Mastodawn

七楽 Jul 7, 2023

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️

https://www.wired.com/story/the-kremlin-has-entered-the-chat/

#Telegram ? No, thank you!

Telegram 疑似协助克里姆林宫迫害俄罗斯异见者。
请再次注意 Telegram 并非端到端加密（secret chat除外）的聊天软件，所有聊天记录和文件均可被服务器管理员访问。
我们推荐使用matrix或者带omemo加密的xmpp，以在与你的朋友们聊天的同时保护你的信息安全。
@[email protected]

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 7, 2023

Campo was quoted extensively in a 2022 WIRED story about Telegram’s global rise. The company claimed, after that story’s publication, that Campo had never been employed by Telegram, was only briefly a volunteer, and “was never authorized to sign any agreements on behalf of the company." Campo provided WIRED with documentation from 2016 to 2021 that included copies of email correspondence he carried on, using a Telegram address, with executives at Apple, Spotify, and Stripe on behalf of Telegram, and copies of contracts between Telegram and other companies with Campo’s signature. Durov was also included in the correspondence.呃呃呃啊啊啊临时工my ass

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 7, 2023

Even more mystery surrounds some ghostly activity that dissidents have encountered in Telegram’s most secure settings. The platform claims its end-to-end encrypted “secret chats” feature (from which messages cannot be forwarded) is “safe for as long as your device is safe in your pocket.” But in early May, the opposition activist Ania Kurbatova realized that both her regular messages and secret chats were showing up as “read” when she knew the recipient had not read them. She also noticed at times that when she logged out of a secret chat, the session would still be marked “open” and messages could still be read. This should have been impossible: Each chat receives a unique encryption key that disappears once a session is over. To continue the conversation, users need to start a new chat and receive a new encryption key. The private conversations, Kurbatova says, included one with “a Ukrainian journalist who was looking for information about people who were taken to Russia from the filtration camps from the Donetsk and Luhansk region.” There was also “an important chat” with Kurbatova’s partner, Ivan Astashin, an activist who in 2009 was sentenced to 10 years in prison for throwing a Molotov cocktail at an FSB office. Kurbatova says Astashin noticed the same oddities in his own secret chats.

Kurbatova and Astashin sought help from Ermoshina, who asked them to check the app’s “active sessions” feature, which shows the other devices they have the app open in. Nothing turned up. Then she had them reinstall the app. Even after these precautions, secret chats continued to show as read, and old sessions could still be reopened. Ermoshina was at a loss for a technical explanation but noted that, as a well-known activist couple, Kurbatova and Astashin are a valuable target for the Kremlin. And their case isn’t isolated. In August, Yana Teplitskaya, a human rights activist who has investigated the alleged torture of Russian prisoners, says she noticed that many of her secret chats were erroneously marked as read. (Telegram explained that messages may be accidentally marked as read if a user leaves their phone unlocked with the chat open. A spokesperson said that, “after a time the phone’s screen might lock automatically and you wouldn’t notice that you had the chat open.” Kurbatova and Astashin say their messages appeared as read even though they hadn’t left the chat open on any other device. The company also claims that it has never found any “security flaws that would enable a third-party to intercept of decrypt Secret Chats.”)端到端加密的Secret Chat也未必安全。俄罗斯异见者发现他们通过Secret Chat发送的消息莫名其妙地被标记为已读，在他们可以确定对方并不可能读了消息的时候。

#telegram

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 7, 2023

Forced to pay back investors and saddled with Telegram’s soaring server costs, Durov needed a massive influx of cash. At that moment, Telegram’s relationship with Russia began to thaw. A few weeks after the TON project ended, two pro-Kremlin party deputies in Russia’s parliament proposed that the ban on Telegram be lifted, arguing that it could be an important communications tool for the government in times of crisis. Durov posted his support of their proposal on Telegram, arguing that the company’s presence in Russia could help bolster the country’s technological innovation and “national security.” He also claimed that since 2018 his team had improved “methods for detecting and removing extremist propaganda,” as well as “mechanisms that allow preventing terrorist attacks around the world” while still protecting user privacy. He didn’t elaborate on how this was possible.

...

According to a government source familiar with the June 2020 agreement, the Russian state-owned bank VTB, which has close ties with the Kremlin, was also involved in the negotiations. In January 2021, reporting came out that VTB had estimated the company’s value: as high as $124 billion by 2022. Telegram also said it would start selling five-year bonds. VTB would help shop them around to investors. (When WIRED asked about the terms of the agreement, a Telegram spokesperson wrote: “We never discussed anything related to unbanning Telegram with anyone working at VTB.” VTB did not respond to requests for comment.) By March 2021, Telegram had raised more than $1 billion from these backers. Although little is known about their identities—Durov wrote on his Telegram channel only that they were “some of the largest and most knowledgeable investors all over the world”—The Moscow Times reported that the investments included $75 million from a joint partnership between an Abu Dhabi state fund and a Kremlin sovereign wealth fund. (The Abu Dhabi fund Mubadala said in a statement that the Kremlin fund had participated through “the Russia-UAE joint investment platform." Telegram told Bloomberg at the time that the Kremlin fund hadn’t participated in the original sale, and “appears to have bought a small quantity of funds on the secondary market.”)

Three weeks after Russia unblocked Telegram, the company’s vice president, Ilya Perekopsky, appeared at a conference outside Kazan to talk about growing Russia’s IT industry and both he and prime minister Mikhail Mishustin made pledges to fight the dominance of American tech. Introducing a speech by Perekopsky in which he noted Telegram’s “Russian roots,” deputy prime minister Dmitry Chernyshenko also stated that it was “great news” that Telegram was operating in Russia once more. Human rights groups, opposition activists, and independent Russia media found this sudden harmony between once bitter foes as fascinating as it was concerning. Several noted the fortuitous timing.几年前，俄罗斯解封Telegram背后的一系列事件。

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 8, 2023

At the end of Matsapulina’s April 2022 Twitter thread, she said that she and her colleagues had moved from Telegram to Signal. “I don’t want to spread panic, I don’t want to pretend I’m some kind of expert on this issue, but I want to urge everyone to be careful what they say on Telegram. It is possible that this is no longer the safe space everyone used to think it was.”

According to Ksenia Ermoshina, much of the Russian opposition movement has likewise abandoned Telegram. To widespread dismay, she says, pro-war channels started posting activists’ personal information with impunity—“compiling databases of Russian anti-war activists with their faces and links to their [social media], and sometimes even home addresses and other personal data.” When users reported these incidents, she says, Telegram’s initial response was slow or nonexistent.

Many chats and groups where users organized opposition movements have been shut down. “No one has organized anything on Telegram since February,” Ermoshina says, describing a “digital migration” of Russia’s opposition movement from Telegram. “People moved out of Russia in exile,” she says, “and they moved out of Telegram in exile!”俄罗斯活动者转移到 Signal 组织运动。
支持对乌克兰战争的人在Telegram上开设频道开示反战示威者的个人信息（人肉搜索行为），Telegram几乎没有对用户的举报作出回应。

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 8, 2023

Natalia Krapiva, a lawyer at the digital rights group Access Now, notes that Telegram has never responded to requests for clarity, including an open letter sent by her organization and a coalition of groups asking for dialog on “safety and security issues plaguing” the app. Regarding concerns that the platform is facilitating state surveillance, she says, “Telegram hasn’t done much to demonstrate that, in fact, they’re not cooperating” with the authorities.Telegram从未对数字权益组织Access Now的澄清请求作出回应。

Meanwhile, cases of Telegram cooperating with governments outside Russia have emerged. In January 2022, after Telegram ignored multiple requests from German authorities to stanch a wave of violent anti-Covid-lockdown protests that had been coordinated on the platform, the German government debated banning it. By June, Der Spiegel reported, Telegram had provided German federal police with personal data of users suspected of terrorism and child abuse. And in India, where there are more than 100 million Telegram users, the company in November provided the Delhi High Court with the names, phone numbers, and IP addresses of users accused of illegally sharing a teachers’ copyrighted course materials on the platform.2022年1月，Telegram为德国联邦警察提供了疑似恐怖组织成员和儿童虐待者的个人信息。
2022年11月，Telegram为印度警方提供了被控非法分享一个教师受版权保护的课程内容的用户的名字、电话号码和IP地址。

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 8, 2023

“The Russian market is very important to Durov,” Lobushkin said, noting that it represents about 7 percent of Telegram’s 700 million users, not to mention its symbolic importance. Sure, Durov has said he will never cooperate with Russian authorities and would leave the market if push came to shove, Lobushkin says, but that might be “a bluff” since Russia holds such a significant percentage of the platform’s users.

Lobushkin says he has no special information about why Telegram was unblocked in 2020. But he believes the Kremlin saw potential in the platform. “The Russian propaganda machine learned how to use Telegram effectively and efficiently,” Lobushkin says.Durov的友人Lobushkin表示：俄罗斯市场对Durov非常重要。Durov说他不会与俄罗斯当局合作，如果当局尝试施压，他会放弃俄罗斯市场。但是Lobushkin认为这可能是在吹牛皮：因为俄罗斯占据Telegram平台总计7%的用户，Durov不太可能因为当局施压放弃俄罗斯市场。

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 8, 2023

In late April 2022, three days after posting her thread, Matsapulina received an anonymous message through Telegram’s official support account. She later took to Twitter to recount the exchange. “We read your story on Twitter,” it began. “We’d like to express our sympathy with your case and share the results of an investigation our team did.” The message said that only two authenticated devices had access to her Telegram messages: her phone and her computer. It also noted a failed login attempt “after your detention.” Someone, whom Matsapulina presumed to be a police officer, had correctly entered an SMS verification code but incorrectly entered her password. “From Telegram’s side, access to your private messages has not been granted.” The message concluded there were two most likely scenarios. One was that someone had taken physical possession of her device. This seemed highly improbable to Matsapulina, given the short time between her arrest and when her messages were recited back to her. (Telegram later disputed this with WIRED, claiming that a hacking tool like Cellebrite could have been used to quickly extract her messages, and that “no app can defend against such a scenario.”) The other possibility, the message noted, was that her friends in the group chat had been compromised.

Matsapulina and her friends then asked Telegram to check their logs. She says the company reported that they hadn’t been compromised either. This left Matsapulina back where she began: How did the officers read her messages?

After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.

Matsapulina has since started using Telegram again. For one, she says, even if Russian security services were tracking her account, she has already left the country. It’s also her only way of reaching friends and family: For Matsapulina and millions of Russians alike, the cipher of a platform remains indispensable.2022年4月末，被警方引用私人群内Telegram消息的Matsapulina收到了Telegram Support帐号的消息。Telegram称：她的帐号只有两个已经登录的设备，分别是她的手机和电脑。同时，她的帐号在她被逮捕后收到了一次失败的登录尝试。Telegram表示，Telegram从未授权任何人读取她的消息。该情况有两种可能：一种是有人物理持有了她的设备（连线杂志认为这并不现实，考虑到俄罗斯当局持有她的设备时间较短，但Telegram随后对连线杂志表示，类似 Cellebrite 的工具让快速提取消息成为可能），另一种是她在同一群内的朋友的设备被攻破了。
与专家讨论后，Matsapulina认为她的Telegram消息可能是因为某些间谍软件被泄漏的。当她被告知这些黑客工具需要在目标设备附近才能工作时，她想起了在其被逮捕前，她曾数次注意到她的住处外有一辆有圆顶的无标识卡车停放。她被敲门的那时候，她住处外也有一辆这样的车停放，但当警察搜查她家时，这辆卡车已经开走了。
（未完）

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 8, 2023

（续）
Matsapulina又开始继续使用Telegram了。她表示：即使俄罗斯的国安部门仍然在追踪她的帐号，她已经不在俄罗斯了。这也是她唯一的联系家人与朋友的方式。

（完）

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 7, 2023

建议各位完整阅读这篇报道。
它描述了很多俄罗斯政府从Telegram平台获取数据的方法和力度。
而中国政府为此付出的力度只会多不会少。而且中国政府还有香港民主化运动那次针对Telegram采集数据的经验。

你不能只是相信平台不会出卖你。你要选择没法出卖你的平台。

Soran 🏳️‍⚧️ 🌹

verified_yellow

敵•卦 Jul 6, 2023

@Orca @[email protected] 补充一下 Telegram 官方的回应：
https://telegra.ph/Wired-Errors
呃，我难以评价。不过我还是认为 Matrix 要比 Telegram 保险的多的。
同样更为安全的还有 https://signal.org/ ，不过注册需要手机号并且手机号不可隐藏，emmm……

9 Errors Wired Chose to Make

Wired published an article by a freelance journalist who doubted the safety of Telegram due to a lack of understanding about how Telegram's API and Secret Chats work. Below is an explanation of why these doubts are unfounded. 1. Secret Chats Contrary to the journalist's implications, "messages erroneously marked as read" can't mean that a third party is accessing Telegram's Secret Chats. Had an intruder somehow been able to intercept messages from a Secret Chat, they could have also prevented read receipts…

Telegraph

Doodle Huang Jul 6, 2023

@board 我的 Matrix 实例开了一年多没人用，在此公开征求建议

猪猪•哀悼练习 Jul 6, 2023

@doodle @[email protected] 如果没有人用的话，可以安装Fediverse软件，比如Friendica，Misskey/Calckey 使用率会提高，如果有专门主题就更好了。

੯‧̀͡⬮\ 小象放学后做了好多事顺便等妈妈来接它回家 Jul 6, 2023

@Orca wire不知道会不会好用 https://wire.com/en/

Wire – Collaborate without Compromise

Collaborate without compromise with Wire, the trusted platform for millions worldwide. Stay in control with end-to-end encryption that's invisible, flexible collaboration, and intuitive user interface. Join now for free and boost your productivity.

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 6, 2023

@schreiben wire不是被墙了吗？我是没用过。
服务器端是开源的，不过看推荐配置好像非常吃性能。

੯‧̀͡⬮\ 小象放学后做了好多事顺便等妈妈来接它回家 Jul 6, 2023

@Orca 被墙太普遍了哈哈

林雅仪Aliya Lin🇺🇦🏳️‍⚧️🇭🇰Jul 6, 2023

@Orca 首先只要是个有一定规模的聊天工具，就会有被墙的风险，这是身为墙内人无法避免的问题。我之前短暂用过wire，觉得还不错。

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Jul 6, 2023

@aliyajadzia 这不是墙的问题。。。很多人因为Telegram的市场宣传以为它是一个可以保护异见者安全的平台，结果却被它卖给了俄罗斯政府。

林雅仪Aliya Lin🇺🇦🏳️‍⚧️🇭🇰Jul 6, 2023

@Orca 其实我一年前就想完全放弃电报，但是大多数人还是贪恋于电报这类大众聊天软件的便利上（当然wire的迁移难度也是比较大的），但是如果只有我自己迁移到 Wire 是没有意义的。

我对电报的定义就是一个看上去似乎比较尊重隐私的 WhatsApp，这个是我和一个已经失去联系的朋友聊天时达成的共识。