And posted poll to vote for new president with some clever restrictions.
Anyone can vote, but you can't choose options with candidates if your phone number is not Balarusian.
"I am not from Belarus" is only available poll option to make your vote if your phone number is not Balarusian. There is currently 736'000 votes with that option.
Just in case anyone is wondering. The 'official' vote count for Thikhanovskaya is 588,622.
So regardless of how unbiased a sample it may be the Telegram poll shows over 2x as many people (or phone numbers to be exact), willing to vote for Thikhanovskaya (at the time of writing).
That's cool and all, except everyone in that country had 2 sim cards with 2 numbers. They don't have free long distance over there, nor are plans for cheap text+data the same plans as cheap calls. So I take this information to mean this poll was useless.
Everyone who voted could vote twice, and felons and kids voted too.
Unless you’ve got some info to show that the distribution of people with 2 sims, or with kids, isn’t the same across different voting populations across the country, what you’re pointing out is irrelevant to the ratio of votes between the candidates, and only pertinent to the absolute numbers.
Who has the burden of proof here? Should disparity in SIM card ownership be proven? Or the fact that they are evenly distributed be proven? Few things in life are evenly distributed, disparity is the norm!
Nice euphemism. Yes, it is one the areas where America is truly a backward nation. Here's hoping we can finally correct the systemic issues undermining our representative democracy and can thus have a more progressive government come 2021.
I hope for that as well, it is quite hard to watch for everybody with a heart. In fact this empathy/pain might be the only reason I'd even bother to formulate my response..
On the human rights front? Compared to most of the rest of the world they are extremely developed. At least free speech is protected which is more than can be said for most common of Europe now.
You will be hard pressed to find an index that aims to measure Human Rights where the US scores better than the main European countries such as Germany, UK, France, Italy, Netherlands etc.
Press Freedom Index [1]: Nope
Human Rights Scores & Human Rights Violations [2]: Nope and nope
Can you share some examples of large infringements on freedom of speech that happened in well developed European countries?
Given the examples of police brutality related to protests that I've seen in the US just this year I doubt you'll be able to provide any examples that are more worrying than that.
Simon Singh was successfully sued by the British Chiropractic association for pointing out they are quacks. (Edit to add: I just checked and he appealed a point of law successfully and then they withdrew — https://en.wikipedia.org/wiki/British_Chiropractic_Associati... — but as I understand it such a case would be laughed out of a US court.)
Although I'd agree with the general point that whilst America has good theoretically human rights, the EU is better at actual rights (and in particular, rights against corporations).
> That's cool and all, except everyone in that country had 2 sim cards with 2 numbers.
This is not true. Some people have multiple SIM cards, but it is not even remotely close to "everyone". Based on numbers that I found, multiple SIMs have around 30% people.
The problem with that approach is that it’s clearly biased towards the younger generations who are tech savvy. But it’s mostly the older people who would’ve voted for Luk.
Note, I don’t support Luk in anyway, just pointing out the bias.
Altho it does uncover the fact that the results are fabricated. But it’s not like anyone was doubting that anyways.
Come on... I don't believe this. My whole extended family below 90 is using actively some varying portion of these: Viber (most used), WhatsApp, Facebook messenger. They are mostly spread in Turkey, Bulgaria and (to a lesser extend) the rest of Europe and some in the US. Grandmas use Viber regularly to share pics of their great-grandchildren with their first cousins (other grandmas). They send holiday wishes, news etc. And my people are not better educated compared to the rest of our part of the world. Everyone is very engaged with politics (mostly for or against Erdogan).
I don't believe Belarus is any different. Yeah, younger people are probably more likely to vote in such a thing, still, I don't think the bias is huge.
I’m from Eastern Europe myself. Yes older folks have accounts, but they aren’t active users. They wouldn’t join groups. They wouldn’t vote in the app. My parents in law are a testament to that. They too have all of those apps, yet they can’t even tell the difference between WhatsApp and Viber. We ask them to call us on WhatsApp and they’ll try to call on viber or Skype and then wonder why we are not answering and if there’s anything wrong with us :)
2.3M voted in a poll, 59% from Belorussian phone numbers. That's 1.36 M or 17% of the eligible voter pool. 51% of these are for the secondary candidate.
This doesn't reconcile with the official numbers regardless of how you massage them.
Sample size is not everything "Literary Digest poll was also one of the largest and most expensive polls ever conducted, with a sample size of around 2.4 million people" The large size by itself does not guarantee correctness https://www.math.upenn.edu/~deturck/m170/wk4/lecture/case1.h...
> Sample size is not everything "Literary Digest poll was also one of the largest and most expensive polls ever conducted, with a sample size of around 2.4 million people" The large size by itself does not guarantee correctness https://www.math.upenn.edu/~deturck/m170/wk4/lecture/case1.h...
But isn't that really only the case when you're trying to use statistical inference to generalize from a sample? It seems like the right way to think about this poll is as a direct measurement of a floor of support for the challenger (others have said that is >2x the her official vote count), and the right statistical question is to ask is what's the probability that the official results are true given that floor.
People who can vote officially and telegram accounts are not the same thing.
I'm sure we even teenagers could have found multiple phone numbers to vote in the telegram poll.
We can't exclude the possibility that If I were a foreign power with a military budget measured in trillions then the telegram poll would say exactly what I wanted it to say.
"Official" election results were giving Tsikhanoyskaya around half a million votes while over 1 million Telegram users with Belarusian phone numbers already said that they voted for her.
> As your poll size increases past a certain point, it does begin to guarantee correctness.
> An election is a poll with the size of all eligible voters.
I think you're oversimplifying the situation. Clearly, sample size alone doesn't have that much of a correctness guarantee, or according to your own statement, we'd be able to trust the official results.
> Clearly, sample size alone doesn't have that much of a correctness guarantee, or according to your own statement, we'd be able to trust the official results.
People are not complaining because the election is a biased sample of the population (not possible because by definition an election is open to all eligible voters).
People are complaining because they believe the government is not truthfully reporting the actual election results.
Yes, this is the point I am making. Sample size is but one of many factors that influence the reliability of a poll, and it is not the only consideration for good polling technique. A large sample does not mitigate those factors.
If there is an issue with the underlying polling technique, making the sample larger does not guarantee more correctness. You simply end up with a larger set of bad data.
Forget the percentage - there are more people who said they voted for the second-place contender than the second-place contender's official vote count.
Yeah I think Telegram, like Whatsapp, is adopted broadly enough not to bias too heavily in one direction. Definitely not 90%, and especially not if that “bias” matches the word on the street.
Biases are irrelevant. If you look a the numbers, there are more people saying they voted for the opposition on the Telegram pool than votes on the official pool. About 5 times as many.
What about the people under 18 who I assume could take the poll and also people who didn't go to vote but took a few seconds to take the poll on Telegram?
Also what about all the babushkas who most likely voted for Lukashenko but don't have a smartphone?
This is not to say that more people didn't vote for the opposition than the official numbers state. But Lukashenko still could have won.
We'll say Belarus has 1m people that are old enough to both have a smart phone and be under the legal voting age (and that's being extremely gracious). Unless you're saying literally EVERY ONE OF THEM voted in this poll AND voted for the opposition, there are STILL more people of voting age in the telegram poll who voted for the opposition than "officially" voted for the opposition. The numbers are nearly impossible to believe unless Telegram is intentionally fudging the numbers.
This is certainly damning data, but having a telephone in Belarus does not necessarily mean that person voted in the prior election. This is good evidence, but not a mathematical proof.
The people can lie to Telegram, Telegram can lie, somebody can attack the communications, somebody can attack the telephones, somebody can impersonate the numbers, all the Telegram voters can be from those 60% that didn't vote...
There are many ways that could happen. But it's pretty good evidence to add to the context, and the pile of evidence was already quite big.
Exactly, this is impossible to reconcile. Either there has been vote fraud or this people didn't actually go to the poll station. Or people can vote more than once.
Telegram? 5% of the world uses Telegram. And I bet the 50+ age demographic is heavily underrepresented in that subset. Significant sample bias shows up in US polling using mediums that are exponentially more widespread.
Nonetheless, I don't doubt the validity of these particular results, because I think we have enough corroborating evidence. We don't have to justify the rigorousness of a Telegram poll to come to that same conclusion.
Maybe Telegram is popular in Belarus, but there is one thing that is true all over the world: rates of technology literacy and access is lower for the old/poor/rural.
What we have here is a Sample, and in statistics (of which Polling is a discipline) you require a Randomized Sample of the Population before you can draw any meaningful conclusions.
Telegram users are not going to pass any "Randomness" scrutiny. For all we know, Telegram User A asks Telegram User B to take the poll, etc. That's not random, and can introduce all sorts of statistical bias.
What kind of a statistical bias would explain having 1 million Belariusian phone numbers claiming having voted for a candidate, that officially received around 0.5 million votes total?
It is simultaneously possible for the results to have statistical issues while also being good enough to provide utility as evidence for drawing some conclusions. You can both be right.
What does that have to do with the fact that the number of telegram users that voted for the opposition candidate exceeds the official number of voters that voted for the opposition candidate?
Also, they have to decide to actually use that second number to cheat in a Telegram poll significantly more often than people of the other party.
Otherwise you can only draw your error bars equally in both ways at once, and then they need to be pretty large before the numbers stop saying what they clearly are saying.
Especially if your poll is showing extremely lopsided results.
If a poll shows 80% for candidate A, you’d only need to hit 62.5% of the population to guarantee that candidate A would hit 50% of the vote even if the remaining 47.5% voted for other candidates.
"An election is a poll with the size of all eligible voters."
Not really though.
An election is ostensibly 'perfect sample of the electorate' (assuming everyone voted), which is what makes it 'good'.
It's very easy to get a 'very large sample size' that is still 'very inaccurate'.
In this case, we're talking about potential numbers larger than literal voters, which makes it interesting - but the sample size again is not the issues if we're looking at a 'poll'.
That is not what the OP is saying. They are indicating _not_ that the oppo party would win, but that the party in power is clearly lying about the results. If they are lying, then that calls for a new election.
According to the official numbers, of the 7.8 million eligible voters, 40% voted, and 7% of those voted for Tikhanovskaya. That's 218400 people.
According to the telegram poll, 1.184 million people voted for Tikhanovskaya. That's over 5x as many as according to the official numbers.
The sample size doesn't matter here, were talking absolute number. It seems pretty unlikely 5x more people (absolute number, not fraction) voted for her in a poll than in the real elections.
(I have not checked the source for the numbers, I've just assumed the above poster used the right ones)
The turnout was high indeed. As for the rest of the Wikipedia article, it is woefully incorrect. I will add up-to-date information to the "Voice" section and I hope others will fix factual errors in the Death section and other parts of that article.
Bear in mind that Wikipedia's policy is use "official" sources when in doubt. According to Wikipedia, Assange is a criminal. Snowden is a traitor.
"Bear in mind that Wikipedia's policy is use "official" sources when in doubt. According to Wikipedia, Assange is a criminal. Snowden is a traitor."
Not really.
They use credible sources as far as they can find them, their numbers on Belarus look like what the international press is reporting.
Wikipedia doesn't 'think' that Assange or Snowden are anything. They have long articles detailing their history, and possibly what some others might think.
Even in the worst case scenario, where each and every opposition voter took part in the poll, and literally everyone else voted for Lukashenko, this still prpves that the true result was at least 17% for opposition, which is more than the official results claim.
Did all the eligible voters who phone-polled actually vote?
Did they poll the way they actually voted?
Some people don't have two phones?
Can we trust that telegram doesn't have a flaw in the means by which it is measured? (i.e. register again with the same SIM, or something like that?)
It's nice that there is a phone number as validation, but this doesn't 'prove' anything.
Edit: I should add, apparently people are registering photos of their votes, which don't jibe with the tally, which is probably a much better indication of problems with voting [1]
With these numbers, there would need to be significant effort to fraud the Telegram poll. For no real benefit other than maybe propaganda.
Whom exactly benefits from that? It would have to be a nation-state, and they weren't exactly doing much about the situation before the "election".
What is more likely: that the existing dictator and his supporters made defrauded the election to keep power or that some unknown entity defrauded an Telegram poll for not much gain.
Unless Telegram poll's system was completely broken, but you'd expect other large polls to already have revealed that.
"For no real benefit other than maybe propaganda."
Propaganda and narrative is the whole name of the game here.
It's Telegram poll, there are any number of ways it could be messed up, including very easily someone sympathetic at Telegram (though I doubt this), it has no material credibility.
I can't tell if you are arguing that the original vote was less likely to be skewed than this one, or just that this one doesn't pass the highest bar that could be set for it.
I'm arguing it's an 'online poll' and subject to all sorts of possible issues. It's probably a decent indication of what seems to be some otherwise obvious fraud at the polls, it's just not 'proof' of anything really.
It's a fair point, not sure why there are downvotes. I still think it's extremely likely that the official numbers are bogus but you can't really accept the Telegram numbers as truth either.
"Official" figures have no ground in the reality. A crowdfunded campaign to check election results just produced a report, details are published in https://partizan-results.com/
People behind this campaign are starting to reveal their names at last. I know personally one of them.
My network says others are highly respectable as well.
Well, maybe that's simple enough to explain. Maybe scared citizens don't want to go and publicly vote for fear they're going to get the shit kicked out of them?
There is no need to invent scared citizens when corrupt election officials suffice.
From what I've seen of reporting in Belarus, nobody watched over the shoulder as people filled in their ballots. It's still a secret who any specific individual voted for (unless they choose to tell you).
Right, although the telegram results are still interesting enough to warrant a second look at the election from interested third parties (the media if that is free in Belarus, or the UN)
> Telegram users aren't exactly an unbiased sample
It's not quite a Telegram problem, voters in a protest poll are not an unbiased sample. This is why elections where one side denies the legitimacy of an election "invalid," in the "we all accept the results" sense.
Call it it petition, protest or public declaration. In that regard,the numbers are meaningful.
Wow. For context, there are less than 10M people total in Belarus, and ~16% of the population is under age 15. In order for the numbers to tally, the protests would necessarily have to be made up (almost) entirely of children.
"Poll shows that 1,184 million choose to vote for new president Tikhanovskaya."
It is possible that Telegram is being impartial and providing more honest statistics wrt. what the citizens want. But it's also the case the results are unverifiable data broadcasted from Telegram's server over TLS-equivalent connection. MITM attack of client-server encryption, as well as compromise of the server broadcasting the results allow the attacker to alter the voting results. People acting on those results will allow Telegram to bypass democratic processes. Not saying Belarus is a democracy, but if this sets a precedent it will turn Telegram into a tool of political power, and power, as always, will corrupt. Even if Durov's team is being fair and honest (which I find unlikely considering Durov is yet another Russian oligarch who made their money spying on VKontakte users), they're also useful fools creating yet another architecture with centralized control over user data.
Russian oligarch is very specific term[1], due to his age, Durov is missed time frame by 20 years to become one. Durov is Internet entrepreneur that is forced to become political expat, that's on the opposite spectrum from russian oligarch, like self made tech entrepreneur vs oil magnate trough inheritance.
why would that blow someone's mind? Obviously if you're on an "anti" communication channel with a revolutionary mindset of course the majority will be overwhelmingly high against the dictator. That's by definition what they are revolting against.
Even allowing for the fact some Belarusians have multiple mobile phone numbers, as do some people who aren't eligible to vote for perfectly normal reasons, it's quite telling that somebody polled twice as many votes on a communication channel compared with the official 'count'.
Underage people and foreigners are in the 'unable to vote for perfectly normal reasons' bracket. Extrapolating from census figures, you'd need pretty much every single person in the 13-17 age range to vote Tikhanovskaya to make up the disparity between Telegram and official tallies though. And if she got literally every teenager in the country to register a protest vote on a web app, there's a sneaking suspicion she might actually have got more than her 10% official tally with the adults too...
Is it possible to consider that either Telegram has a vested interest on it or someone can easily obtain a telephone number in Belarus and hack the results?
This is great, maybe we can use Telegram for the actual election, because if we're absolutely sure that this poll is clean and we use it to ask for a new election, why don't we just take the results officially? If we don't, well, maybe we should make no assumptions about the results either.
It's not surprising that every time Telegram pops up here, many comments miss the fact that Telegram has a great UX, a great feature set and also provides the kind of privacy protestors value, i.e., not having their phone numbers flashed to every random stranger in groups or to random channel owners whose channels you've subscribed to. With Telegram you cannot even do a phone number enumeration attack (this can be changed in settings) by adding phone numbers to your contacts list to find out who's using it.
And nope, Signal doesn't make the cut for the above reasons because it exposes your phone number to everyone else. WhatsApp is the same in this respect. Neither of them prevent enumeration attacks (they may slow that down a bit, but not sufficient enough to protect against state actors).
Wire and Element (Matrix) are comparatively better than Telegram, Signal and WhatsApp because you don't need a phone number to sign up and they also have end to end encryption for all chats (with Element it's a bit more recent). Hopefully more people can soon ditch phone number based apps that cause them to be vulnerable because of that vector.
Using Telegram is my guilty pleasure for sure. They just added video calling and it, like most of their other features, Just Works™.
Just don't send your passwords or whatever to your Telegram buds and you should be alright. Funny enough, here in the UK Telegram is mostly associated with shady stuff like drug dealers.
I was making this exact point today to a couple of friends. Telegram's features puts it way ahead of its competitors. While using it, I feel I'm charge and not the other way around (WhatsApp being the worst offender here).
With the recent addition of video calls, and if you judged only by its feature set, it could arguably be called the best messaging app at the moment.
As for countering the network effect, I do my part. I politely ask my acquaintances to message me through telegram for anything important.
The problem with telegram is, what is their buisnessmodell?
There is none at the moment.
Signal lives off donations.
WhatsApp off the Facebook datagrabbing connection
Matrix/Element from support/server renting
But Telegramm has invested a lot, but received no money in return yet. So, I suppose the current plan is to get dominant and then .. ROI with who knows?
I also use it right now. Creating and managing groups is easy. You can edit messages!
It is fast and reliable.
But I surely would not use it if I would be scared of the government.
It used to be the TON Blockchain, but that got shut down. If you're not familiar, Telegram is the pet project of Pavel Durov, the founder and ex-CEO of VK, which is essentially the Russian version of Facebook. I have no idea what the future holds, but he's quite wealthy and has been really successful in the past, so I'm not fearing the future right now.
When you realize end-to-end encryption is a necessary property of all features, you realize Telegram lacks even basic things like desktop clients, syncable chats, and group chats. Not so feature rich anymore ;)
E2E-encryption is really nice but not anymore necessary for most users of Telegram than for
- WhatsApp before they implemented it
- GMail (or any other mail service)
- Matrix (by default, until recently?)
- IRC
- SMS
- Letters in the mail
For some reason this has a tendency to boil down very quickly to
- E2E-encryptet === good, no further information needed
- anything else === bad, no further information needed
Which obviously isn't the whole truth:
It is far less likely give you trouble
- if you receive a stream of unencrypted postcards from Grandma on vacation
- than it is if you send and receive perfectly encrypted messages to/from a criminal mastermind over a channel that leaks metadata or by default backs up your data to any mainstream cloud provider.
The availability of metadata, who can access that metadata etc etc plays a role.
Telegram has significant problems, as far as I know both technically and also at higher levels, but for some reason someone always have to pull the E2E: Good, anything else: Bad.
Since E2E encryption is not enabled by default in Telegram, I believe it's used by 2% of their users at most. Messages of the rest can be read by Telegram team.
> Since E2E encryption is not enabled by default in Telegram, I believe it's used by 2% of their users at most.
You are probably answering another post here. I don't think it is intentional.
> Messages of the rest can be read by Telegram team.
Well, there are a number of ways to prevent that from happening easily.
I cannot verify this, but Telegram said years ago that they solved certain problems by routing keys and messages through different datacenters in different jurisdictions.
That said: the big question is if their solutions work and if it works that way? I don't know, they seem remarkable competent at certain aspects of what they do and other times I feel they suffer from the same thing that Elon Musk sometimes suffer from where they publicly state things that sound immediately unreasonable.
But that would be meaningful criticism so probably off topic in a Telegram bashing contest ;-)
"I cannot verify this, but Telegram said years ago that they solved certain problems by routing keys and messages through different datacenters in different jurisdictions."
Firstly, there is no proof of this happening. I've been looking for the documentation and/or source code for this for more than five years now, and it's never been published.
Secondly, even IF it was happening, the server that strips the in-transit encryption has access to the plaintext, and can copy the message to anywhere it damn pleases. It can write it to "plaintext-messages.txt" for all it cares, that's like two lines of Python in the backend.
Also, the servers creating database entries must by definition have the full database encryption key in its RAM, from where privileged processes can exfiltrate it (computer organization 101).
The thing is, there isn't technology out there that allows Telegram to do what it claims as securely as it claims. If they are indeed innovating on this, why aren't they publishing their research and proving their worth?
"they seem remarkable competent at certain aspects of what they do"
Yeah, you can be great at UX design and shitty at cryptography. That's perfectly fine. The fact they won't spend money to hire competent cryptographers is the shitty part. I don't know if it's this Russian pride wrt. Nikolai being an award winning mathematician, or if they don't really give a fuck and think damage control can mend the damage that resulted from nepotism.
Well, the first time they get hacked properly shows how shit the architecture was. We can only hope people will then ask "ok where the fuck did we go wrong, again, can we switch to something that fixed this once and for all", and that by then, Signal is usable enough for their needs.
> Firstly, there is no proof of this happening. I've been looking for the documentation and/or source code for this for more than five years now, and it's never been published.
I haven't found anything more either. See also below.
> Secondly, even IF it was happening, the server that strips the in-transit encryption has access to the plaintext, and can copy the message to anywhere it damn pleases. It can write it to "plaintext-messages.txt" for all it cares, that's like two lines of Python in the backend.
Theoretically, couldn't the client send the message to one server and the keys to a different set of servers? Clients would request the encrypted messages from one server and the keys from another?
It is still not nearly as good security as proper E2E-encryption but should still be possible to set up so that a single rogue sysadmin cannot get hold of messages.
> Also, the servers creating database entries must by definition have the full database encryption key in its RAM, from where privileged processes can exfiltrate it (computer organization 101).
The thing is, there isn't technology out there that allows Telegram to do what it claims as securely as it claims. If they are indeed innovating on this, why aren't they publishing their research and proving their worth?
See above. As long as they don't do serverside search or anything this should be possible?
> "they seem remarkable competent at certain aspects of what they do"
Yeah, you can be great at UX design and shitty at cryptography. That's perfectly fine.
Definitely.
As mentioned before I prefer Signal. I actually like your answer.
We need more of these answers and less:
- X is definitely in the pocket of FSB.
- E2E or nothing!
- Use WhatsApp or nothing!
Hey, even tptacek went as far as admitting this at some point:
Theoretically, couldn't the client send the message to one server and the keys to a different set of servers? Clients would request the encrypted messages from one server and the keys from another?
That would imply client-side encrypted cloud backups, with external key management which isn't the case in Telegram, if it were it could be shown from client-side code. Also, even if that would be the case, it would just need combining key and ciphertext in once place which is again the weak link.
Also, there's no way the search would work as fast as it does now if key /ciphertexts would have to be transported via servers, and finally, since it's a single server that can request data (I have checked the destination IPs), anything of the sort is not happening.
"should still be possible to set up so that a single rogue sysadmin cannot get hold of messages."
I'm afraid that's not possible. When the message arrives to server and the outer layer that is in-transit encryption is stripped, what must remain is the plaintext message, or a message that the server can not decrypt. Such technology already exists, it's called end-to-end encryption. If there was a simpler way to protect from malicious servers, there wouldn't be a need for E2EE communication ;)
"See above. As long as they don't do serverside search or anything this should be possible?"
So no that wouldn't work in practice. Proper cryptographic design in secure messaging apps doesn't distinguish between entities on server who have access to keys. "Jack has one part of the key and Jill has another, but they will never collude or get hacked at the same time" is very bad security rationale.
"- X is definitely in the pocket of FSB."
Well, the problem here is, if the scenario is this "Telegram is secretly in the pocket of the FSB and they're giving access to every message on their server" I can't say "No way, it's all end-to-end encrypted they have nothing to give". I can say that for Signal, however, so I'd rather recommend it instead, and actually, because I can't say Telegram definitely isn't in the pocket of FSB, I don't think it should be used. I hope you understand this requirement of verifiability. If Telegram really wanted to lock themselves from user data, the would've implemented E2EE from the get go.
"E2E or nothing!"
Not sure what to make of this, I haven't heard anyone claim no encryption is better than weaker encryption. But wrt. message confidentiality, since there is no difference when it comes to service provider obtaining the plaintext copy, it's hard to not say "don't use it if it's not E2EE".
"- Use WhatsApp or nothing!"
Another complex problem that boils down to trusting WA has not changed source code after Moxie helped implement Signal Protocol. Like I said earlier, there's maybe a 1..2% chance of backdoor that allows WA to snoop on it's E2EE. So if for some reason one would have to compare these particular ones (IRL this is what we'd call a false dilemma), I'd say
1. Telegram secret messages for one-on-one chats
2. WhatsApp group messages
3. Telegram group messages
WhatsApp may have 1..2% chance of backdoor, but with Telegram I know there's a front door with 100% probability.
If we forget the false dilemma, suddenly Signal solves all of our woes wrt. cross-platform private one-on-one chats and group chats.
"Hey, even tptacek went as far as admitting this at some point:"
Let's not put his words "almost literally any secure messenger is better than email."
Firstly, that assumes he considers Telegram a secure messenger. Secondly, encrypted email has serious problems with deniability (which we'll ignore this time) and forward secrecy: in those respects Telegram's E2EE is better, sure, but E2EE email for group chats (Assuming the client knows how to reply individually to all, and to use each individual's PGP key to protect it) is again more private than Telegram's group chats.
I always took the claim of routing keys and messages in different jurisdiction to be about not writing them to storage in those jurisdiction, not about not having them in RAM.
the idea being that there can be an internal policy to shut down the server and wipe the ram but it is harder to do with drives.
I also have a question since you probably can answer: can E2E offer a similar user experience to what normal telegram chats offer?
" I always took the claim of routing keys and messages in different jurisdiction to be about not writing them to storage in those jurisdiction, not about not having them in RAM."
There's no precedent I'm aware of that if e.g. NL Telegram server has the key in its RAM but not in its disk, that it doesn't have to hand out the keys. Also the keys and/or plaintexts can just be stolen by foreign intelligence establishments. It's not just judicial means we need to be concerned about. E.g., just because it's legal in China to hack Telegram servers abroad, doesn't mean it's right, and Telegram should take this into account.
"the idea being that there can be an internal policy to shut down the server and wipe the ram but it is harder to do with drives."
This is pure speculation and it wouldn't matter because key lifting attacks would be transparent, i.e. the exploit is polished enough not to raise alarms.
"I also have a question since you probably can answer: can E2E offer a similar user experience to what normal telegram chats offer?"
Yes. Except channels and extremely large supergroups. But these two don't enjoy expectation of privacy. You can't expect something you say to a group of 10,000+ people to remain private, people consider such groups public.
Encrpytion is just math so there's also no way around the UX problem of authentication that's part of E2EE, but since that's expected of users, it's not a problem either.
Everything else, group chats with roles, synced chats, file transfers, locations, stickers... you name it, can be done over E2EE, just look at how Signal is showing each of those can be done. It's not trivial of course, but like you asked, "can it be done", yes, it can.
Does anyone know of good extension to use PGP on top of Telegram Web? So that whenever you chat with person X, if thats persons public key is saved, all messages with that person are PGP encrypted
"- if you receive a stream of unencrypted postcards from Grandma on vacation"
That's such a bullshit excuse. Everything goes with outer layer of encryption these days, what matters is will Telegram offer to lock themselves out of the messages to which the answer is no by default. If you want to chat on desktop or create a group, the answer is no whether you like it or not.
So again, some niché use case of "it's probably nothing sensitive so you might as well send it in the clear because that says you're not a dissident" is thus not even valid. There's almost always outer layer of encryption.
"The availability of metadata, who can access that metadata etc etc plays a role."
Indeed. All the more reason to avoid Telegram that by default stores all that metadata.
"someone always have to pull the E2E: Good, anything else: Bad."
No the point is we'll never even get to the debate on reducing metadata as long as we need to play whack-a-mole with shit apps like Telegram that don't E2EE by default, let alone provide any kind of metadata protection, even sealed sender like Signal does.
As the author of messaging system[1] that provides both E2EE by default for everything as well as metadata protection (more than any other app out there) and advanced protections like endpoint security, I don't really like you putting me into some square of caring only about E2EE. All I can say to you is, first things first.
> you realize Telegram lacks even basic things like desktop clients
the desktop client of telegram is the main reason to use it over the competition for me. something that does not lag when you type text or resize its window, opens in a quarter of second, etc etc
It's the vendor that should be releasing the clients with support for it. The fact it's a third party is both a problem and proof of huge internal problem.
"And nope, Signal doesn't make the cut for the above reasons because it exposes your phone number to everyone else"
This is being worked on.
The thing is you're mixing two threat models. One is a creepy dude who will give you nightly calls if they learn your phone number. The other is a state actor who will hack the server and track you based on your IP-address if no phone number is being used otherwise: hence the enumeration attacks won't matter. You can't escape state actors looking at your metadata with Wire, Element or Signal. For that you want an Onion Service based system like Briar, Cwtch, Ricochet, or TFC.
For the creepy people not having to hand out your phone number is a nicety, but it's not at all hard to block a phone number either, it works just like any other app's blacklist: just add the number and be done with it.
they sent phishing links thru sms and also do sim swaps. They hijack the phone number by connecting it to another sim card. They also have people work at the providers that give them access to these numbers. I'm in those groups so I'm not talking out of my ass.
yes? just knowing a phone number is enough to log into a non-2fa google account if you know the pass, plus it can be easily triangulated to a real-world address
exactly. And not only that, people who work at telecom providers sell illegal services to whoever wants to pay. They give you access to anyones numbers for money.
> With Telegram you cannot even do a phone number enumeration attack (this can be changed in settings) by adding phone numbers to your contacts list to find out who's using it
You mean how multiple companies have done on dozens of millions of accounts before Tg added that feature last year, and are openly selling that data? Like with that dump of 40 million numbers just from Iran and Russia. How often do you change your number?
Telegram has a weird contact syncing default option. I had two accounts with separate phone numbers, but it would nonetheless advertise newly joined Telegram users associated with the respective other account. I think people were also able to view the profile pics of both accounts(?).
And a great bot API. It's literally one of the easiest to use APIs I've ever seen. If you need a home-made solution to control something from your phone or even get push notifications, a Telegram bot is the way to go.
They also have an API which lets you make clients. That, on the other hand, is one of the worst APIs I've ever seen, but it exists, and you can't say that about most centralized and popular messaging solutions.
Because of that API, there's a great client for Windows 10 called Unigram, which is much more pleasant to use than all those Electron apps.
I suspect Unigram is the single reason why Telegram is so popular in the blind community, even though iOS accessibility is horrible, much worse than in most apps of this kind.
It’s no more unsafe as using whatsapp or some other similar service. To be fair, if most of my relatives would not use whatsapp, i would’ve turned 100% telegram already.
Facebook's Messenger app is TLS-encrypted (i.e. encryption happens between client and server) unless special E2EE mode with Signal protocol is enabled.
Telegram is encrypted with client-server MTProto (i.e. encryption ALSO happens between client and server) unless their the special secret chat with its hand-rolled E2EE is enabled.
In LTE networks SMS uses the SNOW3G[1] encryption between the cell-tower and phone. This is also equivalent to client-server encryption in that the server-side area covers the more or less TelCo side decentralized SS7 backbone where message travel more or less unencrypted.
So by default with all three Telegram, Facebook, and SMS, all messages are readable by the vendor. Telegram and Facebook offer E2EE as an opt-in measure, but given that neither offers it for groups, they're not a viable option. Signal uses E2EE for everything, hence it's the recommendation by every security expert out there, nobody's recommending Telegram or Facebook.
There's nothing puristic about expecting companies in 2020 to implement basic security like E2EE for everything, by default. After all, we're not talking about anything short from protecting universal human right to privacy here.
It's amazing that technology is empowering these protestors, but I'm not sure a vulnerable group of people such as this should be leaving identifying information on these servers.
- You cannot sign up for Telegram without your phone number (even if it isn't public).
- End to End encryption exists but is limited to 1-1 chats.
- Telegram cooperates with data requests from law enforcements.
The kind of risk this puts them in cannot be overstated.
> Telegram cooperates with data requests from law enforcements.
It is not that black and white:
AFAIK and IIRC it is more like this:
- yes: Telegram gives data about members of public groups/channels
- no: Telegram does not give out information from closed groups / personal chats, and they go to great lengths to prevent that information from becoming available. We might be sceptical all we want about the custom crypto, but I've seen no credible source that I can think of that have backs you statement except the limited example I gave above.
Telegram has been sued over and over in many countries for refusing to provide that info, and kept fighting (both legally and technologically - via smart proxy-server rotation, addresses distributed over Apples/Google's push notifications etc.).
Here's the case for Russia - https://en.wikipedia.org/wiki/Blocking_Telegram_in_Russia (eventually the govt has blocked over 20 million (!) IP addresses, including Google's and Cloudflare's, and that disrupted 30% of the Internet in the country, but the app just kept working fine)
Schneier was very vocal after the Snowden documents on how the NSA has multiple methods to get hold of the data. If it's not via judicial means, it's via extra-judicial means. NSA considers Telegram's servers outside US fair game (i.e. hacking them is not a problem). GCHQ considers servers inside the US fair game. The two agencies exchange intel which allows them to bypass constitutional protections. This is old news.
As for Russia, China, Israel etc. The servers are outside their borders, and mostly they don't give a flying fuck even if it was domestically hosted.
You can cloak your phone number & not allow others to reach you via your phone number. Which means that the authorities cannot match your phone number to your Telegram identity, even if you posted in a public chat. This feature was implemented last year during Hong Kong protests to protect against government efforts to identify protestors by enumerating the limited phone number space in HK. There is also a password option to protect against SMS surveillance.
As to whether Telegram itself would cooperate with data requests from your government - that depends on which government it is, and in the end is up to personal judgement. I don't think there's any reason that Telegram would betray me to the Chinese government, for example, while I won't at all trust Facebook for that. Facebook, and Zuckerberg himself (for how long did he stick to that Wuzhen avatar?), tried hard to appease the Chinese government for such a long time.
International megacorp are generally the worst to trust in that respect. To many of us in authoritarian places, the illegality of Telegram is itself an attraction.
I don't understand how they will get the chats except from individual phones. The convo is encrypted between telegram app and their servers and the servers aren't available to Bealrus' government officials, so how are they going to get the messages? Obviously they can if they're monitoring public group chats because all they have to do is join, but person to person or private groups, how are they going to get to those? Confiscate everyone's phones?
They are not going to get them, and the people saying otherwise don't use Telegram, and/or do not know what they are arguing over;pedantry. Telegram works well. Anyone can start a private chat encrypted end-to-end, those messages only stay on the device, and you can set them to auto-delete from BOTH user devices in 3 seconds, 5, 10, 30 second, 1min, 1 hour, 1 day. Nobody at all is going to get those messages. Go ahead and wireshark your connection and start using Telegram.
This isn't good advice for trying to show someone their messages aren't being sent in clear text. It could be encrypted using a weak cipher or have other implementation bugs that make it trivial for a nation state to decrypt it. You need to be able to look at the application's source code to tell what encryption it's using and if it's secure enough.
Wireshark would show group messages in Telegram are indeed encrypted. However, they are encrypted only in-transit, meaning the server will see 100% of group chats. This can not be trivially detected with wireshark hence the advice to use the analyzer is useless and downright dangerous. It's like using a radiation detector to find cancer.
> Anyone can start a private chat encrypted end-to-end, those messages only stay on the device, and you can set them to auto-delete from BOTH user devices in 3 seconds, 5, 10, 30 second, 1min, 1 hour, 1 day.
Sure they can encrypt E2E but they don't.
Most chats on Telegram are unencrypted. Huge channels like the one mentioned above are full of agents and nothing prevents them from taking screenshots.
I recently found this out. You need to specifically create a "secret chat" in order for telegram to actually use E2E. I originally chose Telegram because I wanted a messaging app that respects my privacy and E2E by default is pretty obvious in that case.
Maybe I'm stupid for not realizing or looking it up before chosing Telegram. Luckily there are a lot of other apps out there in the same space that do this better. Have switched to Signal now and really like it! Privacy should never be an opt-in feature like in Telegram!
"people saying otherwise don't use Telegram, and/or do not know what they are arguing over"
So that would include world famous professional cryptographers like Bruce Schneier and Matt Green. Meanwhile the people recommending Telegram are random usernames on internet forums. It sounds like you're the only one who doesn't know what they're talking about.
"Anyone can start a private chat encrypted end-to-end"
This is such a shill talking point. Telegram doesn't even support E2EE for groups. Every dissident groups leaks 100% of its chats to server with no possibility to opt-out.
Oh yeah that feature which conveniently deletes your "Down with the <dictator name goes here>" group and its member list every 60 minutes and forces users to create a new one.
"I don't understand how they will get the chats except from individual phones."
~~By default~~ Telegram's group chats used to organize protests aren't E2EE. If Belarusian government hacks Telegram server, they can read every dissident group's chat history trivially.
I have been frustrated with Signal on this. I pitched that it is a good idea because of a scenario:
> You're protesting with people. Cops pick them up, but not you. You can delete their messages and it is likely that you are able to do so before the police can clone your phone or copy the messages (screenshot, whatever).
I got a few strange responses back:
- Deleting messages doesn't mean they can't be saved (yeah... this is probabilistic privacy, not guaranteed)
- My device, my data (okay?)
- Some people run custom apps that save everything (how does that apply here? Funny enough, a sibling comment said something similar)
- Just own up to your typos (-_____-)
- Don't use Signal for communication then because you can't be guaranteed privacy (great, I'll use smoke signals with my friends to organize)
To be fair to Signal, the devs did not get into the forums. To also be fair, Signal is taking the same position and is going to only allow deletion an hour after a message was sent. As much as I love Signal, it is my preferred messaging app, I think they are not in touch with the needs of people. We should look at why people are turning to Telegram when protesting. What can we do to better preserve the privacy of people protesting in HK, Belarus, America, etc? Everything is probabilistic security and privacy when it comes down to it. But what tools would help these people the most? I would argue that bidirectional deletion to reduce the chance of self incrimination is one of them. The other is group messaging, channels, and anonymous messages (so your phone number isn't visible in channels). Emojis are nice and fun for day to day use, but it is getting more and more important to push these other features (yes, I know they are extremely difficult to do and actually preserve privacy to the standard Signal currently does. I think many would be fine if it was an incremental increase in privacy with these newer features).
I don't know why you're getting down-voted. It's an accurate statement that many loyal Signal users can attest to. Signal has been my primary messaging app for years now, but that's my main issue with them outside of group MMS issues still being problematic all these years. Their slow response or lack of care was especially apparent after the huge outcry over constant nag notifications for verifying PIN, setting a profile name, and asking contacts to join Signal. It's like they don't understand how badly they need better adoption for Signal to be effective. If 90% or greater of my contacts don't use Signal, then what good is that? They need to start listening to their users better.
I do think that things like emojis and the (now fixed) link previews do help with adoption. But I think there is another and more compelling adoption method given the current state of the world: privacy and security. The reason people are turning to telegram is because they think it is secure. Signal will never gain mass adoption without good groups. And honestly, they probably need channels too. If it had both those things then all these protestors would turn towards Signal. After all, isn't that why they get funding from the US government? To "enable" democracy in other countries?
I was pitching the following idea to a friend of mine yesterday:
- the UI should hide e2e/“reallyprivate” conversations by default
- as in "not visible anywhere" (edit: unless the app is in the foreground and you are chatting of course)
Unless you:
- do the “add a new user/conversation"
- then instead of adding mail/GUID/phone you add a whatevercanberemembered number/emoji/sentence that unlocks the private conversation you initiated long before
There should be no trace in the UI that private conversations are going on.
What does HN think ? Why hasn't it been done before ?
Edit: there could even be notifications disguised as another app (news subscriptions, medical reminders, battery low, etc.)
This doesn't give you plausible deniability if law enforcement gets their hands on your unlocked phone, as they can see that the file size of the encrypted message logs doesn't match the visible content. If the phone is jailbroken and the key for the message logs is leaked, it doesn't help at all.
Wouldn't the solution here just be to allocate a larger disk space and encrypt that? Then when the space is filled up you expand again? I've seen this done before.
Rather I'd change the GP's solution to having a secret vault in an already encrypted chat system (so you can do the above), essentially making it two layers. Just the second layer isn't a button that says "look at me, I'm where all the real secret shit is."
I agree that security through obscurity isn't a winning solution, but it is part of the toolkit. It would just be dumb to rely on your security solely being obscurity. Encrypted steganography is still a powerful tool, hackers obscure code, and real spies use obscurity all the time. It just isn't the dominant factor.
> This doesn't give you plausible deniability if law enforcement gets their hands on your unlocked phone, as they can see that the file size of the encrypted message logs doesn't match the visible content.
Hmmm. What about from the get-go saying that the app allocates 100Mbytes of space and fills it randomly at regular time until some encrypted content is generated. That'd put a 100Mbytes log/message limit to conversations but that'd be by design and nobody could be sure those bytes are random or genuine messages.
> If the phone is jailbroken and the key for the message logs is leaked, it doesn't help at all.
Why would the key get leaked if it's never stored ?
> . We should look at why people are turning to Telegram when protesting.
Every single person I know who uses Telegram does it for either porn or piracy or both. So using what you already have for protests if they occur makes sense. Trying to get ppl to install a different app is much more complicated at this point. Sometimes may even be prevented by the regime.
See, the lack of bidirectional deletion is one of the reasons I prefer Signal. Nobody other than me should have the ability to delete data on my device.
I disagree. I see my phone as an extension of my brain. If I have an in-person conversation, the other party can't force me to forget the conversation, and they shouldn't have that ability for my phone either.
What if only the other partys messages where deleted?
In telegram it is understood that 'secret chats' constitutes confidentiality. As such, both parties, I believe, ought to be able to delete everything.
I kind of see you point about non-secret chats.
But then we are back with a opt-in model for privacy.
Personally: what I tell you at the coffee machine, in confidence or not, is ephemeral. I would probably not talk to you at all if you where taperecording all conversations, as you want to do with messages... so I think both.parties.should be able to delete text conversations. And privacy should be on by default.
> I would probably not talk to you at all if you where taperecording all conversations
You hit the nail on the head with this one. To me deletion is a nice compromise and why the coffee shop analogy isn't a good comparator. Similarly we don't record video calls (and Moxie himself doesn't like this). So why should every text be recorded and parties do not have control over that data? I do feel that each person in the conversation has a right to control that data (if anything the sender more so) and when policy fails it should fail in the direction that has more privacy (which is the message not existing within Signal's log^). But currently people aren't given this choice and there is no consideration of failure modes.
^ Careful wording because if I don't make this added comment people think I'm unaware that screenshots exist.
I don't really make that distinction, I think it's harmful to have E2E as optional, and only use platforms than have either mandatory E2E encryption (Signal, WhatsApp), or no E2E encryption (SMS, email).
If you have an in-person conversation with me in confidence, that doesn't grant you any additional powers to make me forget details of the conversation.
> Personally: what I tell you at the coffee machine, in confidence or not, is ephemeral. I would probably not talk to you at all if you where taperecording all conversations, as you want to do with messages...
What if I have a very good memory, and follow conversations by writing up their details in personal memos that you can't delete? (e.g. Comey's contemporary memos of conversations he had with Trump.)
> so I think both.parties.should be able to delete text conversations. And privacy should be on by default.
The problem for you is that I'm not going to agree to that - if you won't use Signal, I'm going to force a downgrade to SMS or email, and then you get even worse security and privacy.
If you want to have a conversation that can't be recorded in an automated way, you basically need to meet in a sauna.
> If you won't use Signal, I'm going to force a downgrade to SMS or email, and then you get even worse security and privacy.
Or we will set up e2e encrypted telegram. Or not talk.
> What if I have a very good memory, and follow conversations by writing up their details
You saying that you remember I said something, even took a screenshot vs you can prove I said something, is a big difference.
If I am doing a snowden, I might go to a sauna. If I am planning to overthrow my boss, I think e2e telegram is okay. Because I can delete the conversation it might even be preferable to signal.
Sorry, I just can't agree with your take. You're fundamentally trying to use technology to restrict rather than enable use cases, and doing so in ways that aren't actually robust to your use cases and threat models.
I'm not sure what this has to do with anything. Sure, maybe this doesn't help you in a channel, but one on one? Or small groups? Most people don't run custom apps and you're probably going to know if your friends do. The biggest use I see of bidirectional deletion is if you see your friends be picked up by a nefarious actor and you can delete the messages. This reduces the chance of self incrimination because you can probably delete the messages before the phone is cloned or the messages are saved in some way.
It has everything to do with this when the conversation is if the government is going to use your messages in the unencrypted channel to come after you. If your friends are picked up by a nefarious actor, you would have to know that they were–and also, you'd have to ensure that Telegram isn't keeping some sort of deletion log.
>> Sure, maybe this doesn't help you in a channel, but one on one? Or small groups? Most people don't run custom apps
The bidirectional part is helpful in the non-public channel context.
How does this help? Why does this matter? Well you can keep a public face and a private face. Private channels, group chats with friends, or one on one messages you can be more open and use this tool. But this is normal. Everyone shows a different face in public than what they show to friends (offline!).
> If your friends are picked up by a nefarious actor, you would have to know that they were
Sure. But they're your friends. I don't know how you interact with your friends, but usually when I'm out with them I'm physically near them and know what they are doing. Chances are pretty high I'd know within a few hours if they got arrested/abducted.
> you'd have to ensure that Telegram isn't keeping some sort of deletion log.
This is a different issue and FWIW that's why I don't personally use Telegram. There's no verification so no trust. But that doesn't mean that the deletion tool can be useful in certain contexts if the implementation is correct. No reason to throw the baby out with the bath water. It is about the probability of reducing self incrimination, not guaranteeing.
I certainly do not know what my friends are doing 24/7, perhaps not even within a day or two. And that's plenty of time for law enforcement to install a third-party client on their phone, or just read the messages. I agree that having it is better than not having it, but I would not put too much faith in it being useful against law enforcement. Perhaps retracting a mistakenly sent message, but not much more than that.
I feel like you're being needlessly dense. The threat scenario is being at a protest with your friends, not some midnight abduction. And I'll I'm arguing is that it is better to have it than not have it because there's a __chance__. When it comes down to it every aspect of security and privacy is probabilistic. Security walls aren't impenetrable, but unlikely to be penetrated in a given time-frame. If it doesn't reduce the floor on security or privacy but increases the probabilistic upper bound, why not? So my complaint to Signal is why shoot yourself in the foot by limiting this to 1 hour? (24 if you run a custom app)
There's a reason big companies/government employers want root access to your phone and will wipe data if it is lost or stolen. Because it reduces the chance that company/state secrets. No one thinks it is a guarantee. But if given the choice of "revealing a secret" vs "rolling a dice to see if I reveal a secret or not" I'm going with the latter no matter the odds.
So disappointing that true anonymous communication is technologically feasible but is only unavailable due to government intervention and public apathy.
The main issue is that any form of anonymous communication gets instantly abused for things that very few people are OK with. It's a classic Catch-22 and a very well-known at that.
That can happen anywhere and not just with Telegram - imagine what a repressive government can do with a dump of GMail. Iran's a much bigger country with a regime much more capable and willing to use violence.
Imagine how hard it must be to run a presidential campaign in the US when your incumbent opponent in an election controls the systems that get to read any message in GMail.
Explain how this works. A blue party voter writes to another blue party voter: Hey, let's vote blue this year. NSA that intercepts the message and __________.
The thing being suggested here is that the campaign of the incumbent is reading all the communications of the campaign of the challenger. I don't think anything of the sort actually happens or is really that easy to (completely secretly!) make happen, but that's the proposed scenario.
'Congressional investigators determined that "targeting of US political figures would not occur by accident, but was designed into the system from the start."'
So yeah that might still be going on. Signal etc. make it harder but it's not like the NSA isn't hacking endpoints so hard to say if it's actually secure. We can only hope the next Snowden will let us know if NSA's spying on the opposing political party.
I don't mean that, I'm just pretty sure the person you are replying to meant that. As to the other stuff, no, even if your security services are collecting this sort of thing, by design or not, it doesn't mean it's in your daily briefing, let alone available to your campaign. If it was, Nixon wouldn't have needed to hire a bunch of incompetent cosplayers to be 'Plumbers'.
My kids tested sending https://kamalaharris.info and https://joebiden.info to each other on Instagram, in private messages. The sender would see that the message was successfully sent, but it would never arrive.
Another case is that the person who ran the primary campaign for Kamala Harris now works at Twitter, where he blocked an opponent's campaign account.
By default it's no more encrypted than HN (as in, traffic to their servers uses TLS, messages on the server are not encrypted at all).
There's Secret Chats feature which they claim to be end-to-end encrypted, meaning that it's no more secure than Facebook's Messenger (also end-to-end encrypted in Secret Conversations). Even less so considering that they roll their own encryption (MTProto), while Facebook's Messenger uses Signal's protocol.
Can we stop using 6-year-old info for apps that get updated monthly? The problems they have with MTProto have been patched literally 5 years ago, the only other criticism comes from a direct competitor, and they recommend WhatsApp despite the fact that it's closed-source and nobody can verify if its encryption truly works.
Facebook is planning to merge Messenger, WhatsApp and Instagram, which makes it even more awful of a choice.
Telegram still doesn't encrypt chats end to end (by default¹), which means it's not a strictly superior choice to WhatsApp.
Facebook can't read your WhatsApp messages (of course they can add an update any time to do that), but Telegram has access to all your messages right now.
¹ Yes, you can select the end-to-end encrypted sessions, but they're very crippled from a usability perspective. I don't remember the last time anyone used it with me, yet all my chats on WhatsApp are end-to-end encrypted without anyone doing anything.
Are we sure it can't? Because WhatsApp is closed-source, its GDrive backups are unencrypted and Facebook's whole profit model is based around snooping. Unless they make the app open-source, I'm not trusting them even with a grocery list. People act like E2E is the be-all and end-all but trusting an incredibly shady company on its word is not something I'm comfortable with.
Yes, people are reverse engineering the app. You can check the discussions on HackerNews when security of WhatsApp is discussed.
GDrive backups are not readable by Facebook, they're readable by Google. End-to-end, if properly implemented is the be-all and end-all. Except for metadata, which is a problem, but a different one, and Facebook definitely abuses that. But they don't/can't read the contents of chat messages (for now).
It's not merely trusting that shady company, but also realizing that the news of FB not having E2E-encrypted messages would definitely make the news, you'd be aware of it.
> It's not merely trusting that shady company, but also realizing that the news of FB not having E2E-encrypted messages would definitely make the news, you'd be aware of it.
Right.. consider what your adversary would be giving up by revealing such a secret, even if it was true. That alone provides a not-insubstantial amount of security.
The real question is, why is Telegram more secure? There's a 100% chance it can read your group messages, because it says so on their documentation that describes the cloud encryption. There is no E2EE at all for groups. There is no E2EE at all for desktop. Together these mean E2EE are completely neutered and useless. I'm a privacy researcher and I don't use them at all. Why would an average joe?
Open source is not the be-all end-all of security either. Closed source apps can still be audited (with increased difficulty), and open source apps might still be impractical to audit even though they are open source.
No, it is not necessary _or_ sufficient. That is what I'm saying. You can audit a closed-source app, and there also might be open-source apps which are impractical to audit despite them being open source.
If you have your closed-source app audited, everyone needs to trust the audit company. And I've seen some shit audits in my life that told absolutely nothing about the actual security.
Open source means anyone can audit and verify nothing was done after audit.
Moxie more or less audited WhatsApp's Signal protocol implementation, and people are right to be concerned about whether changes have been made since FB bought the app.
Facebook does get your WhatsApp communication metadata, and has been for years now. As the three letter agencies showed, metadata is actually quite valuable in many respects without needing to trawl through massive amounts of content.
Can’t Facebook read most people’s WhatsApp messages because cloud backups of chats are enabled by default, and only the tiny minority of users who disable that feature will get truly end-to-end encryption?
I don't see the problem of using a hand-rolled encryption algorithm or the strange choices that went into that algorithm as "patched literally 5 years ago".
"Can we stop using 6-year-old info for apps that get updated monthly?"
The fact Telegram's E2EE has not been available
1. by default
2. on desktop apps
3. for group messages
for seven years tells you exactly how secure it is.
"the only other criticism comes from a direct competitor"
Fuck this attitude. Everyone has the right to criticize. If Telegram can't own their mistakes it's their fault, not that of the people who are beating them. Also, impartial professional cryptographers like Bruce Schneier and Matthew Green have told people not to use Telegram. Why is that if not because it's so horribly insecure. Why isn't there a single recommendation for Telegram from ANY cryptographer on the entire planet?
"they recommend WhatsApp despite the fact that it's closed-source and nobody can verify if its encryption truly works."
Because they've helped implement the encryption? Also if proprietary tools doing encryption are not secure, then why do Telegram users think it's ok for Telegram to use closed-source server that's doing the "distributed datacenter encryption" for group messages' at-rest protection. There's not even documentation available for this let alone source code.
Fair point, but from my perspective, even if it was absolutely the best end-to-end encryption there is, it wouldn't mean much unless everyone's using Telegram for 1-to-1 communication using Secret Chats feature.
> Some of its channels helped unconnected, scattered rallies mature into well-coordinated action.
This line alone makes their encryption rather meaningless for this use case, since Secret Chats only work between two people.
Which is why I'm confused people are even talking about their encryption in this thread.
This has nothing to do with secure chats and everything to do with Telegram's Channels feature. But a ton of people that have never used Telegram nor read the article don't know that.
And proxies. Telegram has great proxy support and virtually anyone can install their own MTProxy in 5 min.
A multitude of proxies, shadow optic cables over the border and a bit of whitelisting from the government to allow payment processing made Telegram invincible.
Correct. What anyone in an oppressive regime could do though is to make sure settings are set to "share your phone number with no one," as well as delete their own messages from the channel in their entirety after having been read 15-30 min later or whatever arbitrary time they'd like. They would do best to not use an @username or account name which could identify them. Beyond that, there's no way anyone in Belarus can do a thing besides physical violence and take an individual's or a group of people's phones.
There are also options for invite only channels ( I manage several TG channels, public and private) in which nobody can join without having been given the invite link, or added to the channel if their settings permit other users adding them to channels.
This is all information in bad faith.
The protocol and all Telegram is open source. Are you a cryptographer?
And who "rolled" the Signal protocol, Moxie Marlinspike? Did he not design that himself?
This is demonstrably false. Telegram's apps are open sourced (except Telegram X for some reason), same as Signal's (no exceptions). None of the two offer you their server's code.
> And who "rolled" the Signal protocol, Moxie Marlinspike? Did he not design that himself?
And again, this is completely irrelevant because even if Telegram's end-to-end encryption was absolutely the best there is, a) it doesn't work on group chats, and b) it's not enabled by default, only in Secret Chats. The vast majority of Telegram's usage is not end-to-end encrypted at all.
"The vast majority of Telegram's usage is not end-to-end encrypted at all."
This. This is the backdoor right here. It was never going to be shady flaw in the implementation. It's SO much easier to put it out there in the open, spread misinformation about Telegram being at the forefront of privacy battle and silence all criticism (my links were shadowbanned on their subreddit), and to attack straw men like people posting example's of Telegram's bad track record. tl;dr: damage control.
Telegram's encryption OTOH was designed by Nikolai Durov who is not a cryptographer, but a geometrician. That's like asking a gynecologist to perform brain surgery, lol.
Signal Protocol won the Levchin Prize at Real World Crypto, which was awarded by a panel of several of the most renowned academic cryptographers in the field (including Dan Boneh and Kenny Paterson). Other winners include Bellare, Krawczyk, and Joan Daemon. The protocol has been extensively analyzed and is the current gold standard for messaging encryption.
This. It's not the Durov brothers who are moving the field of secure messaging onwards, or talking at conferences. They're complete amateurs surrounded by fanboys who don't understand the very basics of the field, and who think copy-pasting from https://tsf.telegram.org/manuals/e2ee-simple makes them useful as opposed to spreading propaganda.
But the standard we should apply to secure chat protocols isn't how many awards it won, but whether it's watertight. Obviously winning a prestigious prize means it's watertight, but the converse doesn't follow. A protocol can be safe for practical use without winning any prizes.
It can, but given Telegram's history and professional cryptographers like Schneier[1] and Green[2] saying DO NOT USE IT, it's obvious it's _anything_ but watertight.
No. Still not E2EE by default, still no E2EE for groups, still no E2EE for desktop clients. Why do you want to imagine Telegram magically got better when it's so obvious it didn't?
Because they “magically” updated and improved tons of stuff in the last four years. So I think it’s not unreasonable to consider whether their encryption improved too.
But yes, not having encryption on by default speaks poorly of them. OTOH it’s not concrete proof that the encryption still sucks as of now.
Don't get me wrong, I'm not saying the E2EE encryption itself is flawed. I'm saying it's not being used at all by default. And I'm saying it's not possible to use it for groups or desktop clients. That's _the_ travesty, and the proof that this is the state of things is so obvious people don't realize how serious it is. And my concern is that will lead to a tragedy.
Yeah, it’s true that not having E2EE makes Telegram a bad choice for the purposes of the protesters. Convenience and inertia wins out though. And when you have groups of hundreds of thousands of people, there aren’t too many choices in the first place.
The expectation of privacy loses it's meaning when the group size grows. It's more likely what you said remains private when you say it in a group of five people than if you say it in a group of 50, 500, 5000, or 500,000 people. IMO supergroups and channels don't need E2EE, normal groups in Telegram definitely do. It's not an all-or-nothing thing. E2EE where expectation of privacy can be assumed from group size isn't a problem.
Also, Signal has no upper group size limit but E2EE would make group with 100,000s a bit sluggish. But that's a problem that reduces with Moore's law.
No, and obviously it doesn't have to, because I'm replying to you. You hint at Telegram's protocol being inferior based on the number of awards it won, a heuristic that isn't too relevant in practice.
First of all, most of this goes back five years and things have likely changed, but basically MTProto used several non-standard and out of date security mechanisms (no AE and using SHA1 were fairly notable at the time) whereas Signal was purposing fairly standard and widely used mechanisms (OTR). It's possible that many of those failures have been addressed over the years, but I haven't followed it closely. It's worth noting that Signal has been widely vetted over time and is the underpinning of WhatsApp, whereas MTProto continues to have a poor reputation, it seems.
The very fact out-of-date security mechanisms passed into first version should tell the developers don't follow their field, or that they're complete amateurs. Both are flags so red Stalin would have a problem with it.
The Signal Protocol[0] is based on OTR, a technology which had already seen a number of implementations and informed scrutiny by the time Signal came along.
Also an important aspect is that it is open sourced, meaning others can audit it. I'm a little untrusting of people that say "trust me" but also "no, you can't look at it." (unless there is a good reason to hide it, which in this case I do not believe there is)
(DH-ratchet is still there. 1536-bit FF-DH was replaced with X3DH etc, but the basic idea is still there. Adding hash ratchet for non-round-trip messaging was a good idea, as was pre-keys stored on server. IMO it's fair to say it's been expanded around OTR)
It is encrypted by default but end-to-end is only for calls and Secret Chats (one-on-one). You can delete any message at any time without a trace for both sides, which protesters often do, really don't think the government needs messages to pin a crime on them. Hell, they've pinned crimes on people for literally no reason before.
So when you try and go tell the other person's device to delete your message, how does it go into their iCloud backups and delete that message, or some other backup?
Don't depend on asking someone else's device to delete the data as that data being gone.
It is stored locally, although only temporarily. I rarely connect my phone to the internet and still can scroll through quite a bit of message history.
Not by default, no, because that has UX implications (e.g the chat will only be available on one on your device instead of being synced between all your devices). Though it’s quite easy to start an encrypted chat, and you can decide to have auto destructive messages.
I'm pretty sure Signal at least doesn't encrypt at rest on your phone. So the drive would have to be encrypted as well, which is not default on Android
Signal does encrypt your messages locally. Also Android supports file encryption you don't need to use full disk encryption anymore. Also I think the policy has changed in Android 10.
> All compatible Android devices newly launching with Android Q are required to encrypt user data, with no exceptions.
Signal traditionally had an easy to get encryption key for the local encryption. Now there is a PIN but I don't think it is any protection against having access to the disk. The signal people would prefer that that you deal with the end point security yourself, because they really can't do much there.
Indeed, the PIN is just for SVR. Exported message logs on Android use separate, client-generated, 30-digit, PINs.
Unless the OS+HW provide API for some sort of TPM, it's not possible to provide strong protection for app databases without asking for strong password every time the app is opened. Android has had some sort of sandboxing for a while but it's not comparable to secure enclaves etc. AFAIK.
Android has encrypted storage by default since a few years ago. Of course, by default it uses a default key. But, the point is, enabling "encryption" just means changing that key, not reencrypting the entire device.
Apart from that, regardless if you're on Signal or Telegram if authorities get hold of a protester's identity on such an app and have the power to access the app's servers they can gradually uncover social networks by reading metadata (if I'm not mistaken).
I think you are mistaken. Before your text is sent to Signal your sender information is encrypted with the receiver's public key. So while Signal's servers can see who to deliver the message to they cannot see who sent it. Only the receiving client can decrypt and authenticate the message. This feature was rolled out in late 2018 and is called "sealed sender". It was developed to prevent leakage of any social network information via the message metadata.
But as far as I know Telegram has no equivalent feature.
"So while Signal's servers can see who to deliver the message to they cannot see who sent it."
Why can't they look at the TCP headers of incoming packets to determine source-IP? Also, why can't they look at session identifier or signal ID like phone number to determine who the sender is?
I assume if you are trying to hide your communications you aren't connecting directly to signals servers, so IP should get you nothing. There is no session identifier or signalID attached to your message, its contained within the encrypted part of the message so only the receiver can determine who the message was sent by. https://signal.org/blog/sealed-sender/
Encryption isn't enough. They could just suspect or arrest anyone who has Telegram installed. Or they could check teleoperators' logs for anyone who has used Telegram during the past weeks.
In Turkey, they arrested people who had the ByLock app installed. It didn't matter how people had used it. Having installed it was enough.
Let's differentiate between the heroic individual activists striving against all odds, versus the technologists whose market-driven decisions ensure that the activists are betrayed to their oppressive governments.
It's not so against the odds. The EU just implemented mass sanctions against Belarus and mobilised €53m to support agitators. Top politicians such as Varadkar tweet support.
If Russia so overtly threw money at organising American riots it would be front page news. There's been a year of mass unrest and yellow vest riots in France yet Marcons junta still reigns supreme.
I never replied as you simply restated plainly obvious information about Telegram. I'm intimately familiar with, and would not trust Bruce Schneier. It's not my first day in cryptography.
What you've counterpointed doesn't exactly negate what I said. There are no Belarus state controlled or regionally located Telegram servers. I fully understand and take that risk that server side code is manipulable, and I also fully know they are able to edit open conversations from the server and this has been done. Still a better alternative to choose a foreign state adversarial network these days and to choose E2E and do as best you can to use a throwaway number than to choose something that's been gamed by your own state, for fun and for profit to eavesdrop all conversations out of the gate, or use backdoored WhatsApp. Choose all throwaway, blend in, and don't talk too much.
There was also a very large Telegram channel where they were doxing riot police members that were participating in attacks on demonstrators. It was extremely efficient infowar since it was their home addresses, family photos, wife's cellphone number...
If your teenage son was arrested for nor other reason than walking on the street and then was tortured. Wouldn't you want to punish the perpetrators? But you can't in Belarus. The only way is to call their wives and mothers and tell them the husband/son is a monster.
Actually there are reports that riot police was specifically looking at ones telegram channels to decide on the degree of your immediate punishment (yes, old school batons). And it was easily decrypted (phone unlocked) with a threat by the cops. I am in Belarus at the moment and can confirm telegram was not available without vpns/proxy just like any other resource. And why wouldn't it be?
...most of the detained people didn't have such switches and it's not easy to use it - just look at how quickly people get arrested - it happens within seconds, hardly enough time to even take the phone out of your pocket and unlock it.
Also they don't know they're about to be arrested. One second they're walking along a street, one of dozens of other random pedestrians, the next second six guys are literally carrying them into a van.
> All the security services need is to find one protesters phone force the person to unlock it and they have it all.
This is true for all apps regardless of how good their network encryption is. With Telegram it's possible to delete messages for everyone. Not so in some other apps.
"With Telegram it's possible to delete messages for everyone"
If the phone is in airplane mode, or faraday bag it's not receiving any "delete message" commands.
Also, with Telegram the case is, when the Belarusian, Russian, Chinese, Israeli, US... intelligence agency compromises the server, they can see every group message of every group, because by design Telegram's group chats never use E2EE.
Every cryptographer agrees Telegram's encryption is shit. Let's start believing them.
> Yeah it's pretty annoying that group chat displays real names and profiles.
Don't use real name in profiles. You can also set Telegram to show your profile picture only to your contacts and also choose to not share it with specific users or groups in the privacy settings.
> Also group chat has a search feature for all time.
This is managed by the group administrator when setting up the group to either limit history to new members or provide all history to new members.
Similar thing is happening in the States with different social media platforms (FB, Reddit until recently) which have empowered political views not reguarded as “good” by the mainstream media, but you don’t see congratulatory articles about this phenomenon, with FB even seen as Satan itself when it comes to politics.
A different interpretation is that those social media platforms keep the dissent monitorable and under control, and the powers that be are quite happy with the status quo. If that was the case, as soon as a platform that was not US-controlled gained a foothold in the US, we'd see a crackdown from the establishment. It would be painted as a tool of a foreign power and shut down or forced to be turned over to a US-based entity.
If that ever happens, we'll know democracy in the US is under threat.
> as soon as a platform that was not US-controlled gained a foothold in the US, we'd see a crackdown from the establishment
Telegram is not US controlled. There is no crackdown from the "establishment". Except if you meant only in situations where there is widespread unrest? If it is not relevant to Facebook here in the US in the first place.
3.5 million monthly active users of Telegram in the US. 80 million MAU of TikTok in the US. Makes a difference. They didn't crack down on TikTok until very recently.
> If that ever happens, we'll know democracy in the US is under threat.
Not to get political or anything, but with the clear election interference with dismantling the USPS and removing sorting machines only in swing states it's clearer than ever that democracy is already currently under threat.
Democracy in the US has always been under threat, because the elites aren't stupid and realize that letting the masses rule leads to Third Positionism.
Both are thought + location + picture + file + link sharing platforms. Perhaps you're not publishing to as wide audience, but still, they're extremely similar.
Please direct me to the comprehensive list of "valid" ideologies. Also, if you can get me the methodology for deciding what ideology is considered "valid" I would greatly appreciate it.
CIA encourages lots of friendly articles about social disruptions they've planned and funded. It seems likely they didn't plan BLM and related recent American protests, but definitely they are behind anything going on in Belarus.
That sounds like taking the claims of every strongman that their internal opposition is an external malevolent actor. The CIA would only be needed for sufficent state level resources such as training or large quantities of munitions beyond what they could source without intervention.
Dissent is very damn cheap with modern communications infastructure and can exist with and without it.
The only funding the CIA certainly provided was historical general purpose funding of computers and cryptography research. Calling it planned would certainly be a stretch.
It's certainly true that politicians can be unpopular for entirely local reasons. For instance, most politicians in USA, for at least the last decade. They are corrupt and incompetent, so they are unpopular.
However, both TFA and other things I've read about Belarus have a very "Euromaidan"/"Kong Tsung-gan" flavor to them. This is the sort of thing CIA does. They publicly claim this is the sort of thing they should do. Why would they be sitting this one out?
What was the revolutionary app during the Ukrainian protests? I remember reading almost the exact same article at that time, although then I was a little distracted because that revolutionairy app ended with Russia annexing Crimea. Guess that wasn't in the TOS?
Compared to WhatsApp, they do have access to all messages from every person (except for the few people using secret chats) and group so I'd not be very surprised if they started to mine that data somehow if they really want the money.
Compared to WhatsApp that is owned by a massive megacorp that bought it for over $10bn and that has already tried to start mining metadata from it I would say Telegram still has its advantages.
Prefer Signal myself too. It's a bit hard to switch over from WhatsApp and tried to use it at least with my spouse. One feature that Telegram and WhatsApp miss, is being able to send yourself a message. On Signal you can do this and it's very convenient for taking notes, sending passwords (laptop <--> phone) and for saving bookmarks. I used to share interesting bookmarks from HN to my email, but that quickly got cumbersome to sort out.
Agreed. This actually works incredibly well on Telegram to sync snippets and files between devices.
FWIW you can also create multiple groups with the same person(s) so you can keep one "group" chat with your spouse for chores, shopping lists etc and another for photos of the kids, birthday planning, funny stuff etc.
This probably works in most messengers though, but it is a nice hack anyway.
OT but if it helps you, Whatsapp does actually allow you to send messages to yourself (sort of)! You can create a Whatsapp group with you and one other person in it, and then remove them from the group. The result is a group with only you in it that you can use to send messages to yourself.
It is only "attacking Facebook" as much as it is also just "stating again what is already publicly known about Facebook".
This was all in the news: Facebook lying about not being able to connect WhatsApp and Facebook, then trying to weasel their way out of their previous statements.
For all the problems Telegram has they don't seen to have our raw messages more than GMail has your raw emails.
Yep: unlike WhatsApp and Signal they can, technically produce them. (Edit: I forgot to mention: WhatsApp chat logs gets uploaded unencrypted to American Cloud providers. I have less against the police and Americans than many other here but lets not pretend end-to-end encryption helps for anything when you backup the data unencrypted with everyones favourite villain it seems: NSA)
And yes: like with GMail if Telegram has done exactly what they said and done it properly it would probably take cooperation of at least two sysadmins on different teams and it woumd also probably trigger alarms east and west.
What about totalitarian state with 1,000,000 USD of extra cash to spend to buy a zero-day, that then exploits the server and reads any message from there?
That would be a great reason to stop using it. If they never plan to use that data then they're idiots for designing a system that makes them liable for all that user data they accumulate in case it leaks. And if there's one constant on the modern planet that is "everyone will get hacked at some point". So that's another good reason to stop using Telegram. Like right now.
Public estimates of his net worth are hard to believe.
Not a billionaire, at most 2-3 hundred megabucks cash as his Russian assets are rendered effectively worthless, and he burned himself a lot trying himself in investments, real estate, and, in general, burning money on expensive things, including telegram, like no tomorrow.
I am still very suspicious at how he managed to flout around Kremlin for so long.
> I am still very suspicious at how he managed to flout around Kremlin for so long.
His first successful project (VK) was founded and gained popularity partially using money of really weird investors some of whom were related to Kremlin.
Also keep in mind that Russia was just a kleptocracy until around 2008-2010 and only after 2012 when Putin decide to get back presidency everything started to go really sour. So it's not surprise they taken control of the company away from him shortly after.
The fact that there’s no proofs, alone, says something. Telegram has been around for 7 years. There’s no external funding and yet the project lives and grows. It’s either being funded from the Durov’s pocket, or from elsewhere. Take your pick.
To better understand who Durov is, look up the story about him throwing money to a crowd out of a window of his VK office.
He also believed that foreigners should be able to buy land in Russia to create small states within the country.
I would not (and I do not) believe in good intentions of this guy, at all. And in fact it is you (or Durov himself) who should provide a proof that Telegram is not getting funded by governments, being one of the most popular communication tools around. Especially after the failed ICO. The source of funds should be transparent.
Proof? The ICO they did isn’t enough? They act as a business, Durov keeps control, it did not create a foundation or a non-profit. What extra proof do you need?
I totally understand where you're coming from but in order to be better than Durov who claimed Signal had backdoor without any evidence, we can't say he's selling user data without evidence.
We also can't claim he's secretly handing all non-end-to-end encrypted group chats and one-on-one messages to Kremlin, or that he's an oligarch who made his money by spying on Vkontakte users. We also can't say it's extremely suspicious his arrest warrant only lasted two months, or that journalists who visited Telegram offices in Dubai heard the company Telegram shared floor with had never even seen Telegram employees enter the offices. There is no evidence Telegram is an intelligence agency front. None. We should periodically remind people of this.
Seeing how averse they are to putting any kinds of ads on the platform, I think they might find the middle ground by helping make ads in channels go through the official route. Basically, right now, some channels post "sponsored posts", which nets them some payment. By getting involved, they could probably help people not get ripped off, take a small cut of the fee, and make those sponsored posts integrated a bit better, maybe highlighted somehow. So no ads in the app, only in some channels, so that people can leave if they hate the ads.
Non-profits can and should make money. That’s a common misconception and a big problem for charities are people think they are being greedy if they are making money regardless of the impact of that money.
It's disappointing that this kind of thing is possible in relation to the sophistication and competence of a regime.
Or maybe I should say that 2020 is a disappointment, from a 2005 perspective. The internet was supposed to be free. The ability to use it for political change democratically was supposed to be built in, innate.
This wasn't supposed to be a rare and fortunate blip, a soon-to-be-closed loophole in an app that . Internal security office around the world are currently reviewing their susceptibility to Telegram-based "attacks."
Even in democratic countries, we're increasingly seeing the internet's ability to lead to political organizing as dubious... something that must be controlled.
I'm surprised that Telegram is proudly proclaiming itself to be sponsoring regime change in a foreign country. Seems kinda... gauche? I mean, that's still frowned upon right? Is my mindset antiquated?
Relatively long time Signal user (2+ years) from Belarus. Was in the city when internet blackout arrived.
I don't want to waste your time on how i moved 30 people to Signal and preached about security and signal being the best pick on the market. Hell, even my family is on Signal.
Now, let me tell you this. The `anti censorship switch` did not work during the internet hiccup. In a moment all that fancy stuff just ended up being.... useless.
So check this out, i have family members living outside Belarus, they have Signal installed. But i am not able to message quite blatantly simple phrase "i am all right!".
Next thing happened i fired up Telegram, hooked up SOCKS5 proxy and was capable to reach out my family members and asked friends to go on Twitter and get @signalapp's attention same evening outage started. Zero reaction.
Signal was and is dead silent. This makes me think that, come on, people Signal caters to the USA users only. They won't care for others. Moxxie denouncing american police for their brutality, you've been to Chernobyl, you know what Eastern bloc looks like. Guys over here are three times more fierce than yours. But your company somehow makes a statement to accommodate local protesters, now what have you done to aid anything outside of cozy California?
Lesson i've learned, that on the verge of something Belarus experienced last week, Signal has zero value.
I even own the debug logs to send 'em so they will figure why the censorship circumvention wasn't working, but i'm drop dead sure i won't hear from them.
Not being a hothead to get rid of Signal straight away but definitely i have to tell you my trust in Telegram's resilience grown
It's surprising how Telegram successfully lured public to believe it is a secure messaging app while not providing end-to-end encryption by default.
You need to explicitly start secret chat (under More button on the contact page) to opt-in for E2EE, something you get by default in every Whatsapp chat.
Telegram is more of a social media platform than a messenger. It has public 'channels' - read-only blogs without likes and comments. The biggest Belarusian channel 'Nexta' has 2M+ subscribers.
Because Signal is shit for anything other than 1-1 communications. Group management is extremely cumbersome and large scale channels, while not impossible, require external assistance (with all the security implications).
Signal is definitely more secure than Telegram, but the latter has a far better user interface, API, and social ecosystem, which gives rise to massive networks effects that are simply not available in Signal.
My recollection (can someone verify?) is that Telegram continues to function in limited-connectivity environments, making it a good fit for situations where a state actor is limiting network access.
Because the belarussian government doesn't have enough power over Telegram to force them to disclose messages, meaning that transport encryption is absolutely good enough for the protester's threat model.
Don't they both require handing over a mobile phone number to use them? This is what has always confused me (and turned me off) about these privacy-focussed messaging apps.
Sort of, there is pseudoanonimity layer in Telegram that doesn't show your phone number to others, so if you can be reasonably sure that Telegram isn't going to give you up to the police of your country - your privacy can be preserved. While Signal literally identifies contacts via phone numbers and there is no mass communication features anyway, so it's both less private and less useful for such purposes.
Their crypto is state of the art, but their ops sec threat model does not include “we’ll torture you or go to your mobile operator and their would cooperate fully”. So signal is good for USA, not so good for 3rd world countries. This people making decisions in Signal live in a different world then most of the people who need secure comms. Well telegram have us covered. Sadly, if you stop trusting Durov - you are screwed. Signal is much better in that regard.
Because Telegram uses phone's contact list for contact discovery. There's nothing unusual about this. This how Signal, Riot, Threema, Wire and dozens and dozens of messengers work.
The comprehensive encryption is still not something everyone was bumped into. There's still insecure rooms, there's still backwards compatibility with insecure rooms. There's still bots and bridges and all the possible things to break the E2EE. Matrix just isn't on par security-wise when compared to Signal. The freedom starts to matter once everything in Matrix ecosystem is always E2EE with no fallback options.
Matrix really does seem like the ideal future platform to build on, I've started poking around it and really like what I see. Does anyone with more experience want to chime in on what they've found using it?
It has the best protocol I'd say, but other than that everything else is worse.
All the clients suck, features are missing/buggy, nobody is sure if it is supposed to be a discord/slack or whataspp replacement, giving a half-ass implementation of both, and confusing to users security stuff(asks random users about their keys).
That being said, I still love the project and hope they sort out their UX problems.
I really like the idea of Matrix, but in practice I don't have anyone to use it with. At least with Signal the on-boarding experience is super low friction, so I can just tell someone "message me on Signal" and they'll figure it out.
Matrix on-boarding is more complicated and would probably require hand holding through which client and server to use.
Connection resilience. You mean when Telegram's EU server had an issue last time, it was down from Ireland to Egypt to Israel to Finland :D That resilience?
Telegram is really really well made ux wise though, scales effortlessly and is in use anyway for everything else in certain groups so it is easy to reach for.
About 9 months ago, Iranian government shutted off the internet amid protests.
telegram is the most popular messenger among the Iranians. But it didn't work then and was disconnected, like all other services.
only sites and services which had their servers inside Iran could continue their normal functions.
my question is, what is the difference between internet shut off in Iran, and Belarus? Could telegram stay available in Iran, but didn't bother to?
Considering that the app has been created by Russians (albeit ones who claim to oppose the current government of Russia), and it is popular mostly in countries that surround Russia, this is not surprising at all that it's the default choice for young people in Belarus. Telegram is a strong indicator of https://en.wikipedia.org/wiki/Russian_world these days.
To be fair. It's the best messaging app out there (feature-wise).
It got banned in Iran because it was so influential in the protests.
The channels are great for being up to date on the latest news and seeing what is happening in different cities.
Groups are awesome for coordinating gatherings.
It allows you to send huge files and documents.
It has bots (which people used to get info on the current police location, or get VPN and proxy information).
It's a great app. I wish the people behind it and its security was more transparent.
The word ‘platform’ is being abused so much it does not mean anything today, but telegram is a platform indeed:
1. Bots allow you to develop automations and services inside
2. Channels allow publishers to have very easy to use blogs
3. Chats (with bots! Admin bots!) allow unlimited collaboration. Have you ever seen tens of thousands people in a chat? Public chats with anonymity protections?
Facebook is also filled with great features, but since they're not private we don't really consider those features but tasty baits for stealing our personal data. The question is, why should Telegram whose author is literally called the Mark Zuckerberg of Russia, be exempt and handed all that data. Of course he wants to make the app that gives him all that valuable data easy and fun to use. The real engineering starts when you want to achieve those fun features in a secure way -- people should ask WHY is it that it takes a bit of time from Signal developers to implement same features. That's precisely why. They're actual features with painstaking security design with clear rationale and security proofs, not a dish of spyware served with the side plate of bullshit that is damage control.
I guess it's because Durov attended the St. Petersburg military academy and studied propaganda and information warfware that makes him such a chef when it comes to the latter.
If for some reason they were caught doing something worthy of changing the network, then I could see it happening. With their recent addition of video messaging, they pretty much have the best messenger app to date.
A nice thing is that you're allowed to use that network without using the official client. Unlike Signal, they're okay with third party clients, and there are libraries for multiple languages to help build your own client.
Unfortunately (this may have changed in recent times), they often don't update the public repos in line with their releases. They put them out all at once later. Also, last I checked only the clients are open source? Has that changed?
If any technical details of that block and why it failed emerge, they would be fascinating reading. It also kind of makes one wonder if there's a non-technical reason why blocking it failed.
They tried to block all IP-addresses that Telegram app uses. It failed and many of other services also stopped working(Google, Github, Twitter, FB).
What Telegram did:
1. Started sending pushes from Google services with new IP addresses for their app.
2. They started using IPv6, turns out gov cannot detect them.
3. Also, they added support of SOCKS5 proxy to their app.
Real reason is simple: Russian government never actually tried to block it for real. Kremlin could easily force Apple and Google to block the application itself or it's push notification for Russian users, but they never did that.
Of course there was a lot of technical shenanigans going to block their IP addresses and proxy servers, but everyone understood that's is very fruitless attempt.
Oh and they fully unblocked it when Durov's TON network was destroyed by SEC in the US. Very soon after event Telegram official representative went to Kremlin and poof: Telegram is unblocked.
Thousands of essential services have stopped working and internet in the country came to a standstill for days. Many were pissed off and loosing money, including folks working for the government, so it was not tenable to continue.
Do you have any proof for the Kremlin visit is it as unsubstantiated as the rest of your post?
The point is: they never went through with this. They could easily pressure Google / Apple to comply, but they didn't. China pressured Apple to remove all kind of apps so it's very much doable.
> Thousands of essential services have stopped working and internet in the country came to a standstill for days. Many were pissed off and loosing money, including folks working for the government, so it was not tenable to continue.
They banned tons of IP subnets, but that's all. If they actually wanted Google / Apple to remove the app they could easily use different ways for that: e.g blocking Google Ads income, or making Apple / Google Pay services unlawful.
> Do you have any proof for the Kremlin visit is it as unsubstantiated as the rest of your post?
Vice president of the company was participating IT industry meeting with premier minister of Russia:
For a country ruled by a 'dictator', I'm surprised the Belarus' government hasn't blocked access to Telegram yet. Non-authoritarian democracies (well, at least on paper) such as Brazil and India, in past, have blocked WhatsApp to contain protests and spread of (mis)information.
Telegram is notorious for censorship circumvention. They have successfully defeated such an attempt to block telegram by Russian government. Russia used sophisticated DPI, nuked substantial portions of AWS and Cloudflare IP subnets for Russian users and still failed. This guys know how to do censorship circumvention and they are motivated.
Telegram was inaccessible or unreliable for many users after the first block. For a while we used third-party vpn services (these in turn grew like mushrooms after a rain of previous website blocks — e.g. rutracker for drm violations, pornsites for cp, and vue.js for its extremist nature). Then tg implemented proxy switching over socks or something, which is indistinguishable from a regular ssl and could be set up in minutes by anyone. In last years you could use it without any setting, out of the box (but not the web client, which still required a vpn for obvious reasons).
Russia basically trained tg and more importantly it's users to work this way to the extent when further blocking would harm the network infrastructure itself.
> authorities shut off the internet, leaving Belarusians with almost no access to independent online news outlets or social media and protesters seemingly without a leader
The one thing I did not see in article or comments is that Telegram will have a bigger target on its back. Governments are not fond of communication channels they are unable to control.
It's literally what one of the protestors called it.
> “Telegram channels and websites that don’t belong to our government are the main source of information today as we cannot at all rely on state media,” said Roman Semenov, who follows the NEXTA channels and joined a rally in central Minsk on Wednesday evening. “It’s a Telegram revolution.”
On top of that this is article detailing how this particular technology, has made a significant impact for the protesters.
“The fate of the country has never depended so much on one [piece] of technology,” Viacorka said.
There have been a number of articles and news coverage of this topic. That this one article focused on the technology aspect of the protesters and protesting does not make it, "tech propaganda."
And the journalist who gets paid to write a nice article about Signal will surely get a quote from the protestor who happened to use Signal and not Telegram.
I'm far from being Telegram fan considering their custom crypto, lack of E2E by default, etc. Yet NEXTa channel here actually have 2 million of subscribers while Belarus population is less than 10 millions. Yeah of course there some % of people from abroad who follow the situation, but it's still a lot.
Also Telegram was more-or-less resistant to at least not leak any personal information of their users in ex-USSR. So it's works well enough for protesters threat model.
I'm not sure why you've brought up Signal, they're completely different platforms.
Signal focuses on secure communication, Telegram has a secure communication feature... But also a social network of group chats and channels that link to each other; and that's the focus of this article.
It was just an example of a product which could be touted as enabling protestors.
The other use cases of Telegram could be serviced by other apps. There are plenty of non-E2E social networks available just like Telegram.
EDIT: Unfortunately postmodernbrute I am not able to reply to your comment. But I am not trying to deny that Telegram has caught a wave of popularity among Belarusians and others. What I am saying is that Telegram likely only has that trust because of puff pieces like this. It is not because of any technological superiority or unique feature that it provides (since it isn't/there aren't any).
But there wasn't another communication tool that was similarly popular and trusted among the Belarus people. And that, is the difference. Their choice in this protest matters much more to the reporting than your opinion as an outsider.
Calling it "{arbitrary brand} revolution", when pretty much every messaging platform is indistinguishable feels crass and tacky. The brand isn't the one in the trenches making the sacrifices.
It could be called a smart phone revolution instead. A revolution of the people.
It was reported that Telegram was the only thing that somewhat kept working when the internet was down country wide.
Also, I installed Telegram for the explicit purpose of following the events in Belarus directly from sources. By doing that I noticed that apparently the local press in my country have done the same, as it seemed that most of the updates in online media have come from the same Telegram channels. So, it has also served the role of information dissemination beyond the borders of Belarus at a time when journalists working there were harassed and sometimes imprisoned.
Yeah, no idea really. It'd be nice to find out from someone more in the know. Was the internet merely heavily deteriorated instead of shut down completely?
I also read that most of the VPNs wouldn't work, with the exception of psiphon.
I believe the Telegram app has a peer-to-peer feature that allows communication to be routed through other devices rather than requiring communication with the Telegram servers
Nobody sees "Telegram revolution" and thinks the revolution was all about or solely enabled by the brand/technology. It's just a unique aspect of the revolution used to identify it. A good example of how a brand/technology was used to name (but not describe) an event over 30 years ago: https://en.wikipedia.org/wiki/Toyota_War
"nine out of ten Egyptians and Tunisians responded to a poll that they used Facebook to organise protests and spread awareness" [1]
"During the Arab Spring the number of users of social networks, especially Facebook, rose dramatically in most Arab countries, particularly in those where political uprising took place, with the exception of Libya, which at the time had low Internet access preventing people from doing so" [1]
As far as I'm aware Facebook is actually owned by Facebook.
However they have only gotten worse over time. It's just now that they're willing to block some far right/far left groups trying to fraudulently dump info in the form of ads and memes on Facebook.
Given the relationship the current US administration has with Russia, it seems like Facebook would be a less welcome alternative for a pro-democracy Belarusian protestor.
Well telegram is what they're using, do you suggest that the name of the app be left out of the article? The statements are coming from excited & anxious activists. Of course they're going to be overstated. I hope they are successful in their peaceful coupe and get honest elections. Can't you just have hope for them as well?
>But it can be a crucial tool that changes everything.
this is the exact same narrative that took place when the Arab Spring happened. What determines the success of revolutions isn't what makes the news media, it's what happens on day 1 after the revolution is over and the cameras are turned off
Long-preparing revolutionaries need a way to communicate and coordinate with a bunch of people who suddenly see things their way. The government often tries to jam the lines of communication, so some alternate form of communication is often critical.
...authorities shut off the internet, leaving Belarusians with almost no access to independent online news outlets or social media and protesters seemingly without a leader. That’s where Telegram — which often remains available despite internet outages, touts the security of messages shared in the app and has been used in other protest movements — came in. Some of its channels helped unconnected, scattered rallies mature into well-coordinated action.
I wonder why is it that folks in Hong Kong, xinjiang and Tibet can’t effectively work together using telegram to start a massive nation wide riot. There are so many Folks in those regions who are oppressed (millions) and they are being organ harvested, forced to work in factories as slave labor, held in concentration camps, disappeared without trials, and tortured for democratic ideals.
Or these folks can coordinate with protestors in other parts of the world, to raise awareness and stop consumers from buying from a dictatorship.
People who would be interested in rioting generally don't show up to riot unless they can be sure there are a lot of other people who will do so as well. A "one-man riot" is just a stupid vandal the police have no trouble arresting. And so communication of intent to riot is not really enough. There's a coordination problem akin to a massive game of chicken that needs to be solved.
Usually, the way this problem is overcome is that rioters show up to peaceful protests and engage in a sort of signalling game to other would-be rioters. The usual trigger to begin the riot is the sound of shattering glass. Until someone is ready to throw that first brick, you aren't likely to see much of anything.
Authoritarian countries know all this and they try very hard to prevent riots by banning all peaceful protests. Much harder to start a riot when there aren't any people on the streets to give cover.
In Xinjiang, the Uighur population are obliged to run a version of Android with surveillance software installed on it that is constantly phoning home about all activity on the device. So, even if it were possible to install a chat app that evades the Great Firewall, everything that one reads and types on that phone would still be sent on to the authorities regardless. Belarus is a dictatorship, but far less authoritarian in the digital realm than Xinjiang.
Telegram provides, at best, equal security and ease-of-use to previously existing solutions like Signal and Whatsapp, and in many cases worse security. Telegram didn't do anything to make this kind of technology more accessible or available.
So, the fact that it happens to be a popular solution for encrypted chat right now doesn't really speak to its necessity for any revolution like you and the article seem to be implying. Easy access to encryption technology in general, sure, but that doesn't specifically need to be Telegram.
No, you guys always miss the important things. It's that Telegram has social features. It's that Telegram operates under harsher network conditions. It's that other people have Telegram for these reasons.
This is the rsync v Dropbox of messaging applications.
Yes, unencrypted social features that could just as easily be serviced by any other social networking app which hasn't been explicitly banned yet (and that could happen to Telegram at any time).
> It's that Telegram operates under harsher network conditions.
So their operators claim. But it's not clear why that would be true and I haven't seen any numbers to demonstrate it either. Have you?
>So their operators claim. But it's not clear why that would be true and I haven't seen any numbers to demonstrate it either. Have you?
Telegram had to survive Russia's attempt to ban it, so it evolved a number of strategies: using push notifications to deliver IP-adresses of not-yet-blocked servers, using socks-proxies, the evolution of the MTProto Proxy encrypted protocol, and finally resorting to steganography to mimic ordinary https traffic, thus evading the DPI.
The attempts of the state censorship agency to block the telegram servers were hilarious to watch: at one point they had 0.5% of the IPv4 address space banned, and broke a lot of stuff (AWS, Google, DigitalOcean, OVH, etc). Telegram was still working, of course.
Of course you are not going to see them if you are not looking. Maybe you could loo at have literally an entire country where it's the only messaging app still working. And previous attempt to block it in Russia.
Some of the features of Telegram are helping them to do this, some stuff that signal is definitely lacking. for small groups and one to one signal is great, especially security wise, but the location and room functions of Telegram here are overshadowing it, even if it has inferior security and is much more proprietary.
Supergroups and channels don't have expectation of privacy. They're not about protecting the content but about spreading sousveillance material, message etc. There only your anonymity matters so you can be safe with burner SIM + burner phone + Tor.
But immediately when you step into realm of confidentiality E2EE matters and Telegram becomes a piece of shit software. No E2EE for groups, desktop clients, or for anything by default. Small dissident groups greatly benefit from E2EE when Belarusian government can't read their conversation by just hacking a single server.
Both are important. Signal isn't about non-private mass-messaging like channels and supergroups so it's not going to offer those. Telegram could be fantastic for channels and supergroups if it used Tor by default and didn't ask for phone number. But it doesn't, and it tries to do too many things while ignoring too many security problems. Turns out that's a recipe to a disaster. See e.g. how CCA tracked Telegram users in Hong Kong, and how Telegram failed to enable the protective measures for users by default.
Show me an E2E encrypted Telegram channel with 2 million people in it, or it's not a fair comparison. There are lots of unencrypted social media apps which can support groups of 2 million, just like Telegram.
I remember when Arab Spring was blamed on social media and Google
Then Moscow had a giant demonstration on Red Square and that’s right around the time Putin blinked and started cracking down on such platforms and free speech.
Of course, for those who remember, Telegram was started by Pavel Durov, the “Zuckerberg of Russia” who refused to give out details of VKontakte users, and the mail.ru conglomerate took his company, while he fled to France and started Telegram. Roskomnadzor tried unsuccessfully to ban it in Russia, and inadvertently banned colocated AWS servers hosting LinkedIn etc.
> I remember when Arab Spring was blamed on social media and Google
There's a pretty big and well known country that is blaming the election of its president on interference of another country through social media. It seems pretty credible the same social media can have promoted protests in more unstable countries.
You'd be more persuasive if you toned the language down. FWIW, I'm not up nor downvoting you, just sharing perspective as a mod with political sympathies.
To be fair "long preparing revolutionary" people tend to be dogmatic loons who are obsessed with some pure concept (religious fundamentalism, communism, ethnonationalism) that aren't enough to be a crowd.
As opposed to a general populace pushed to an edge by extreme conditions and leadership which does the exact wrong thing in a circumstance.
@soufron, I agree with you.
It is shameful, to call uprising of suppressed -- against systemic unfairness -- as 'Telegram revolution'.
This is akin to stealing valor (basically stealing medals and pretending to be the honorable).
This type of valor stealing, is also happening when people call US border detention facilities as 'Nazi concentration camps'. For people whose family members went through a Nazi concentration camp, hearing such a comparing is painful.
For Byelorussians whose livers and kidneys were raptured by the beatings, whose loved ones are imprisoned -- hearing Telegram marketing spin is painful, like when their valor, their sacrifice is stolen.
Yes of course, without recording technology, in my view, we would not have successful type of investigative journalism that project Veritas has delivered.
Or, without cell phones, the ability of people of Belarus to share images of brutality with the world.
Technology, is helping to concentrate the will power of the masses, against well funded machines of system oppressions.
But the will of the people, their sacrifices, their sufferings -- is the driving force -- not Telegram
> This type of valor stealing, is also happening when people call US border detention facilities as 'Nazi concentration camps'. For people whose family members went through a Nazi concentration camp, hearing such a comparing is painful.
I was with you until this comment.
What the Jews went through is horrible beyond words.
What immigrant families are going through is also horrible.
They may not be systematically murdered like the Jews being sent to gas chambers, and they may not be sterilized like the Uighurs, but they are still suffering. Families are being separated forever. Lost children will never be given back to their parents. That's not okay.
Don't trivialize human suffering. Condemn it. Don't turn it into an analogy where you can praise those that suffered the most. Who are you to know how any of this feels? We're not trying to win some contest here - the result we're after is the end of suffering.
Calling a detention facility a Nazi concentration camp is not the same as calling a grassroots effort a "telegram revolution". One is making an analogy to history, the other is using a vapid phrase to market a mobile app.
In fact it is a Telegram revolution, because Telegram is the tool that is allowing this rage to become organized. That doesn't minimize anything about the protesting or the political situation itself. That's not marketing, it's just recognizing the tool.
> Yes of course, without recording technology, in my view, we would not have successful type of investigative journalism that project Veritas has delivered.
Your "successful investigative journalism" is more widely recognized as a "right-wing disinformation outfit". O'Keefe and his organization have been repeatedly shown to have fabricated stories, solicited fraudulent activity, and deceptively edited recordings. Their activities are politically motivated propaganda, not journalism.
Who ran a blog and youtube channel, recording, often without the knowledge of the person he was talking too.
It is the same style of investigative journalism as Project Veritas, O'Keefe are using to show the true colors of the people, actions and ideologies hiding, conveniently, behind a banner of a 'legitimate' political party (who also, unlike Lukashenko, have access to far greater resources, including Wikipedia to 'clean up')
I hoped to get across 3 points with my previous post:
a) what's happening in Belarus is systemic, medieval-style suppression of the populous, voter abuse, and political imprisonments.
And the argument that used by Lukashenko, is the same as @dukswuff is used against Project Veritas...
b) One of the imprisoned leaders, exposed the methods of the tyranny, using the same approach as investigative journalism (involving recordings) as Project Veritas, O'Keefe is doing in US.
Technology is important there, but not more or equal to the heroism of the people doing it.
And, at least for me, the more dare the retribution, the more heroic actions are of the journalist.
c) Telegram marketing spin manipulating words, trying to assigning the heroism and suffering of the victims -- to their platform.
Just like some in US are using heroism and suffering of the victims in Nazi concentration camps (who did not choose to go there), equating that to people crossing US border illegally and being detained.
This is stealing of valor.
It is being perpetrated in western media daily for many years, and often spills over to events like Democratic National Convention.
====
I am also going add one more point.
The statements Lukashenko is making about Byelorussian's duty to support him, so not dissimilar to the argument Biden is making about the duty of African-Americans to to support his candidacy.
Seriously, it'd be nice if we could have one thread about Telegram without S-advocates showing up and complaining about "security". Yes, we know Telegram isn't as secure, yadda yadda yadda. Now if only Signal provided half the features Telegram does, maybe non-cryptonerds would have heard of it.
The problem with a comment like this is that it adds to what it is complaining about.
While I have you: Could you please stop creating accounts for every few comments you post? We ban accounts that do that. This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html. You needn't use your real name, of course, but for HN to be a community, users need some identity for other users to relate to. Otherwise we may as well have no usernames and no community, and that would be a different kind of forum.
I try to maintain some consistency (as you probably noticed) but as I switch devices I honestly can't be bothered to remember the throwaway handle I last used. If that's really an issue, I'll try to stick to a handle that's easy to remember, or keep this one.
Out of honesty however, I should tell you that I
value my anonymity and don't want an extensive posting history to be used to track and identify me. As pg said, keep your online footprint small, yadda yadda. So I can space out the intervals at which I make accounts but I can't promise I won't vanish the identity I created after a while.
Yeah honestly I just scroll right past them. I use telegram for my "Can you pick up some bananas on the way home?" messages. If I ever had a confidential tip for some investigative journalist I'd use signal. But it gets annoying if every post with the word "telegram" in the title gets the same "But signal is more secure!" response unrelated to the content of the article.
If you only use Signal for sensitive stuff, you leak extremely valuable metadata about when you discuss sensitive stuff. When you use Signal for everything, it's harder to tell if you asked for bananas or for a revolution ;)
If you'd understand security is a property of all features you'd understand that Telegram lacks even basic features like group chats and cross-platform chats. From that viewpoint Telegram is outright dangerous to use: it leaks a metric fuckton of private data to server from where it's abusable both by Durov (who might run out of money) and by anyone who hacks the server (like Belarussian intelligence establishment). I'm one of those S-advocates and I'm here for a real reason.
Also, Signal is getting those features, at slower pace sure because it's not trivial to do things securely, but at least there's zero technical debt compared to Telegram, who can't suddenly drop all insecure features, nor implement E2EE without starting basically from scratch.
Maybe if Telegram provided the security Signal does you wouldn't have concerned people telling about Signal ;)
The Belarus protests work to unseat a President who resisted bribes to impose a strict lockdown. Lukashenko was offered a sum of USD 940M, initially by the WHO & raised by the World Bank.
It’s a foreign led insurrection that we should all oppose. That people in this thread label it a revolution just goes to show how easily truth can be perverted.
Seems to me he’s a threat to their Corona agenda, that's why he must go.
I find myself surprised that such a large percentage of people use Telegram in Belarus.
One might wonder if perhaps some government who wanted nukes on Russia's border might expend some effort into discrediting an election of somebody who was blocking that objective.
Telegram accounts can be made in an automated manner, for somebody sufficiently motivated.
That's a reasonable concern, but considering Belarus has had problems like these for a while, and given telegram's popularity, both as a messenger and as a tool to circumvent Big Brother, I'd say that the majority of those Belarusian accounts are legitimate.
And posted poll to vote for new president with some clever restrictions.
Anyone can vote, but you can't choose options with candidates if your phone number is not Balarusian.
"I am not from Belarus" is only available poll option to make your vote if your phone number is not Balarusian. There is currently 736'000 votes with that option.
Telegram poll https://t.me/s/telegrambelarus/9
In Belarus there is only 7.8 million eligible voters.
Poll shows that 1,184 million choose to vote for new president Tikhanovskaya.
Only 85'000 votes for current president Lukashenko.
While official results is 80% for current, 7% for new, with 40% participation.
This is obviously mind blowing picture for citizens.