Many people who focus on information security, including myself, have long considered Telegram suspicious and untrustworthy. Now, based on findings published by the investigative journalism outlet ISt
  • lazynooblet@lazysoci.alEnglish
    223·
    1 month ago

    The entire article seems like an attack. The author finds a unique identifier and adds “Russia bad” throughout.

    States the information is in cleartext but then explains how everything is encrypted (in transit).

    What will the author do if they intercepted any single online stores transfer of credit card details. Also encrypted in transit but Is that also deemed as cleartext? Or is that okay?

    I don’t think much new is learnt here. WhatsApp also sends metadata in “cleartext” (not really, as it’s encrypted in transit, but this article called that “cleartext”).

    • T (they/she)@beehaw.org
      311·
      1 month ago

      I don’t know… I think the author put a lot of effort on document things and presenting evidence.

      Your post history and mod logs are also quite weird.

  • ses hat@lemmy.ml
    196·
    1 month ago

    Hahaha , so the conclusión is ? Use usa and israel software so they can spy us ? F… this crap propaganda.

    • XXIC3CXSTL3Z@lemmy.ml
      104·
      1 month ago

      fr it’s literally

      no russia bad but trust our feds instead because we are the good guys bsfr 💀💀💀

      But I can’t lie the analysis is still quite in-depth and feels like an effortpost

    • dewittlebook@lemdro.idEnglish
      3·
      1 month ago

      I can’t say I read the whole thing because the technical analysis went over my head, but I don’t think we read the same conclusion

      Conclusions

      Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.

      This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.

  • Sims@lemmy.ml
    144·
    1 month ago

    Just infantile Western propaganda/russophobia. reverse it for Western reality, and ignore the post…

  • pelikan@lemmy.dbzer0.comEnglish
    71·
    1 month ago

    Anyone who reads the article may be surprised to find that it contains literally no evidence to support the claim made in its clickbait headline. The author of the article comes to pretty different, much more limited conclusion:

    Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.

    This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.

    This is way more different thing than claiming and proving that Telegram is somehow FSB honeypot.

    Furthermore, the author of the article does not even attempt to somehow prove a Telegram/FSB connection and takes this claim for granted based on the article published on websites of OCCRP and its Russian affiliate Istories. Let’s check this article and the evidence it presents:

    Reporters obtained the company’s internal accounting documents for 2024 which show that one of its most important government clients is the FSB.

    The documents show that Electrotelecom installs and manages equipment for a system that is being used by the FSB offices in St. Petersburg and the Leningrad region for surveillance.

    Unlike the conclusions made in the rys.io article, which have a vast evidence base and can be verified, in this case we are simply asked to take the word of the so-called “investigative journalism outlet”.

    And what do we know about OCCRP?

    In 2024, it was reported that OCCRP receives nearly half its funding from USAID

    https://en.wikipedia.org/wiki/Organized_Crime_and_Corruption_Reporting_Project

    I think that’s enough.

    TLDR:

    1. Telegram uses a suboptimal method of handling user IDs in its packets, which allows to track which user ID is sending messages to which user ID.

    2. The Telegram/FSB link claim is based solely on unverifiable statements made by shills on USAID payroll.