Is Telegram’s Compliance with Iran Compromising the Digital Security of Its Users? · Global Voices
thomwithoutanh's bookmarks 2016-08-12
Summary:
Recently, social media sources have been claiming that Telegram is restricting access to some bots because of the type content users are sharing. On August 24, users claimed that attempts to access a porn bot returned the response “Sorry, this bot is no longer available in your country due to local restrictions.” While traffic through Telegram bots can be monitored because it is not end-to-end encrypted, blocking is occurring according to the bot's theme, not on the basis of specific content. As such, certain bots are not available inside Iran. This is a decision likely being made between Telegram and Iran, although there is no official statement from either entity regarding the decision process. Reports on social media have been about the blocking of sexually explicit material.
With regard to Telegram, specifically, I've looked a bit at the crypto and while I think their hearts are in the right place, the system still needs work. In particular, while Telegram provides end-to-end encrypted messaging, this is not the default setting. All messages are always encrypted — but normal messages are encrypted in a manner that the Telegram server can read. Only ‘secret chats’ are actually encrypted so that only the endpoints can read them.
In addition, users have to master a fairly complicated process of comparing ‘key fingerprints’ in order to ensure that they're really talking to the right person. Which means that someone with access to the Telegram server could potentially intercept their connections.
- Where is the infrastructure located? If the application fails to meet conditions (1) and (2), then the operator can potentially mine a lot of information about your communications. Thus, it really matters what legal jurisdiction they fall into and whether that company (and host country) is likely to cooperate with your government.