Telegram, the encrypted messaging app that's prized by those seeking privacy, lost a bid before Russia's Supreme Court to block security services from getting access to users' data, giving President Vladimir Putin a victory in his effort to keep tabs on electronic communications.
Supreme Court Judge Alla Nazarova on Tuesday rejected Telegram's appeal against the Federal Security Service, the successor to the KGB spy agency which last year asked the company to share its encryption keys. Telegram declined to comply and was hit with a fine [paywall] of $14,000. Communications regulator Roskomnadzor said Telegram now has 15 days to provide the encryption keys.
[...] "Threats to block Telegram unless it gives up private data of its users won't bear fruit. Telegram will stand for freedom and privacy," Pavel Durov, the company's founder, said on his Twitter page.
Putin signed laws in 2016 on fighting terrorism, which included a requirement for messaging services to provide the authorities with means to decrypt user correspondence. Telegram challenged an auxiliary order by the Federal Security Service, claiming that the procedure doesn't involve a court order and breaches constitutional rights for privacy, according to documents.
[...] The court decision is intended to make one of the last holdouts among communications companies bow to Putin's efforts to track electronic messaging. Durov in June registered the service with the state communications watchdog after it was threatened with a ban over allegations that terrorists used it to plot a suicide-bomb attack.
What I find interesting is that Telegram has encryption keys to give them. If they do, then in my opinion they're doing it wrong.
Source: Bloomberg
(Score: 2) by bob_super on Friday March 23 2018, @05:01PM (1 child)
> What I find interesting is that Telegram has encryption keys to give them.
"Here are the current keys. New ones get randomly generated every 5 minutes. That's only to access our server. Our customers generate their own keys and we have no visibility on those, so our keys only give you access to their encrypted packets. Anything else I can get you, Tovarich?"
(Score: 2) by Bot on Friday March 23 2018, @05:40PM
1. offer supposedly secure app with no perfect forward secrecy
2. promote said app as secure and anti establishment
3. demand keys of app with full legal backing
4. PROFIT!!!
This isn't even chess, it's tic tac toe.
Account abandoned.
(Score: 3, Informative) by canopic jug on Friday March 23 2018, @05:13PM
Telegram, the encrypted messaging app that's prized by those seeking privacy [...]
Is it? It has encryption turned off by default for messages. And while many other articles go on about "end-to-end" encryption, it is far scarcer than marketing brochures would have us believe, perhaps even in Telegram. Telegram is somewhat infamous [gizmodo.com] for playing with homegrown encryption [schneier.com].
However, Telegram plans to appeal the court's decision. Not that I expect the appeal to work. The decision is based on the 2016 Russian law requiring that messaging services provide authorities with means to decrypt user correspondence.
Money is not free speech. Elections should not be auctions.
(Score: 2, Disagree) by jmorris on Friday March 23 2018, @06:09PM (17 children)
Any app from an app store is by definition insecure. With a court order any of them can, and eventually will, push an update to your targeted device to exfiltrate keys and stored messages. If you didn't download source, carefully and openly audited, build it yourself and install it yourself you can't possibly trust it.
And if you can't understand the logic in that and accept the implications of the fact we are awash is fake "secure apps" then you are not bright enough for this ride and are going to eventually get screwed. This screwing isn't even immoral, being dumb is supposed to be painful.
(Score: 2, Insightful) by Anonymous Coward on Friday March 23 2018, @06:35PM (3 children)
Oh really? Any operating system running on hardware that you didn't design and build yourself is 'by definition' insecure. I'd explain it further but if you're too dumb to understand why then it's supposed to be painful.
(Score: 3, Funny) by cocaine overdose on Friday March 23 2018, @06:43PM (2 children)
(Score: 1, Funny) by Anonymous Coward on Friday March 23 2018, @07:00PM (1 child)
Your carrier? Whale songs.
(Score: 3, Funny) by bob_super on Saturday March 24 2018, @12:05AM
As if whales didn't have enough problems ... Now you want Comcast to exterminate them?
(Score: 2, Interesting) by cocaine overdose on Friday March 23 2018, @06:37PM (10 children)
(Score: 0) by Anonymous Coward on Friday March 23 2018, @06:50PM (1 child)
Every time they push an update.
Do they at least tell you every time? Or is it an automatic background thing?
(Score: 1) by cocaine overdose on Friday March 23 2018, @06:56PM
(Score: 0) by Anonymous Coward on Friday March 23 2018, @07:06PM
Unless it uses native code.
(Score: 4, Funny) by edIII on Friday March 23 2018, @08:08PM (6 children)
I think I would prefer to just exit the entire Android/iOS ecosystems entirely. LibrePhone will be here soon, and that gives us a Linux device that does allow openness as jmorris believes is required.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by Virindi on Friday March 23 2018, @08:47PM (4 children)
Wow! Just in time for the year of Linux on the desktop!!
(Score: 2) by bob_super on Saturday March 24 2018, @12:08AM (1 child)
Problem: It will require being powered by a Thorium reactor.
(Score: 2) by maxwell demon on Saturday March 24 2018, @07:32AM
Your information is wrong. It certainly will run on cold fusion.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by edIII on Saturday March 24 2018, @12:19AM
LOL. That would be something. I don't expect this kind of Linux phone to take off initially, but I do expect brisk sales simply because it is entirely open, may have physical rocker switches for mic/cam inputs, and is being designed such that the carrier module can be replaced.
The thing is, it will be orders of magnitude better in terms of security/stability because it's not carrier locked, and not locked away from user. Right now there are people operating on ancient versions of Android, replete with all the vulnerabilities, that can't really upgrade because the carriers aren't trying to be responsible sys admins. They're in to make money, and long term support of a device, it's drivers, the operating system, is simply way too costly in the eyes of the hellbound avaricious execuscum.
It's really, really, hard to get a system with full and absolute root privileges, much less binary/blob free. The LibrePhone promises me:
I don't expect them take over the phone market, but I expect them to sell plenty of units to geek/privacy oriented people. That and anybody that gets well and truly fucked from playing with unsafe operating systems like iOS and Android.
This may be a different situation where the year of Linux on the smartphone might not be that far away.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by dwilson on Saturday March 24 2018, @04:32PM
The year of Linux on the Desktop was 2004, that being the year I installed linux on my desktop.
What year it was in your reckoning is, of course, your problem.
- D
(Score: 1) by cocaine overdose on Friday March 23 2018, @11:54PM
I'm currently running CopperheadOS and I've enjoyed it better than Replicant and Lineage. It's like a modern day mobile OpenBSD.
The only issue with LibrePhone (and OS) is that it won't work for any phone but one (afaik). Firmware is incredibly picky and bloby, so it seems impossible to port over to android phones without too much work.
(Score: 1, Informative) by Anonymous Coward on Friday March 23 2018, @08:54PM
You could, you know, turn off auto-updates.
(Score: 2) by tangomargarine on Friday March 23 2018, @09:25PM
Encryption has never been about making data safe forever. It's always been about making the data secure for long enough.
Technically yes, no user can fully trust a computer they haven't built and programmed themselves. But ain't nobody got time to do that from the ground up. At a certain point you have to place your trust in the hardware company/source (Intel, some breadboard guy, whoever has RMS's blessing) and some programmers (Microsoft, Apache, some open source guys).
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Friday March 23 2018, @06:37PM
not even speedbumps, eh?
(Score: 2) by legont on Friday March 23 2018, @08:46PM
Got a message yesterday - 200 million active users; 500,000 new daily.
It is perhaps somewhat misleading though as I for example have two accounts - private encrypted and public open.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.