this post was submitted on 02 Oct 2024
209 points (100.0% liked)

Privacy

789 readers
48 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Telegram CEO Pavel Durov recently announced that Telegram would be handing over user data (such as phone numbers and IP adresses) to the authorities. Now it turns out that it has been doing so since 2018.

My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

To reduce confusion, last week, we streamlined and unified our privacy policy across different countries.

Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.

Full text of the post.📰 My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

🌐 Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

⚖️ Whenever we received a properly formed legal request via relevant communication lines, we would verify it and disclose the IP addresses/phone numbers of dangerous criminals. This process had been in place long before last week.

🤖 Our @transparency bot demonstrates exactly that. This bot shows the number of processed requests for user data.

✉️ For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

📈 In Europe, there was an uptick in the number of valid legal requests we received in Q3. This increase was caused by the fact that more EU authorities started to use the correct communication line for their requests, the one mandated by the EU DSA law. Information about this contact point has been publicly available to anyone who viewed the Telegram website or googled “Telegram EU address for law enforcement” since early 2024. 

🤝 To reduce confusion, last week, we streamlined and unified our privacy policy across different countries. But our core principles haven’t changed. We’ve always strived to comply with relevant local laws — as long as they didn’t go against our values of freedom and privacy.

🛡 Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.

top 42 comments
sorted by: hot top controversial new old
[–] zante@lemmy.wtf 44 points 1 month ago (2 children)

Everyone was told, from the outset , not to trust telegram. Amnesty International, the EFF, the cryptography community all said this as long as 10 years ago.

It’s actually pathetic to read a Russian talking about how it was “built for activists and not criminals “ . What a worm.

[–] drwho 10 points 1 month ago

There are lots of things I could say to agree with you, but all I can do is gesture helplessly.

[–] delirious_owl@discuss.online 4 points 1 month ago

I don't think Russians actually thought that. Its just that if they publicly pointed out the issues with Telegram and publicly suggested better alternatives, bad things would happen to them.

ok this feels like a real hot take. but i am somewhat glad about this. in my country telegram has the reputation to be the nazi (and sometimes the pedo-) app. so i am not unhappy those people online activity can be used against them in court. That beeing said i can respect people who feel otherwise.

[–] delirious_owl@discuss.online 18 points 1 month ago (3 children)

Why do you think they (and Signal) require phone numbers?

[–] ByteOnBikes@slrpnk.net 13 points 1 month ago (1 children)

I've been calling this out for years.

And every time, some commenter goes, "Nu uh, look at their website bro! It's super private!"

[–] delirious_owl@discuss.online 3 points 1 month ago

Nuh uh! We've been telling people to avoid Telegram and Signal for years!

[–] jaypatelani@lemmy.ml 6 points 1 month ago
[–] dependencyinjection@discuss.tchncs.de 1 points 1 month ago (2 children)

Doesn’t signal allow signups without a phone now?

Also second SimpleX that the other person mentioned.

[–] khalil 1 points 1 month ago

AFAIK signal stil requires a phone numer for registration, however you now can add people by their username.

[–] delirious_owl@discuss.online 1 points 1 month ago

No, it gives usernames in addition to phone numbers. They refuse to remove the phone number requirement. How else could they help the feds identify your account?

[–] zephorah@lemm.ee 15 points 1 month ago (6 children)

This is really simple. Use Signal or WIRE. Proton or maybe Tutanota for email.

Avoid garbage like Telegram and FB Messenger. Discord as well.

[–] possiblylinux127@lemmy.zip 13 points 1 month ago* (last edited 1 month ago) (2 children)

Wire isn't that great. Definitely avoid email as it is riddled with problems that aren't easily fixable despite what the email companies tell you.

Simplex Chat, Signal or possibly Matrix

[–] delirious_owl@discuss.online 3 points 1 month ago (1 children)

I use Wire. Its the best option right now. Better than SimpleX, Signal, and Matrix for many reasons

[–] possiblylinux127@lemmy.zip 5 points 1 month ago (1 children)

It really isn't though

It is less secure, less private and less user friendly and is run by a company who I question.

[–] delirious_owl@discuss.online 1 points 1 month ago

If you enter a phone number you're already magnitudes less private

[–] delirious_owl@discuss.online 1 points 1 month ago

Wire is better than those imho

[–] floquant@lemmy.dbzer0.com 9 points 1 month ago (1 children)

There seems to be a gross misunderstanding of how everything works here. Any platform will need to provide data to authorities when "asked properly" - as in, receives an actual order from some enforcing body that has authority on the subject in question. No commercial company will fight the CIA in court to protect your data. The best you can hope for is that they minimize what kind of data they collect about you in the first place - in the case of E2EE, they will only have access to IPs and other metadata such as connection timestamps and nothing else. But all of the services you listed will collect at least IPs and most will do phone numbers as well. The only difference with Telegram is that they're transparent about it. You can either avoid using commercial platforms altogether, or use them in a way such that data retrieved from them will be useless. But believing that "Signal will never give my IP to law enforcement" is delusional.

[–] zephorah@lemm.ee 1 points 1 month ago

Proton had a recent subpeona they had to honor. All the data they had was yes, the dude has an email here. But no content. Granted, if you’re exchanging with a gmail account, it’s moot, for those exchanges anyway.

[–] sunzu2@thebrainbin.org 7 points 1 month ago (1 children)

That's the privacy starter pack.

Mid level is Linux, DeGoogled pbone, and openwrt on the router

Make your fed work for you! You pay him a healthy wage for it 🐸

[–] zephorah@lemm.ee 1 points 1 month ago

GrapheneOS. Faraday bags. Depends on you and how far you want to take it. And how much you like and rely on dynamic maps.

[–] davel@lemmy.ml 6 points 1 month ago (4 children)
[–] drwho 13 points 1 month ago

Articles like this go very far toward chasing people away from things that work and toward things that are dangerous.

Like Telegram.

[–] LEVI@feddit.org 6 points 1 month ago* (last edited 1 month ago)

Oh boy, I never read the entire thing, but they can decrypt quantum encrypted messages, if that's true ( and I wish cryptography experts could debunk this ), if that's true, then the NSA has went too far with this open source honeypot.. perfection!

[–] possiblylinux127@lemmy.zip 3 points 1 month ago

It is way better than Telegram

[–] Petter1@lemm.ee 2 points 1 month ago

I hate signals take on anti federalism and that it forces you to have either iOS or realAndroid to set it up

Matrix is way better in that regard…

[–] clot27@lemm.ee 1 points 1 month ago

Does those apps have unlimited storage? Channel with unlimited subscribers? Or much more

[–] sibachian@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

I see a lot of people mention WIRE recently. Did everyone collectively forget how they sold out in 2019 and removed their canary (aka. compromised)?

In July 2019 Wire raised $8.2m investment from Morpheus Ventures and others. On July 18 of the same month, 100% of the company's shares have been taken over by Wire Holdings Inc., Delaware, USA.

[–] underisk@lemmy.ml 12 points 1 month ago (1 children)

Never trust a third party to keep your shit private. Especially if privacy is their main selling point.

[–] delirious_owl@discuss.online 2 points 1 month ago (1 children)

Foss code and client side encryption is fine.

[–] underisk@lemmy.ml 1 points 1 month ago* (last edited 1 month ago) (1 children)

If you can read and understand the code, sure. Otherwise you’re still just extending trust to someone perhaps less reputable than even the corporations who are dying to sell you out. For example, the back door some mysterious contributor slipped into xz recently.

My recommendation is to live life as if privacy on the internet did not exist, because it doesn’t.

[–] delirious_owl@discuss.online 1 points 1 month ago (1 children)

There is such a thing as credibility. You can extend trust to others that have credibility. For example, security audits from companies that are credible. Or, you use an app because a trustworthy techie friend of yours says they're safe.

But a prerequisite in all these cases is going to be FOSS code and client side encrypt.

[–] underisk@lemmy.ml 2 points 1 month ago (1 children)

Telegram had credibility. It was being used by journalists to protect sources.

You can extend trust to individuals but do not apply that to companies or organizations if you care at all about what they’re doing with what you give them. Not everyone has some mythical tech privacy wizard on call to give them perfect advice every time they open an account on an app or website.

Even client side encryption is not infallible. The algorithm you use will eventually be crackable and probably sooner than you think. Nothing lasts forever.

The most foolproof way to ensure something remains private is to not put it on the internet at all.

[–] delirious_owl@discuss.online 1 points 1 month ago

Fortunately we have folks like Freedom of the Press Foundation, who provide trainings to journalists

[–] Phoenicianpirate@lemm.ee 9 points 1 month ago (1 children)

Good thing I never trusted it.

[–] quant@leminal.space 3 points 1 month ago

Implementing an in-house encryption was raising eyebrows already back then. No e2ee as default was also a red flag since it gives users without proper knowledge a false sense of security.

[–] dwt@feddit.org 8 points 1 month ago (1 children)

Surprised pikachu face….

[–] Mojeek@lemmy.ml 2 points 1 month ago

noone expected this

[–] todd_bonzalez@lemm.ee 8 points 1 month ago (1 children)

This is a wild admission. Not only does it show that Telegram completely betrayed all of their users, but it also reveals that they know about all the terrorism and child porn channels on their service, and deliberately didn't delete them.

[–] grrgyle@slrpnk.net 3 points 1 month ago

If I'm being charitable I could presume that they left them so as to not disrupt sting operations

[–] ReluctantZen@feddit.nl 4 points 1 month ago

You mean they've lied all along?

[–] sparky@lemmy.federate.cc 1 points 1 month ago* (last edited 1 month ago)

Pretty sure this is the same as every other messaging app - metadata is never protected information. The contents of the messages may be encrypted to some extent (which on Telegram they are, not end-to-end as with iMessage, but they’re not plain text), however your IP address, username, etc are subject to subpoena on any messaging platform.