Telegram CEO Pavel Durov arrested in France

Pavel Durrov arrested in France for the lack of content moderation. That should be a joke.

Both Russian and Ukrainian Armed Forces in shambles rn

looking forward french authorities to arrest CEOs of other platforms, esp. Chinese platforms as well, would be very fun to watch.

Interesting quotes I’m reading from the privacy community on Twitter:

@GrapheneOS: Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn’t capable of turning over your messages and media. Telegram/Discord aren’t private platforms.

@Bernstein_v_US: Interestingly, he may not have been arrested if Telegram was actually e2ee. Having access to the conversations and not handing them over when the gov demanded it is a very different legal position than not being able to access the conversations at all.

That last one really resonates with me.

Even if you think this arrest isn’t warranted, had Telegram embraced E2EE by default, instead of trying to desperately compete with WhatsApp on size, Durov might not be in this situation.

Of course this has nothing with “freeeedooom”, it’s a refusal to comply with law. Similar was when people complained when Proton provided user info to French government, and some activists were arrested.

Though I don’t think E2EE would help. For this purpose (large public groups) it’ would be too much work and resources to serve tens of thousands of users with multiple devices. Telegram is more of a social network than messenger.

The problem is not that It’s technically more difficult to set E2EE for large public groups (though It’s still possible if some efforts are put in) - the problem is that Telegram claims to be a private and secure messaging application, which fools a lot of people who think they’ll find anonymity and confidentiality in this application

I agree. But all messaging apps are categorized as social media in app stores, and I would agree that they are social media. Just as a blog is social media because people can comment, and the author can reply.

EXACTLY! This has always been my issue with Telegram. They are very much guilty of privacy washing, and their marketing absolutely works. I can see it in the comments. I hate that some people in the privacy community recommend Telegram, even if they include the caveat of it not being E2EE by default.

I agree that it’s mainly about refusal to comply with law. But I do think it is somewhat related to freedom, but not in the way some people are saying on social media.

To the extent that governments want backdoors to E2EE messaging apps, and they do, it is related to freedom. But yes, you still have to comply to the law.

Signal has never been in the same situation because they comply to warrants, they just have practically nothing to give, because they don’t keep that data.

All that being said, it has been reported multiple times in the past that Telegram has submitted data about their user with various government authorities, but they have always denied it. And that is what bothers me. That they lie about it when it’s reported in respectable news outlets. I could be wrong, but I believe the countries involved were India and Germany.

This is very conflicting news. On one hand, it’s no surprise - Telegram regularly hosts rather unsavoury content that the US and allies want some leverage on. And it’s not E2EE, which is the irony icing the cake, because it removes plausible deniability.

On the other, Telegram has been used by a lot of people to store and share files, like leaked source code and classified information. This is because it’s very commonly available and free to use, and you get a lot of storage space for free, or alternatively at very low prices.
The arrest of the CEO will probably provide the French police with leverage to expose people they want to get at. It wouldn’t be the first time Telegram has done this either, so it’s natural to assume this:

(Note how it’s often used to take down petty crime like piracy. Code leaks on Telegram will probably reduce if the police leverage what they have against Durov.)

Finally, Telegram has a lot of shadiness surrounding it in general, so well-informed people in our community will avoid using it. Messengers | Madaidan's Insecurities

So at least it won’t affect us. But mind you, this will likely have a significant impact, even if the press won’t openly state it if hosted files start going down.

Exactly this. I’m honestly not surprised, but it’s the same that applies to email providers. You simply can’t say no to lawful interception requests if you feasibly can comply with them.

The only way around that simply is to not have the data, or only have encrypted data that you cannot decrypt. Telegram was never a “secure messenger” and not many people use that secret chat feature.

Indeed. But Still it’s funny to arrest the CEO. I don’t have the legal processes Telegram has been through, they can simply block Telegram from app stores and Telegram IP addresses. So, if they start arresting all CEOs in case of non-compliance, then we have a bigger problem.

Adding to the “secret chat” thing, it’s not even possible to use it on the desktop clients - only mobile.

It seems their strategy was to hook people in with the beautiful, smooth UX and free storage, while putting on a facade of a “private” messenger (and we all know how people fall for that, sadly). All the while discouraging mass use of their E2EE feature, which leaks metadata and uses a weakened protocol anyway.

And now it’s backfired on them - though, their servers are run from the UAE, so getting to those will still be difficult, and I assume someone is sneakily making copies of the data and shipping them to other locations, if they haven’t already.

Precisely. Telegram’s primary goal is scale, NOT privacy. They want to compete with WhatsApp and become the biggest messaging platform.

And their strategy is working.

Telegram doesn’t have E2EE by default because it’s impossible to accomplish without dramatically slowing down their growth. Many of their features are hard to implement in E2EE. Signal encrypts emojis and GIFs. Telegram doesn’t.

Telegram has the best UI and UX for any messaging app as far as I’m concerned, but the main reason they are able to accomplish that and have all these cool features is because they are not E2EE by default.

I’m sure that more than 95% of Telegram users don’t use secret chat.

Telegram doesn’t have E2EE by default because it’s impossible to accomplish without dramatically slowing down their growth.

One of the best features of Telegram is the API people can use to code elaborate bots, which just grows a ton of attack surface for an app that’s supposedly “Private-and-Secure”. But it sure does help retain users with the shinyness.

Also, Telegram regularly making headlines for aiding piracy and having content like crime, drug vendors, and war leaks (EDIT: also a lot of cryptobros backing them) helps them in a way - they get to look private while retaining all this content on their service. It’s a magical PR trick for them, and when reputed figures like Meredith Whittaker from Signal speak against them with proof, they’ll retort back with FUD and look like they’ve won anyway. Who cares? The public will go with their service while it’s convenient, and convince themselves it’s private, so long as they don’t need to worry about the finer details.

Madaidan also linked to an example of this in his article I linked - Telegram repeatedly spreads FUD about an actual private messenger with a good track record (Signal).

And it’s working! All while the servers are hosted with unencrypted messages in a country known for suppressing criticism of its authoritarian regime and poor working conditions, with a surveillance state of its own.
The gravy train will chug along until the VCs get impatient and funding runs out, or the UAE starts pressing on their end of the deal. Either way, privacy-minded folks with heavier file-hosting needs will need to find other platforms. IPFS and Bittorrent might help. But Telegram’s clock is ticking. And we need to find another way.

Telegram is the only big uncensored platform. Sure it IS about “freedom”. Censoring Telegram like YouTube or other platforms will make it so much useless.

That is funny if every government now will want to censor Telegram and make it by arresting Durov. And where is the “freedom” than?

Would Meridith go to jail for Signal? I don’t think so.

Sorry had to shitpost this

Exactly. I don’t think that this happened because Telegram refuses to comply, but because Telegram isn’t complying as much as they would like. This is about control, and even if you don’t like Telegram, it’s a bad precedent. Today it’s Telegram, tomorrow who knows.

Maybe if people like Elon had their way. In classic Musk fashion, he had to run his mouth and spout FUD praising Telegram and dogwhistling at Signal.

Exactly. It’s better to have a gun pointed at your head than to already be shot down (using a proprietary centralized platform that caves in to censorship more often). But Telegram is still pointing a (metaphorical) gun at a poster’s head, and I doubt the vast majority of its users are perpetually connecting to it via Tor or a VPN. Not to mention it uses phone number authentication for signups, which it also doesn’t encrypt with deniability like Signal does.
Leaking their users to the police will prove to be quite easy for them if they can do it to free the CEO.

It’s all well and good for the masses to roleplay “freedom and privacy” but when it comes to ensuring actual privacy, we all know where their priorities lie. Telegram is on top despite repeatedly caving in to both Indian and German authorities. With the EU ramping up censorship behind the scenes once more, they’re a target. And you can bet they’ll snitch on their users soon enough.

Sadly, any useful content archived on their CDNs is now at-risk as well. But that’s the case with a lot of the internet these days.