Pavel Durov on Signal

I may be wrong here - and very happy to be corrected by those more technically minded - but I think there is a way.

In Signal group chats, snippets of your replies to messages are sent to everyone - even if you’ve got them blocked! By this I mean: you can send a message in a group chat, but if someone replies to your message, everyone can see the first line of text (to a degree) even if they’re blocked. So, to rectify this you write something on the first line (emojis, a full stop, any letter etc) then press enter twice - something like this:

MESSAGE HERE

So, the preview shown will only be and not the message. Those you have blocked (or even those not on block) will just see “” in the reply preview. NB: Those not blocked will still be able to click the preview to take them to the correct message referenced)

Why am I saying this here for this use case? Well, I suspect this may also fit in this instance. Apple notifications don’t show you the WHOLE message, just a snippet. So, adopting something similar to the above might work. When sending messages, try making the first two lines or so meaningless. See what comes up on their notification. If it’s garbage in, it’ll probably be garbage out?

EDIT: Incl Spoiler

Formatting the spoiler may also work (but I can’t offer any guarantees as I don’t know whether Apple notifications sees the original message or the obfuscated one)

IMG_52801206×883 80 KB

IMG_52811206×326 55.1 KB

EDIT 2: After some testing, it looks like the /multiple line method will NOT work. The entire content is displayed in the notifications. So while it’s good for group chats / blocked users, it’s not good here.

BUT the ‘Spoiler’ formatting of text does seem to prevent the real message being displayed. What that looks like on the Apple logs I don’t know….

I think i wasn’t clear. It’s not that I think Russia wouldn’t do it. And actually they have done it, including with Telegram. I am just saying that since Russia is now completely and technically shutting down Telegram on its territory, Telegram is becoming worthless to them.

What is written in the article you mention is not necessarily surprising. A big lot of Russian government propaganda was through Telegram channels and groups. Telegram has been a tool of choice even for some military in Russia. Telegram was so big in Russia that it was a best tool for surveillance and propaganda. But now Russia thinks the opposition’s use of Telegram is too important and they sacrifice their own use by shutting it down.

Plus, the article doesn’t mention whether Durov’s entering Russia was legally or not. Russia is big and there are countless points of illegal entrance. It’s possible that intel has just known afterwards that Durov was there, without being able to know it when it was happening.

Finally, since Russia is really good at honeypot and misleading, it could quite easily have organised to send an anonymous spreadsheet then a corroborating FSB “leak”. (I don’t believe it is the case, i am just pointing that we are simple mortals who shouldn’t hold too tight on any opinion or belief in that kind of matter.)

I look forward to the day Telegram users realize how much of a deceiver he is. Durov has such a cult grip on them. Also, privacy companies need to STOP listing Telegram as the 2nd choice when comparing E2EE messaging apps. They are not helping. Just a couple of days ago Proton did it again. Telegram should not even be on the list, or it should be dead last. I don’t care how popular it is.

You can’t always know that. Most whistleblowers had no idea that they would become whistlenlowers. That said, it’s not a bad idea to warn them about this.

I agree.

But I also kind of feels Proton is only obligated to because people are expecting to see how Telegram fares (which is still fairly popular in some places). And that’s why they do it.

If they don’t and only list the best, then there is no list but only Signal and maybe a couple others like SimpleX.

In addition to what @WhyRhy shared, I think you can also send one time picture messages with text applied. Think a blank background and using Signal’s text overlay feature.

@WhyRhy also including an image of what the recipient sees in the notification for spoiler. Personally, I think this would be visual only. Like you indicated, I imagine the full unredacted text is in the same log files, but would be interesting to get confirmation.

image1179×346 45.2 KB

Again, to spy on domestic citizens, not to spy on Telegram that’s as per the Twitter thread being called out across the board. The war in Russia is going poorly, and Russia is controlling Internet to the point of blackout in Moscow.

Telegram has been a tool of choice even for some military in Russia.

Exactly. people will soon start asking questions how the F did Russian state allow using Telegram to coordinate the war at operational level, if they didn’t control the infrastructure.

The shill campaigns on /r/privacy etc conveniently died during the war, which is another data point.

But now Russia thinks the opposition’s use of Telegram is too important and they sacrifice their own use by shutting it down.

The opposition activists are catching up on Telegram’s security. They have zero issue using western messaging app because they know US would not let Russians get access to the data even on a non-E2EE platform. But majority of people pare simple enough to think “It’s banned, therefore it’s secure.”

Ultimately, it’s the lazy westerners that Telegram now gives access to. And if it’s an op, it looks like there’s all sorts of illegal stuff being offered from warez to CSAM, that Russian intelligence agencies would have zero issues using as compromata. That’s probably how they’re keeping grip on the Epstein class.

Yeah I’m sure the guy slipped into the country 60 times and we know it was 60 times because there was an unofficial count on some airport customs wall but nobody told Kremlin who’s supposedly after him? There’s about 40 airports in Russia with international flights, so as per pigeon hole principle it wasn’t unique random airports, and you can bet your ass Durov didn’t take a taxi from Vladivostok to Moscow during his visits.

It’s possible that intel has just known afterwards that Durov was there, without being able to know it when it was happening.

Sixty times? I know Russians are incompetent but they’re not that incompetent.

i am just pointing that we are simple mortals who shouldn’t hold too tight on any opinion or belief in that kind of matter

All you’re doing is defending a tech-bro billionaire who failed his users, by sowing doubt.

I can appreciate that, but as I said, Telegram shouldn’t be listed as second or even in the top 3. If you’re gonna list it, put it last. That’s how little consideration it should have, IMHO. WhatsApp should also be at the bottom of the list. I take no issue with good E2EE apps that are not known to the mainstream being listed in the top 5. At least their security is sound.

If the FBI takes my phone they might be able to extract deleted messages from it.

Which means I should definitely use Telegram Secret Chats for criminal activity instead of Signal.

Well that’s easy to do, since I don’t do criminal activity and use my messenger to communicate with acquaintances, friends and family. About half of this communication is done in group chats. For those use cases, Telegram Secret Chats are impractical or in case of group chats impossible.

I’m fine with Signal not being marketed or recommended towards criminals or for being suitable for criminal activity. If it can protect me from criminals and overly greedy companies, who are working with criminals (Malvertising), I’m happy with Signal.

Regardless of this, someone who is perfectly content with the current political climate in their country may very well be a dissident tomorrow. Signal is made for criminals. Thought criminals, specifically. I think everyone should aspire to be such a criminal; to think freely is to be human.

My message was too stern and the post I replied to didn’t actually make the implication so I removed it.

I am really sorry if I ever wrote something that might make someone think i defend Durov or Telegram. I do believe they are both bad, i never used or even installed Telegram on any of my devices and i advise all my friends, family, employers or clients against it. If ever there was some doubt, it was unintentional and it’s now clarified.

That said, even if, on top of proprietary code and bad encryption scheme, i have thought of Russia’s controlling Telegram as a plausible and quite logical move, i have never faced any serious evidence supporting that hypothesis. It’s not sowing doubt, it’s being rational and intellectually honest with respect to the information I have seen so far.

Since i don’t like Durov and Telegram (and Putin), I am sincerely keen on receiving new information and evidence showing their compromission. It would indeed make the awareness raising part of my work much simpler. If you have such information, i would love to see it. But please refrain from using agressive tone, as i don’t think it is useful and it is really unpleasant.

Yeah I apologize. My tone is not intended to attack you and this isn’t personal. My goal is to defend and protect users against the trove of lies Durov has built his social media on.

Unfortunately there is no such evidence and likely never will exist such evidence.
FSB famously uses typewriters so unless someone walks into Lubyanka they won’t obtain paper trail about this, if it’s written down at all.

But it’s enough to see Telegram arguing why they should not enable E2EE. After that it doesn’t matter if Telegram is an op. They’re a centralized trove of information regardless. Whether Durov leaves the door open for FSB or whether they force use of the exploits does not matter. It’s Durov’s job to know what he’s doing and that what he’s now doing endangers all TG users.

Cryptography assumes systems insecure until you prove them secure. Lack of E2EE proves it is not secure.

Defending your product after being told that is willful ignorance.

I know the “enemy of the state” attitude is pretty popular within the privacy community, but I don’t like to share such an attitude. I am also convinced it is actually harming all of us, because it hinders us in reaching normal people from adapting a better privacy posture.

You could end up on the wrong side of history, but most people would just change sides when needed. I’m pretty sure most of my family would just keep their head down and just want to be left alone whenever some dictator would take over my country. They would not want to oppose who ever is in power.

I don’t want to be a rebel or dissident or opposition to my government either. I do want to able to trust my community and my government. I just don’t want to have to trust that everyone in a position of power is and always will be benevolent towards me and people I care about. I also don’t want to have to trust everyone with in a position of responsibility never makes mistakes.

https://xcancel.com/durov/status/2043338467355013211#m

”WhatsApp’s “E2E encryption by default” claim is a giant consumer fraud: ~95% of private messages on WhatsApp end up in plain-text backups on Apple/Google servers — not E2E-encrypted. Backup encryption is optional, and few people enable it — let alone use strong passwords.

Even if you encrypt your WhatsApp backups with a strong password, your messages still end up in unencrypted cloud backups — because 90%+ of the people you message haven’t done the same. Add the fact that WhatsApp stores and discloses who you chat with, and the picture is dire.

Apple and Google disclose backed-up WhatsApp messages to third parties thousands of times per year. Meanwhile, Telegram hasn’t disclosed a single byte of users’ messages in its entire 12+ year history.”

Telegram has access to 100% of user metadata, 100% of group messages, and something like 99.99999% of 1:1 messages. Anyone who hacks the servers can read the messages because they’re all just sitting there. Any argument that they don’t disclose it means nothing when there’s big players who can hack the servers, and who never make any noise about doing that or how easy it is for them. Plus who knows for what purpose Telegram might use the messages they hoard for themselves. Not a single tech giant deserves your trust.

I’m not defending WhatsApp here, its ridiculous that you can never get rid of the backup reminders until you give in. But Telegram is objectively worse as the backups are created by the messaging app provider itself, and it’s impossible to opt out for groups and practically impossible to opt out for 1:1 chats.

And it’s not like you have to choose from the two either. Almost anything is better than Telegram and tons of messaging apps are better than WhatsApp. Signal, Element, Wire, Threema, even SimpleX. So why attack a strawman like WhatsApp?

I do not think we necessarily disagree. When I use the word “dissident”, I do not necessarily mean someone actively opposing “the state” or rebelling. I am taking the definition of dissident at face value, as per the Merriam-Webster dictionary:

disagreeing especially with an established religious or political system, organization, or belief

If you “keep your head down”, but you do not necessarily agree, I would consider you a dissident. You may not have any intention of being a rebel of any kind; I am sure most people would much prefer they never have any reason to. But if today everything is fine, and tomorrow people of your ethnic background, religion (or lack thereof), or whatever other group you fit into are the subject of unjust persecution, regardless of whether you “keep your head down” or not, “the state” has decided you are “an enemy of the state”. Unless you can fundamentally change your beliefs and background at will, you will almost certainly disagree with it, and you will be, as far as I am concerned, a dissident.

I believe this roughly matches the sentiment you have expressed here:

Which is more to the point I was trying to make. When I say:

All I mean to say is that everyone should be willing to hold their own beliefs, thoughts, and opinions. They do not necessarily need to share them, but they should never feel like they are not allowed to think the way they do because someone else said they are not, be it “the state” or otherwise. To the extent of how Signal helps with that, if your family is religious, for example, I am not saying you are a thought criminal only if you are using Signal to plan or discuss opposition against religious oppression. I would consider you a thought criminal for even being brave enough to discuss your beliefs amongst yourselves in any capacity, as “the state” does not approve of such thought. I would consider you a thought criminal for even having those beliefs, though to have such beliefs and never discuss them would obviously not require Signal.

I agree, but it does not help me promote the use of Signal.

Here is the reality of the people I have to convince to care for privacy and use services like Signal:

• The state, the police and the authority are there to protect me. They could never be a source of risk to me.
• Facebook, Instagram and WhatsApp is what keeps me connected to my social circle. Every problem people have with those services are other peoples problems or just an unavoidable reality.
• I’m uninteresting for people in power. I don’t know them, so they don’t know me and since I’m not significant they could not care about me.
• The app of the grocery chain is made to give me benefits and to enable me to save money.
• I don’t want protestors to be protected. I want them to shut up, so we can have peace.

Yes, to be confronted with such a naive view of the world is frustrating. Still these are people I have to share a communication platform with and they build the core of the society I live in.

Those are the people I have to convince to make a change. So here are the arguments that help:

• Information about people propagated by data brokers and ad companies will be used by criminals to run automated attack campaigns targeting those people. You will be attacked because you are an easy mark, not because of any interest in you. Reduce the amount of data collected to lower your exposure to criminals.
• You don’t have to suffer through all these adds. You can have a faster and cleaner internet experience.
• I’m on Signal, Matrix and XMPP. If you want to communicate with me, you have to use one of those services call on phone.

The reason I’m discussing the issue here is the following. If I peak a persons interest for privacy protection and they try to find information on their own, they will encounter the “enemy of the state“ attitude pretty fast. That will be off putting to them, because that is not what they want to be and those are not the people they want to associate with.

Telegram doesn’t have E2EE by default. You can enable it, but only on the phone, and it’s hidden behind UI dark patterns.

The Telegram app is just a wrapper for a website. When you chat on it, you’re posting on a website.