If you’ve ever shared a copyrighted file on any messaging app, a song, an e-book, a movie, technically that’s illegal if you don’t have permission. I suspect the vast majority of people are guilty of having done that at some point or another in the life, even unknowingly.
Most people I know, who use Telegram or other messaging apps, have done that. Telegram is a convenient way to share files. It’s also a convenient way to back up your own files.
This is why cloud services like Google Drive and Dropbox can prevent you from sharing your own files with friends and family.
Indeed. But I think it’s important to recognize that developing good E2EE privacy tools with great UI & UX will always be slower than developing non E2EE software. Even with millions in funding.
AFAIK, Telegram alaways had a policy of strict banning od “very bad” stuff, such as CSAM & terrorism.
The point I’m making is that they are private groups, in the sense that they are invite-only, and therefore there is an expectation of privacy. Sure, Telegram could spy on all messages and discover the shady groups, but that would be a breach of user trust.
The thing we forget, is that Telegram is still open-source. It probably is the most used FOSS app; with 950 millions users (if you believe Durov’s claims).
IANAL disclaimer. Telegram never was designed as a “very large online platform” under EU’s DSA. If Telegram isn’t compliant with French and EU law, then ban it. But there was no discussion of non-compliance (by officials, AFAIK) before this moment.
It’s a service, not just a selfhosted app. The server-side code is not open-source. Besides, even if it were, it wouldn’t matter - they could log the server activity anyway, including the chat logs that would lie open to them, because telegram does not use E2EE.
There are rumours that Russian government officials are getting directives to delete sensitive data they sent/store on Telegram. Don’t know how many people here use it, but if you do and shared anything sensitive over non-secret chats, you may want to do the same.
I hope that would be a lesson for Pavel, and that we’ll see MTProto 3.0 in the future with E2EE enabled by default. Although I don’t personally think it would help in cases like this as this is literally XKCD situation.
It’s not a lesson for Pavel: Telegram’s business model relies on this breach of privacy. I don’t expect the service to get any better now, UX or privacy-wise. It’s the start of its “enshittification” if anything.
Feels odd to me to see people suggesting Telegram selling itself as “private” was misleading only because it didn’t offer E2EE by default. I would argue the average user, outside authoritarian countries, doesn’t think of privacy as being an inability for any government in the world to access that data if requested at minimum.
They likely only think of it in terms of it being invite-only, non-indexed, phone verified, self-deleteable, not tied to their Google or Apple accounts, and generally controlled by an entity that isn’t selling their data.
Like, yeah, Signal is more secure, with E2EE encryption by default and such, but it’s also so closed as to lose usability and it’s not easy to move away from.
I don’t think it’s unreasonable for users to want something that balances their privacy concerns with a degree of freedom and usability. Most people in these privacy spaces seriously overestimate how many restrictions and hoops the average user is willing to jump through for “absolute” privacy, and they consistently downplay how many of these services are walled gardens from which you can’t personally retrieve your own data.
The security and privacy communities have gotten too comfortable taking away the user’s own agency as a shortcut, rather than empowering them with the tools to decide for themselves how much usability they want to trade for security and privacy. For that reason, I would hate to see the Telegrams give way to things like Signal
But we must keep in mind that some uncensored stuff is also illegal in some/many countries. The best example is USA’s 1st amendment, which if you followed in most of the world (Europe included), would quickly get you in jail.
I suppose we are all against censorship, but it shouldn’t be mistaken for banning illegal stuff
That they may have, but as others have said in this thread the usability of the bot system was being in sale of said (as well as others) illegal materials.
I think that in itself is probably why it is such high priority among international LE.
What is funny is all the spam you ever get on matrix is usually some crypto investment scam trying to get you onto Telgram
Also related blog which usually does good discussion:
Apparently French corporate governance model holds CEOs personally accountable for violations by corporations. So they had warrants out for him already and he knew that as well. He was avoiding EU in general before this, not sure why he would risk this.
I am no fan of telegram and their marketing, but I do think this is bad precedent irrespective of how much data telegram keeps or if its e2ee or not. Reminds me of the famous poem on persecution (Link)
Since legality is determined by nations, a lot of nations can simply declare activities we think are legal to be illegal tomorrow. There are already constant attacks against encryption in the EU. Imagine if they declare encryption illegal, would they then be right to arrest Protonmail team?
Also, would action like this also justify Russia now arresting any developers working on software projects of the Western world? After all, they too must be in violation of some Russian law, or new laws can be passed to make sure they would be in violation.
Looking forward to following this case closely, it would set a lot of precedents.
This is a very important observation. What makes it worrying is that if you consider the situation in a vacuum and apply game theory. Theoretically, the French leadership cannot slip up and they expect support from EU member states, a situation in which Pavel is released and there is a realization in the air that he has been treated unfairly - takes away power, power that visionary leaders will not let go, right or wrong - the precedent is likely to be this:
A guilty verdict…next, an exchange.
A more productive fight against the lack of backdoors and encryption keys to monitor for National Security and Intelligence.
Like a show lynching, They may refuse to swap Durov for 5-10 years.
That will show that the hope of a quick exchange with non-cooperative behavior is not to be expected.
The main difference is that Proton does comply with lawful requests presented to a Swiss court. There is precedent of them doing so.
The issue simply here is that Telegram has not, (at least enough in some cases) and we know that misbehavior/criminal activity on Telegram is rife. It’s not exactly a secret. This isn’t a “chilling effect” or any kind of “censorship” it’s simply what happens when you put a server on the internet and let bad things happen on it with the only protection being jurisdiction shopping.
TLDR don’t run a service with openly criminal activity occurring, refuse to do anything about it, or service lawful warrants and you’ll be able to continue to do so.
It’s not in any way the same thing, and you’d be pretty stupid to travel to anywhere Russia has influence (Russia, Belarus etc). As those countries are obviously dictatorships where anything goes if you have the right connections.
Unfortunately, this is true for almost all countries of the former USSR. It is not that they do not try to fight it, a vivid example is the countries that are trying to join the European Union and because of this they modernize their systems, however, the typical situation is that you have a conflict with someone, you are right, your opponent has the necessary friends or is somebody’s offspring - you are in trouble.
In some Federations and Republics and Regions, by the way, this sort of thing is controlled better due to militant cultures and a thirst for revenge for evil done to a family member. But saying to dishonest officials or law enforcement officers that if they do evil they will be hunted down like game on the hunt is not the answer.
Constant anxiety and the lack of strong potential protections in the form of laws and government officials has a pronounced effect on everything from birth rates (one instinctively wants to start a family in a safe place) to general trust and patriotism - which are the driving forces for business relationships and progressive government.
I agree its a compliance issue. But my problem stems from the fact that its a compliance issue. Is telegram responsible for content on their platforms as a messenging service? If yes, can laws be made that make it mandatory for services like Signal to moderate content pre-encryption? If yes, then can Signal be held liable for not moderating/backdooring their encryption? Agree to disagree, but its a definite slippery slope. I for one do not like the idea that platforms can be held liable for actions of their users. What is preventing Switzerland from passing a regulation that says any person that connects to some piracy site is doing something illegal, so Proton VPN should push an update to help enable logging for anyone acccessing the site? State’s monopoly on violence and power ensures it has limitless authority, and if the population does not manage to curtail it when it is used against “adversaries”, its not long before it turns inward.
Hope they don’t use this idea against Tor network, or other obviously “criminal” services. Otherwise “lawful” warrants can do a lot. There is a reason most companies do warrant canaries, since compliance is the easiest method used by law to force compromises.
A relevant case is how Kim Dotcom of Megaupload was extradited for compliance, when he did not do anything explicitly wrong.
I am tired of “think of the children” defense.
Unfortunately not everyone can pack up and leave. A lot of Russian developers do not have a choice. I feel arguments of “don’t go there” always come from a place of privilege.
That’s the thing though, nowhere has actually passed a law dictating that specifically. It is generally accepted that if you do possess data that would be helpful to the type of criminal investigation (considered internationally criminal by say interpol standards), you would at least try to comply.
There is a reason other social media giants generally develop a “law enforcement portal” for these types of things.
It would take some time for a law like that to be passed in a democratic country, perhaps not very long in a country ruled by an authoritarian dictator however.
The Tor network is not new, and the Tor Project isn’t expected to hand over data they never possessed.
Actually they don’t and they are basically worthless because any kind of national security order will include a gag order broad enough that counts as “tipping off”.
It was more from the perspective of being kidnapped and used in a prisoner swap. I would not feel that it is a non zero percent chance of that occuring if I was to travel there. Many despotic countries do just that and their courts are far from just when it comes to trumped up charges.
Source? Pretty clear they are a great tool at least for US based companies, since first amendment allows them to defy forced speech. Have first hand experience with it, so would be grrat to know why they are useless?
You are getting too caught up in what they are trying to collect or not, instead of the crux of my point: The state is threatening “comply or die”, which is problematic.
Tell that to patriot act, nine eyes, and the gag orders you yourself cite, etc. General population is too engrossed in non-privacy related issues to actually serve as a effective deterrent. It needs people who care about privacy to actively protest against overreach like this.
Telegram HAS complied with orders. French police has problem with the fact tgat they haven’t complied as effectively as they wanted them to. This is a question of discretionary satisfaction and not enforcement. Lack of defense for legal overreach is how you end up with privacy criminalized.
Soon there will be no freedoms left for threatening, and then maybe we will have won the war on crime and terrorism
As opposed to Western courts that are beacons of justice, and have never abused their authority to convict people detrimental to their surveillance state, right?
You can see a lot of companies did away with them, they were all the rage a while ago but not so much now.
But that’s not the issue is it. It’s “You have this data, and we would like it for XYZ reasons and judge ABC says we are allowed to have it, and you want to operate here right?”…
That’s not the same as a company which simply doesn’t have what is being asked for. The same applies to posession of all things, not just data.
Believe it or not eyes countries are still better for privacy than you might think, especially when using a E2EE.
Only time will tell what the exact details are and how accurately they have/have not complied.
