87 comments

[ 5.0 ms ] story [ 158 ms ] thread
If Telegram were protecting the identity of HK protestors they would say this.

If they were selling the HK protestors out to the Chinese government they would also say this.

True trustworthyness can only come from open source code and concepts designed into the protocol. I don't think this can be achieved on Apple's platform, might be possible on Android.

No, it's impossible to know what code is running on someone else's server. If you give your phone number to someone, you are at their mercy to keep it confidential.
The article is discussing specific features that Telegram is adding to make it harder to do matching on numbers to identify aliases.

This is not a general proclamation.

I think it's hard to make an argument that China has a lot of leverage on Telegram as an organization, but that could change in years to come. A decade ago, no one really thought Google would become this hostile to users and even seek to collaborate with the CPC govt and its totalitarian vision.

Everything you said about open-source applies to Android too. At the very least all kinds of backdoors are in Android phone because of chip firmware. But I guess you might be alluding to the fact that Tim Cook handed over Apple iCloud keys to the Chinese govt.

Knowing the founder, find it hard to believe. The guy who fled Russia to avoid persecution has little tolerance for any government trying to mess with people's privacy. Culturally, Russia itself has a lot more in common with the west. China is completely separated, from, I would say, the rest of the world, in terms of mentality. It's even different from most Asian countries and Hong Kong. Find it hard to imagine why would anyone cooperate with China on doing things the western world considers immoral and unacceptable.
I am not sure how open sourcing the code would help? If they have a bad intent, they could publish a "clean" source code and deploy something else.
You can compile the open source and compare the result to the version on the store.
The protestors aren't using the encryption features. They just don't want their phone numbers to be revealed as being associated with the groups used to coordinate the demonstrations.
True for the client side but you can not be sure on the server side.

Smart contract enables the true transparent and honest program but the technology is not ready yet. It is still early days.

> might be possible on Android.

Especially on Google platform with every click tracking.

> Protesters believe Chinese security officials have exploited the function by uploading large quantities of phone numbers.

> The app automatically matches phone numbers with the user names in the group. Chinese authorities then only need to request the owners of the phone numbers from the local telecom service in order to learn the users’ true identities.

> Telegram has detected evidence that Chinese authorities may have uploaded numbers to identify protesters, said a person with direct knowledge of the situation.

Signal does/did this too: https://news.ycombinator.com/item?id=12590979

Not the same thing. The flaw in Telegram happens with the group feature.
Are you sure? I wanted to install Telegram and it insisted on having the contacts permission from the get go. I think it's sending contacts to their database so they can match friends.

Isn't there a secure messaging app that doesn't require a phone number and doesn't ask me to upload my contacts?

Matrix doesn't ask for anything. But I wouldn't use it for super critical things, cause the user interface (of the Riot client) is confusing enough that I'm afraid I'll make mistakes in verifying devices or fingerprints or something. Weird things happened when I tried it myself (I got more device IDs than devices, and I'm not sure where the other ones came from ... )
> The app automatically matches phone numbers with the user names in the group. Chinese authorities then only need to request the owners of the phone numbers from the local telecom service in order to learn the users’ true identities.

This is a flaw common to services that rely on phone numbers as IDs. In many countries, one cannot purchase a SIM card without showing ID (and the seller makes a photocopy of the ID to provide to the authorities). That means that there cannot be true anonymity. Know the phone number, know the person.

I am always baffled when people claim that PGP-encrypted e-mail is passé because it leaks metadata, when Signal and Telegram leak metadata too and, furthermore, metadata that can be immediately associated with a specific person in many countries.

re: needing an ID for SIM cards, that's interesting!

Here in New Zealand, I can freely purchase any prepay SIM without ID and use it straight away. Most, if not all dairies carry them too.

I recently visited what is apparently a prepaid-SIM-without-ID island of the Czech Republic, accustomed to places where registration is required. The person in the telecom store selling me the SIM looked at me with an almost disarming "this is the Czech Republic" look when I asked if she needed to see my passport.

In Germany you now apparently need to show ID and provide an address, though no proof of residence so any address seems acceptable.

In Germany, I need to do PostIdent or handover my address+copy of my ID/passport to buy a SIM card. To further check things, telecom sends letters to corresponding address too sometimes.
Not over the border in Australia.
Not the same crossing the Tasman sea. It's mixed in Australia. One can only have 5 pre-paid mobile numbers under 1 name (activation limit). However, you can still buy SIM packs from supermarkets or convenient stores, not sure if activation requires ID, it may depend on provider.

NZ is obviously loose due to large number of tourists, I reckon. So easy to get SIM cards, I've got 2 (spark and 2 degrees). US also requires ID to get SIM last time I was in bay area (2016).

> not sure if activation requires ID

Pretty sure they all do. I've used prepaid on all the major carriers and bigger MVNOs and I needed to give some form of ID to the signup process.

In Russia one cannot (in theory; actually it's possible sometimes). In Japan an ID is required as far as I know.
In Japan ID is required for voice service, but I think not for data only.
You can't sign up for Signal with a data only SIM
Yes, you can. Data only SIM cards can receive SMS's. At least in Portugal they do.
Oh, interesting. I don’t think they can in Japan
I can confirm that you don't need an ID for data only in Japan.
The same is true in Hong Kong, no ID required.

You can even purchase cards without ID that also work in Mainland China and aren't subject to the great firewall.

VOIP numbers are much more anon-accessible. You can buy a ready to go google account with voice enabled if you know where to look.
Anyone can get a phone number anonymously from https://jmp.chat/ if they like. JMP lets you signup over Tor, and after the free trial you can pay in Bitcoin or other cryptocurrencies to keep the number.
You also don't need to use these private numbers with friends, keep your main number and just use this or some voip number for stuff you want private.

The problem is this would both a) need to be used by Signal as the primary number ID b) your friend would need to know this separate number just for chat (unless you also use it for calls and other stuff then no biggie)

Of course this also kills new friend discovery, which is probably not needed by most.

I haven't tried using SIP on my phone app while simultaneously having a SIM number so I'm not sure Signal can be routed through an arbitrary number on your phone. But I could be wrong. Maybe someone else knows?

Furthermore, a phone number allows the government to determine rough location in real time or see an archive of previous locations for several months. Also, in some countries (guess which) all SMS messages and phone calls are recorded and stored for at least 6 months.

It is dangerous to use such messengers like Signal (or Telegram) with a real phone number.

Unless of course you don't tie your real identity to your phone plan or more accurately your IMEI.

Which I've done personally for many years. They won't tell you it's possible at the stores but they don't ask questions if you say you forgot your drivers licence at home.

As stated above, in many countries you have to by law
Didn't say it was, but the ones requiring IDs are more the exception than the rule, meaning hundreds of millions of people, and hardly anyone knows to do it so it's worth mentioning.

Fortunately that's not the only identity separation you can create, which IMO is as or more important day to day than encryption and other technical solutions.

But nothing beats limiting government power through policy which seems to unpopular these last few decades.

Is it the exception? Every country I’ve bought a SIM card in recently has required a passport or ID
Requiring IDs is not the exception these days. Also, limiting government power through policy seems unpopular because it doesn't work.
Only if you're actually actively using a SIM card with that phone number, no?
Then don't use so called 'secure' services that rely on phone numbers. There exist plenty of secure chat apps that don't have this flaw. LINE is probably my favorite.
Doesn't LINE require a phone number or a Facebook account? Seeing as Facebook will often ask for a photo of you to verify your account before you can use it now, this doesn't seem like a fix for the anonymity issue.
You can sign up with a phone number or email address.

*Untrue. See comments below.

How? As far as I am aware, you can link an email to an account once it is created, though it doesn't really do much, but you require a phone number to create one. Indeed their website claims you need a phone number or Facebook account. I just tried registering using the Chrome extension and it required a phone number.

https://linecorp.com/en/security/article/164

It appears you are correct. Now I wonder if that's changed recently or age is catching up with me. I've not used it in over a year, but what you said is definitely the case now.
> But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.

This is false: regardless of Telegram’s nags to upload my phone book to them, I find it quite easy to use the app without doing this.

You are correct.

I will never understand why apps that profess allegiance to privacy upload entire contact lists.

Sure, users will complain it’s harder. They’ll always complain, but you’re protecting them and their contacts who have NOT provided consent.

I just tried installing it again and it's asking for contacts permission on every operation.
Why not use Hacker News to Organize a protest?
HN is so obviously controlled by globalist interests.
The only actual way to protect them is to purge any potentially compromising data immediately.
> The fix Telegram is working on would allow users to disable matching by phone number. That option represents a balance between making it easy for users to find their contacts and the privacy needs of those who rely on the app for protection against state security agents.

> Telegram hopes to help protect Hong Kong protesters with the update, the source said. But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.

Make the match 2 way then.

If you both have reach other's number allow the match. If it's one sided - deny.

So Telegram will break China's laws.

Can't these tech companies be charged for aiding law breakers?

This should have been a feature from the beginning. Not everyone wants their Telegram profile to be discoverable by anyone who has their number.
They should only notify users if they both have each other's phone. Otherwise it is trivial to create several thousands of accounts and upload thousands of numbers from each to get a mapping between an id and a phone number. Here is a quote from a head of Russian company that claims to do this:

> A phone number used by [Telegram] account @silovikicat was discovered using a program titled "Insider-Telegram" developed by the "Center of research of legitimacy and political protest". The head of the "Center" Eugene Venediktov explains: "Currently the database contains over 10 million of numbers. We just go through all possible numbers and check whether they are registered in Telegram: for example, we take all numbers starting with a prefix +7911 and check them. You automatically see all contacts from you address book in your Telegram, don't you? We just have a very "fat" address book with phones of all users from our country."

> When a phone number provided by Eugene is added into an address book, Telegram automatically matches it with account @silovikicat («Siloviks' cat»).

Having a phone number means that the government can track its rough location and know owner's identity.

This also means that other messengers using similar contact discovery allow to de-anonymize its users the same way.

[1] (in Russian) https://meduza.io/feature/2019/08/10/kto-takoy-tovarisch-may...

This feature should never have been enabled in this one-way manner but being a social platform means trying everything to get users tied down to it.

It’s just like Venmo. I’m seeing users in my newsfeed because they’re in my contacts but not because we added each other. Really bizarre.

Even better, Telegram should allow to register without a phone numbner (they could charge a little sum in Bitcoins if they are afraid that there will be bot registrations). This could even increase their user base because there are users who don't want to give away a phone number.
Agree, except for Bitcoin (or rather, have Bitcoin but Stripe and other options as well.)
That defeats the purpose, no?
No, only if you are

- fighting someone who controls Stripe well enough to browse transaction logs

- or you are fighting someone who can access your bank transactions (more likely in this case) and manage to correlate them correctly with Telegram account creation time

Both seems like huge steps forward compared to sms validation.

Furthermore: Bitcoin is not much safer for the ordinary citizen. If anything it is way easier to trace than cash and I guess slightly more different to trace than bank transfers.

Or am I missing something?

If you need anonymity you could buy a prepaid VISA
That sounds like the perfect way to test stolen credit cards. In high-risk transactions, Stripe uses SMS 2FA so you're back to needing a SIM card.
Hmmm. Good point if Stripe use 2FA even if it would still be harder for the attacker as they would have to correlate payment - sms - account created - account joined group which is significantly harder to do than what is happening currently.

I guess what they'll do instead is to just outlaw Telegram :-|

Yep, expect no privacy in any app that requires a phone number. At least in most places. More than 150 governments require a proof of identity to purchase a SIM card.
> This also means that other messengers using similar contact discovery allow to de-anonymize its users the same way.

While I don't like to have messaging apps tied to the phone number, it has become a mainstream model that most people accept and know how to use.

I have been thinking for some time that we need a mainstream messaging app that uses end-to-end encrypted, and you can get in contact with a peer only if it accepts you (just like old messaging apps, WLM, ICQ, etc), so, if the peer doesn't accept to chat with you, you won't even know whether the number is registered.

In fact, my initial PoC is https://safer.chat/, I just need the time to make an app from it.

I have a question about Telegram. Let's say I have a number in my contacts, but the other side doesn't have my number in their contacts. So I can now see their name and picture and "last seen"? But can they see the same thing about me without having my number saved? Do they get notified at all? Seems really odd to do this one-way.
“But wide adoption of the optional security setting would make the app far harder to use for the vast majority of its more than 200 consumers, who rely on uploading phone contacts to identify friends and family members on the app, the source said.”

With only 200 users on the app me thinks adoption will be fast - think they forgot a “K”

That’s when you realize that every insignificant feature Signal was working on is actually freaking useful in real life.

Btw why all these apps require a phone #? Is it required by the gov?

Can we stop referring to Telegram as an "encrypted app"?

End-to-end encryption only works in "secret chats" and voice calls. Outside of those, it's as encrypted as HN is (connection happens over TLS, but that's about it).

Also there are no secret chats on desktop client at all.
A freeware protecting privacy of the people from the government they pay to protect their privacy (among other things).
Just a reminder that Telegram has shipped deliberate backdoors in the past https://habr.com/post/206900/

It is terribly unlikely that they’d have their users best interest in mind.

There’s also that tidbit from the Steele Dossier about it being cracked.
the obsession with phone numbers is crazy, we should stop to use them as ID
A big pro of using phone #s is that it allows users to effectively take their social network with them from app to app instead of being locked in.

IMO phone numbers are a pretty terrible system (you would never ask people to remember dozens of IP addresses for all the websites they want to visit but historically people have been expected to remember phone #s for all the people they want to contact), but they are the system we have and it could be worse.

These are good news. But, why don't they use Signal to start with?
Signal also needs a phone# to activate & iirc, if you have someone's phone number in Contact List, they'll appear, so sort of same issue may be. Only one I know of so far not needing a phone# is Wire.
This was covered in other news pieces. In Signal, your number gets exposed to everyone else in the group (similar to WhatsApp). The protestors didn’t want their numbers to be exposed to other people they were talking to. Telegram doesn’t, by default, show your number to others you chat with unless you choose to. Telegram also allows usernames to be used to contact and refer to people. The other factor is that Telegram allows really large groups (like 200K members), which Signal and WhatsApp don’t.
telegram rolls their own encryption. Anyone who does this should label their software as experimental, and not to be trusted with sensitive information - and they should absolutely not compare it to actual serious secure messaging apps. I gave up on Telegram long ago. As for me, Utopia messenger is much better. It is guaranteed to keep my chats securely locked. Check it out yourself https://beta.u.is