If Telegram were protecting the identity of HK protestors they would say this.
If they were selling the HK protestors out to the Chinese government they would also say this.
True trustworthyness can only come from open source code and concepts designed into the protocol. I don't think this can be achieved on Apple's platform, might be possible on Android.
No, it's impossible to know what code is running on someone else's server. If you give your phone number to someone, you are at their mercy to keep it confidential.
I think it's hard to make an argument that China has a lot of leverage on Telegram as an organization, but that could change in years to come. A decade ago, no one really thought Google would become this hostile to users and even seek to collaborate with the CPC govt and its totalitarian vision.
Everything you said about open-source applies to Android too. At the very least all kinds of backdoors are in Android phone because of chip firmware. But I guess you might be alluding to the fact that Tim Cook handed over Apple iCloud keys to the Chinese govt.
Knowing the founder, find it hard to believe. The guy who fled Russia to avoid persecution has little tolerance for any government trying to mess with people's privacy. Culturally, Russia itself has a lot more in common with the west. China is completely separated, from, I would say, the rest of the world, in terms of mentality. It's even different from most Asian countries and Hong Kong. Find it hard to imagine why would anyone cooperate with China on doing things the western world considers immoral and unacceptable.
The protestors aren't using the encryption features. They just don't want their phone numbers to be revealed as being associated with the groups used to coordinate the demonstrations.
> Protesters believe Chinese security officials have exploited the function by uploading large quantities of phone numbers.
> The app automatically matches phone numbers with the user names in the group. Chinese authorities then only need to request the owners of the phone numbers from the local telecom service in order to learn the users’ true identities.
> Telegram has detected evidence that Chinese authorities may have uploaded numbers to identify protesters, said a person with direct knowledge of the situation.
Are you sure? I wanted to install Telegram and it insisted on having the contacts permission from the get go. I think it's sending contacts to their database so they can match friends.
Isn't there a secure messaging app that doesn't require a phone number and doesn't ask me to upload my contacts?
Matrix doesn't ask for anything. But I wouldn't use it for super critical things, cause the user interface (of the Riot client) is confusing enough that I'm afraid I'll make mistakes in verifying devices or fingerprints or something. Weird things happened when I tried it myself (I got more device IDs than devices, and I'm not sure where the other ones came from ... )
> The app automatically matches phone numbers with the user names in the group. Chinese authorities then only need to request the owners of the phone numbers from the local telecom service in order to learn the users’ true identities.
This is a flaw common to services that rely on phone numbers as IDs. In many countries, one cannot purchase a SIM card without showing ID (and the seller makes a photocopy of the ID to provide to the authorities). That means that there cannot be true anonymity. Know the phone number, know the person.
I am always baffled when people claim that PGP-encrypted e-mail is passé because it leaks metadata, when Signal and Telegram leak metadata too and, furthermore, metadata that can be immediately associated with a specific person in many countries.
I recently visited what is apparently a prepaid-SIM-without-ID island of the Czech Republic, accustomed to places where registration is required. The person in the telecom store selling me the SIM looked at me with an almost disarming "this is the Czech Republic" look when I asked if she needed to see my passport.
In Germany you now apparently need to show ID and provide an address, though no proof of residence so any address seems acceptable.
In Germany, I need to do PostIdent or handover my address+copy of my ID/passport to buy a SIM card. To further check things, telecom sends letters to corresponding address too sometimes.
Not the same crossing the Tasman sea. It's mixed in Australia. One can only have 5 pre-paid mobile numbers under 1 name (activation limit). However, you can still buy SIM packs from supermarkets or convenient stores, not sure if activation requires ID, it may depend on provider.
NZ is obviously loose due to large number of tourists, I reckon. So easy to get SIM cards, I've got 2 (spark and 2 degrees). US also requires ID to get SIM last time I was in bay area (2016).
Anyone can get a phone number anonymously from https://jmp.chat/ if they like. JMP lets you signup over Tor, and after the free trial you can pay in Bitcoin or other cryptocurrencies to keep the number.
You also don't need to use these private numbers with friends, keep your main number and just use this or some voip number for stuff you want private.
The problem is this would both a) need to be used by Signal as the primary number ID b) your friend would need to know this separate number just for chat (unless you also use it for calls and other stuff then no biggie)
Of course this also kills new friend discovery, which is probably not needed by most.
I haven't tried using SIP on my phone app while simultaneously having a SIM number so I'm not sure Signal can be routed through an arbitrary number on your phone. But I could be wrong. Maybe someone else knows?
Furthermore, a phone number allows the government to determine rough location in real time or see an archive of previous locations for several months. Also, in some countries (guess which) all SMS messages and phone calls are recorded and stored for at least 6 months.
It is dangerous to use such messengers like Signal (or Telegram) with a real phone number.
Unless of course you don't tie your real identity to your phone plan or more accurately your IMEI.
Which I've done personally for many years. They won't tell you it's possible at the stores but they don't ask questions if you say you forgot your drivers licence at home.
Didn't say it was, but the ones requiring IDs are more the exception than the rule, meaning hundreds of millions of people, and hardly anyone knows to do it so it's worth mentioning.
Fortunately that's not the only identity separation you can create, which IMO is as or more important day to day than encryption and other technical solutions.
But nothing beats limiting government power through policy which seems to unpopular these last few decades.
Then don't use so called 'secure' services that rely on phone numbers. There exist plenty of secure chat apps that don't have this flaw. LINE is probably my favorite.
Fair, but it's E2E by default, and only requires a (burner) email address to sign up. If you're careful, there's not much to be gleaned from the remaining data.
Doesn't LINE require a phone number or a Facebook account? Seeing as Facebook will often ask for a photo of you to verify your account before you can use it now, this doesn't seem like a fix for the anonymity issue.
How? As far as I am aware, you can link an email to an account once it is created, though it doesn't really do much, but you require a phone number to create one. Indeed their website claims you need a phone number or Facebook account. I just tried registering using the Chrome extension and it required a phone number.
It appears you are correct. Now I wonder if that's changed recently or age is catching up with me. I've not used it in over a year, but what you said is definitely the case now.
> But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.
This is false: regardless of Telegram’s nags to upload my phone book to them, I find it quite easy to use the app without doing this.
> The fix Telegram is working on would allow users to disable matching by phone number. That option represents a balance between making it easy for users to find their contacts and the privacy needs of those who rely on the app for protection against state security agents.
> Telegram hopes to help protect Hong Kong protesters with the update, the source said. But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.
Make the match 2 way then.
If you both have reach other's number allow the match. If it's one sided - deny.
They should only notify users if they both have each other's phone. Otherwise it is trivial to create several thousands of accounts and upload thousands of numbers from each to get a mapping between an id and a phone number. Here is a quote from a head of Russian company that claims to do this:
> A phone number used by [Telegram] account @silovikicat was discovered using a program titled "Insider-Telegram" developed by the "Center of research of legitimacy and political protest". The head of the "Center" Eugene Venediktov explains: "Currently the database contains over 10 million of numbers. We just go through all possible numbers and check whether they are registered in Telegram: for example, we take all numbers starting with a prefix +7911 and check them. You automatically see all contacts from you address book in your Telegram, don't you? We just have a very "fat" address book with phones of all users from our country."
> When a phone number provided by Eugene is added into an address book, Telegram automatically matches it with account @silovikicat («Siloviks' cat»).
Having a phone number means that the government can track its rough location and know owner's identity.
This also means that other messengers using similar contact discovery allow to de-anonymize its users the same way.
Even better, Telegram should allow to register without a phone numbner (they could charge a little sum in Bitcoins if they are afraid that there will be bot registrations). This could even increase their user base because there are users who don't want to give away a phone number.
- fighting someone who controls Stripe well enough to browse transaction logs
- or you are fighting someone who can access your bank transactions (more likely in this case) and manage to correlate them correctly with Telegram account creation time
Both seems like huge steps forward compared to sms validation.
Furthermore: Bitcoin is not much safer for the ordinary citizen. If anything it is way easier to trace than cash and I guess slightly more different to trace than bank transfers.
Hmmm. Good point if Stripe use 2FA even if it would still be harder for the attacker as they would have to correlate payment - sms - account created - account joined group which is significantly harder to do than what is happening currently.
I guess what they'll do instead is to just outlaw Telegram :-|
Yep, expect no privacy in any app that requires a phone number. At least in most places. More than 150 governments require a proof of identity to purchase a SIM card.
> This also means that other messengers using similar contact discovery allow to de-anonymize its users the same way.
While I don't like to have messaging apps tied to the phone number, it has become a mainstream model that most people accept and know how to use.
I have been thinking for some time that we need a mainstream messaging app that uses end-to-end encrypted, and you can get in contact with a peer only if it accepts you (just like old messaging apps, WLM, ICQ, etc), so, if the peer doesn't accept to chat with you, you won't even know whether the number is registered.
In fact, my initial PoC is https://safer.chat/, I just need the time to make an app from it.
I have a question about Telegram. Let's say I have a number in my contacts, but the other side doesn't have my number in their contacts. So I can now see their name and picture and "last seen"? But can they see the same thing about me without having my number saved? Do they get notified at all? Seems really odd to do this one-way.
“But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.”
With only 200 users on the app me thinks adoption will be fast - think they forgot a “K”
Can we stop referring to Telegram as an "encrypted app"?
End-to-end encryption only works in "secret chats" and voice calls. Outside of those, it's as encrypted as HN is (connection happens over TLS, but that's about it).
A big pro of using phone #s is that it allows users to effectively take their social network with them from app to app instead of being locked in.
IMO phone numbers are a pretty terrible system (you would never ask people to remember dozens of IP addresses for all the websites they want to visit but historically people have been expected to remember phone #s for all the people they want to contact), but they are the system we have and it could be worse.
Signal also needs a phone# to activate & iirc, if you have someone's phone number in Contact List, they'll appear, so sort of same issue may be. Only one I know of so far not needing a phone# is Wire.
This was covered in other news pieces. In Signal, your number gets exposed to everyone else in the group (similar to WhatsApp). The protestors didn’t want their numbers to be exposed to other people they were talking to. Telegram doesn’t, by default, show your number to others you chat with unless you choose to. Telegram also allows usernames to be used to contact and refer to people. The other factor is that Telegram allows really large groups (like 200K members), which Signal and WhatsApp don’t.
telegram rolls their own encryption. Anyone who does this should label their software as experimental, and not to be trusted with sensitive information - and they should absolutely not compare it to actual serious secure messaging apps. I gave up on Telegram long ago. As for me, Utopia messenger is much better. It is guaranteed to keep my chats securely locked. Check it out yourself https://beta.u.is
87 comments
[ 5.0 ms ] story [ 158 ms ] threadIf they were selling the HK protestors out to the Chinese government they would also say this.
True trustworthyness can only come from open source code and concepts designed into the protocol. I don't think this can be achieved on Apple's platform, might be possible on Android.
This is not a general proclamation.
Everything you said about open-source applies to Android too. At the very least all kinds of backdoors are in Android phone because of chip firmware. But I guess you might be alluding to the fact that Tim Cook handed over Apple iCloud keys to the Chinese govt.
Smart contract enables the true transparent and honest program but the technology is not ready yet. It is still early days.
Especially on Google platform with every click tracking.
> The app automatically matches phone numbers with the user names in the group. Chinese authorities then only need to request the owners of the phone numbers from the local telecom service in order to learn the users’ true identities.
> Telegram has detected evidence that Chinese authorities may have uploaded numbers to identify protesters, said a person with direct knowledge of the situation.
Signal does/did this too: https://news.ycombinator.com/item?id=12590979
Isn't there a secure messaging app that doesn't require a phone number and doesn't ask me to upload my contacts?
This is a flaw common to services that rely on phone numbers as IDs. In many countries, one cannot purchase a SIM card without showing ID (and the seller makes a photocopy of the ID to provide to the authorities). That means that there cannot be true anonymity. Know the phone number, know the person.
I am always baffled when people claim that PGP-encrypted e-mail is passé because it leaks metadata, when Signal and Telegram leak metadata too and, furthermore, metadata that can be immediately associated with a specific person in many countries.
Here in New Zealand, I can freely purchase any prepay SIM without ID and use it straight away. Most, if not all dairies carry them too.
In Germany you now apparently need to show ID and provide an address, though no proof of residence so any address seems acceptable.
NZ is obviously loose due to large number of tourists, I reckon. So easy to get SIM cards, I've got 2 (spark and 2 degrees). US also requires ID to get SIM last time I was in bay area (2016).
Pretty sure they all do. I've used prepaid on all the major carriers and bigger MVNOs and I needed to give some form of ID to the signup process.
You can even purchase cards without ID that also work in Mainland China and aren't subject to the great firewall.
The problem is this would both a) need to be used by Signal as the primary number ID b) your friend would need to know this separate number just for chat (unless you also use it for calls and other stuff then no biggie)
Of course this also kills new friend discovery, which is probably not needed by most.
I haven't tried using SIP on my phone app while simultaneously having a SIM number so I'm not sure Signal can be routed through an arbitrary number on your phone. But I could be wrong. Maybe someone else knows?
It is dangerous to use such messengers like Signal (or Telegram) with a real phone number.
Which I've done personally for many years. They won't tell you it's possible at the stores but they don't ask questions if you say you forgot your drivers licence at home.
Fortunately that's not the only identity separation you can create, which IMO is as or more important day to day than encryption and other technical solutions.
But nothing beats limiting government power through policy which seems to unpopular these last few decades.
https://linecorp.com/en/security/article/35
*Untrue. See comments below.
https://linecorp.com/en/security/article/164
This is false: regardless of Telegram’s nags to upload my phone book to them, I find it quite easy to use the app without doing this.
I will never understand why apps that profess allegiance to privacy upload entire contact lists.
Sure, users will complain it’s harder. They’ll always complain, but you’re protecting them and their contacts who have NOT provided consent.
> Telegram hopes to help protect Hong Kong protesters with the update, the source said. But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.
Make the match 2 way then.
If you both have reach other's number allow the match. If it's one sided - deny.
Can't these tech companies be charged for aiding law breakers?
> A phone number used by [Telegram] account @silovikicat was discovered using a program titled "Insider-Telegram" developed by the "Center of research of legitimacy and political protest". The head of the "Center" Eugene Venediktov explains: "Currently the database contains over 10 million of numbers. We just go through all possible numbers and check whether they are registered in Telegram: for example, we take all numbers starting with a prefix +7911 and check them. You automatically see all contacts from you address book in your Telegram, don't you? We just have a very "fat" address book with phones of all users from our country."
> When a phone number provided by Eugene is added into an address book, Telegram automatically matches it with account @silovikicat («Siloviks' cat»).
Having a phone number means that the government can track its rough location and know owner's identity.
This also means that other messengers using similar contact discovery allow to de-anonymize its users the same way.
[1] (in Russian) https://meduza.io/feature/2019/08/10/kto-takoy-tovarisch-may...
It’s just like Venmo. I’m seeing users in my newsfeed because they’re in my contacts but not because we added each other. Really bizarre.
- fighting someone who controls Stripe well enough to browse transaction logs
- or you are fighting someone who can access your bank transactions (more likely in this case) and manage to correlate them correctly with Telegram account creation time
Both seems like huge steps forward compared to sms validation.
Furthermore: Bitcoin is not much safer for the ordinary citizen. If anything it is way easier to trace than cash and I guess slightly more different to trace than bank transfers.
Or am I missing something?
I guess what they'll do instead is to just outlaw Telegram :-|
While I don't like to have messaging apps tied to the phone number, it has become a mainstream model that most people accept and know how to use.
I have been thinking for some time that we need a mainstream messaging app that uses end-to-end encrypted, and you can get in contact with a peer only if it accepts you (just like old messaging apps, WLM, ICQ, etc), so, if the peer doesn't accept to chat with you, you won't even know whether the number is registered.
In fact, my initial PoC is https://safer.chat/, I just need the time to make an app from it.
With only 200 users on the app me thinks adoption will be fast - think they forgot a “K”
an "M" - 200 million users as of March 2018. https://telegram.org/blog/200-million
Btw why all these apps require a phone #? Is it required by the gov?
End-to-end encryption only works in "secret chats" and voice calls. Outside of those, it's as encrypted as HN is (connection happens over TLS, but that's about it).
It is terribly unlikely that they’d have their users best interest in mind.
IMO phone numbers are a pretty terrible system (you would never ask people to remember dozens of IP addresses for all the websites they want to visit but historically people have been expected to remember phone #s for all the people they want to contact), but they are the system we have and it could be worse.