my country in the suburbs. With entire neighborhoods that have been left uncontrolled by the government at some point, and who never went back to that state despite lots of efforts. These neighborhoods are rigged with crime and violence, and have been a fertile environment for religious lunatics to grow stronger for the last twenty years.
And I have mixed feelings. The French National Assembly has extended the state of urgency to three months. Strengthening the regalian power of the state and weakening the counter-balancing power of the Judicial branch.
Hundreds of raids have been coordinated through France, most being in those "uncontrolled areas". And it seems to work.
Which prompt me to think that this might be for the better. For the most part of my "short" life, I have thought that a people should never "trade freedom for security". But I have come to the, perhaps wrong, conclusion that there can't be "freedom without security" either.
Maybe we should give up some freedom to let the "good guys" crackdown hard on the "bad guys".
But maybe it isn't. Maybe fear is clouding my judgement.
Suppose that this less privacy equals greater safety, is it smart allowing the government to have this sort of power over us? Sure maybe the current government is awesome and really wants to keep us "safe", what if the next president is an evil tyrant who suddenly has all that power.
People can ultimately use any tool to do evil imho, would you like the government to control who can buy knives and cars for example? both of them can be used to do evil acts.
So, here are some questions to ask if you want to prevent fear from clouding your judgment of the security vs. freedom question:
If the authorities knew where they needed to raid already, why didn't they raid there before the attacks?
On the other hand, if they have all of the surveillance we read about in the news and more, why weren't the attacks prevented? How will more of the same surveillance work any better than the massive amount already in place?
Finally, how do you trust the authorities claims now that their emergency techniques work, if you didn't trust their techniques before?
Again, none of this is meant to belittle the losses sustained or the seriousness of the attacks. But I believe that terrorism is a social and political problem first, a criminal problem second, and a surveillance problem least. So the solutions need to be long-term social and political moves to counteract the economic and ideological conditions that breed terrorists.
The thing is… there's little evidence that limiting privacy would prevent terrorist attacks. Maybe unless you are talking about a complete elimination of all private communication—something which I think most people would rightly reject outright—then there will always be private channels available for communication. I think most people will accept that some form of government access to communication is sometimes warranted – but that such access must be strictly controlled, judicially overseen, and limited in scope and time. Previous experience as a society suggests that any excessive government power will be abused.
The issue here is not one of a government which is limited in its power to 'crack down' on terrorism. It's what you've identified – neighbourhoods riddled with poverty and crime. There are a breeding ground for disenfranchisement, and we know it's the tactical approach of groups like Daesh to encourage and recruit from these disenfranchised areas.
You can only realistically solve this problem by solving disenfranchisement. That's a complex socioeconomic issue, though – and not something I have the answer to. But the idea that this is 'freedom vs. privacy' doesn't stand up to examination.
Listen, as a fellow social platform developer and someone who has to seriously consider these issues, I have a suggestion. Why don't you consider terrorism as an epidemiological model, using your network to spread a certain undesirable virus/meme (whose symptoms include violence). Then you can borrow from known bio literature about battling viruses:
Markers (based on previous samples
Antibodies (preventing recipients from getting infectious messages)
Obstacles (making difficulty of spreading organically harder)
And work to promote herd immunity. You can add this to the system without any government or yourself being aware of the contents of the messages. Have the computer system be like an organization that maintains herd immunity in its population, while at the same time (being electronic) having zero interest in reporting people and message content to others.
One of the first things you'll notice is mass media (one to many transmission taken to the extreme) is the biggest risk to herd immunity. Free speech like every other right may have limits... speech to 100 people may be totally unenmbered but speech to 1,000,000 comes with responsibility, or else it's just a freerider on a system. YOU Pavel have a responsibility since your code is your (meta-)"speech" once such a large audience engages with your product!
Stop shutting down ISIS channels. It's GOOD that they use your software. Look at the incident of Craigslist shutting down its prostitution section -- people just moved elsewhere. Instead, think about whether "right to free speech" and "right to privacy" must be absolute or whether there is justification to BALANCE them against public welfare at ANY point on the continuum. Perhaps if the system can detect with good confidence some violent speech, it is better to LET IT HAPPEN and alert the operators so they can refer it to the authorities. Either way, Pavel, as long as the developers are few they have the power and can be bullied by governments. So use this power to set the lead: build VIRUS DETECTION not BANNING into the system, and only drop privacy in the case of some imminent danger. Make the networks have an immune system. But do not simply make people move somewhere else.
I think Prohibition is a case study in banning vs. regulating