Germany threatens to ban Telegram

Malibuflyer wrote:

Whoever gains control of the server immediately has access to the clear text of all newly started conversations.

Moreover who controls the company as such. And it was founded and is owned by Russians. And while they claim they went to Dubai to escape the Russian surveillance, that may well be a marketing thing as well.

So take your pick: Skype/Microsoft or Whatsapp=Facebook=USA / NSA, Viber I understand is Israeli, so Mossad, Telegram FSB.

Like I said, all the time you are talking to somebody online who you have not verified personally, you never actually know who you are talking to. It doesn’t matter how you shake it

That is how the police infiltrate child p0rn gangs. You don’t need a PhD (which is just as well).

Most of us are “sure” who they are talking to, from obvious circumstantial factors. But this fails a lot on FB, where it is trivial to copy somebody’s profile info and photos from it and start posting stuff and sending PMs to others. Fortunately most people who do this are also stupid…

All strong authentication etc ensures is that you are talking to the same “person” as last time, or the time when you exchanged credentials. Whether that is really the person or org that you thought/hoped it was, becomes almost a philosophical question.

For example, I am pretty sure that the Peter who wrote the above is the same guy who runs the forum and posts frequently. Whether he REALLY owns a TB20, is based in Shoreham, etc I have absolutely no idea. If not, he spins a good yarn, but that’s far from unknown.

For sure there are plenty of “people” out there who are totally fictitious – there is some real person making up the story, but they bear no resemblance to the persona they have created.

All strong authentication etc ensures is that you are talking to the same “person” as last time, or the time when you exchanged credentials.

The latter. But most people never exchange credentials with others. It is only with important stuff like online banking, when you go to a domain (e.g. deutschebank.com – and you have to be really really careful to not have a typo in it because a lot of pfishing attacks use that) and then the browser goes up the certificate chain until it finds a root cert (perhaps from Verisign), and on the assumption that nobody has had physical access to your machine and dropped in another one, plus set up a fake DNS server, this is secure. If somebody has access to your machine they can drop in a modified Chrome (etc) executable, too

As I said, one can be “100%” sure you are talking to the owner of a given domain, or more accurately to whoever has physical access to his/her machine.

To repeat again, if I send you an email, DKIM signed, you can be sure that the email came from the owner of the peter2000.co.uk domain. No more than that, but that’s normally good enough because that domain is now 22 years old and is a well known “handle” for me. On IM apps, there is no “handle”.

This telegram security discussion is thus meaningless. The “authentication” is just the context, and for most people it is good enough.

I am pretty sure that the Peter who wrote the above is the same guy who runs the forum and posts frequently. Whether he REALLY owns a TB20, is based in Shoreham, etc I have absolutely no idea. If not, he spins a good yarn, but that’s far from unknown.

That’s true

Of course, we could all be in a conspiracy

That’s how they hid the whole lunar landing fiction. And what about how all the birds have been replaced by FBI drones? It must be true because it says so on the internets, and lots of people must be involved in covering that up.

johnh wrote:

All strong authentication etc ensures is that you are talking to the same “person” as last time, or the time when you exchanged credentials.

If – and only if – you a) use the very same credentials you used last time and b) you have a way to ensure that you have really been talking to this person in the beginning.

Both is not at all ensured with Telegram, WhatsApp, etc.:
Even if the two of us sit next to each other and we observe that I type a message and you receive it in “no time”, we can’t know that we are actually messaging to each other – it might well be that I am messaging to a “server” and that is forwarding the message to you.
And even if that worked well the first time, there is no easy way to check which credentials you actually use when sending a message. At least in WhatsApp (and I believe it is not much different in Telegram), a user can not see which key is applied to a so called “End 2 End encrypted message”.

johnh wrote:

For example, I am pretty sure that the Peter who wrote the above is the same guy who runs the forum and posts frequently.

But how can you know that I did not capture the server tonight and now I am the one using Peter’s credentials?

Malibuflyer wrote:

If [a] key pair is generated per session, E2E encryption is no more than a marketing gimmick: Whoever gains control of the server immediately has access to the clear text of all newly started conversations.

Fortunately, there are algorithms such as the Diffie-Hellman key exchange which work even if the channel used to exchange the keys is entirely public, you could broadcast the key exchange on 121.5 and the resulting connection would be still secure.

There are also approaches which prevent man-in-the-middle attacks (where the man-in-the-middle establishes a secure connection with both parties); certificates is one of them, but Telegram solves this by allowing both parties to compare the E2E key using an independent channel, e.g., sitting next to each other, over the phone etc.

Nothing is 100% secure and all of this involves trusting telegram software to do what it says it does, but the existence of a server or other elements of the communication chain controlled by a potential eavesdropper in itself is not an issue.

Airborne_Again wrote:

but that would be difficult to pull off.

Not on the internet

This takes me back to the days of PGP key signing parties… :-)