References: <FqmgbOsAxTlCaFjHxRryueVBCCwfPzAQ@news.usenet.farm>
 <20240826133126.6dbc0828f51bf0070cc4ab1f@g{oogle}mail.com>
 <vai6on$2gns8$1@dont-email.me>
Message-Id: <20240826.175146.d112fce5@mixmin.net>
Date: Mon, 26 Aug 2024 17:51:46 +0100
Subject: Re: Telegram Founder Pavel Durov Arrested in France
Content-Transfer-Encoding: 7bit
From: D <noreply@mixmin.net>
Newsgroups: comp.misc
Path: ...!news.misty.com!weretis.net!feeder8.news.weretis.net!news.mixmin.net!news2.arglkargh.de!alphared!sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
X-Abuse: abuse@dizum.com
Injection-Info: sewer.dizum.com - 2001::1/128
Bytes: 16569
Lines: 240

On Mon, 26 Aug 2024 15:25:12 -0000 (UTC), John McCue <jmccue@reddwf.jmcunx.com> wrote:
>In comp.misc Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>> D. Ray:
>>> Telegram founder Pavel Durov was arrested in France on
>>> Saturday allegedly as part of an investigation into his
>>> platform for not having enough "moderation."
>
>From what I have read, I believe this seems to be the case.

yet another case in point that unmoderated newsgroups are the only
public forum for plain text free speech to reach a global audience;
social media is moderated no matter how much they struggle in vain
to control the narrative . . . their mainstream media echo chamber
run the usual damage control, conspicuously avoiding discussion of
whole message encryption (http://danner-net.de/omom/tutorwme.htm)
plus their most glaring omission of all, usenet newsgroups... e.g.

(using Tor Browser 13.5.2)
https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
>Is Telegram really an encrypted messaging app?
>Matthew Green	in messaging   August 25, 2024   2,290 Words
>This blog is reserved for more serious things, and ordinarily I wouldn't
>spend time on questions like the above. But much as I'd like to spend my
>time writing about exciting topics, sometimes the world requires a bit of
>what Brad Delong calls "Intellectual Garbage Pickup," namely: correcting
>wrong, or mostly-wrong ideas that spread unchecked across the Internet.
>This post is inspired by the recent and concerning news that Telegram's
>CEO Pavel Durov has been arrested by French authorities for its failure to
>sufficiently moderate content. While I don't know the details, the use of
>criminal charges to coerce social media companies is a pretty worrying
>escalation, and I hope there's more to the story.
>But this arrest is not what I want to talk about today.
>What I do want to talk about is one specific detail of the reporting.
>Specifically: the fact that nearly every news report about the arrest
>refers to Telegram as an "encrypted messaging app." Here are just a few
>examples:
>This phrasing drives me nuts because in a very limited technical sense
>it's not wrong. Yet in every sense that matters, it fundamentally
>misrepresents what Telegram is and how it works in practice. And this
>misrepresentation is bad for both journalists and particularly for
>Telegram's users, many of whom could be badly hurt as a result.
>Now to the details.
>Does Telegram have encryption or doesn't it?
>Many systems use encryption in some way or another. However, when we talk
>about encryption in the context of modern private messaging services, the
>word typically has a very specific meaning: it refers to the use of
>default end-to-end encryption to protect users' message content. When used
>in an industry-standard way, this feature ensures that every message will
>be encrypted using encryption keys that are only known to the
>communicating parties, and not to the service provider.
>From your perspective as a user, an "encrypted messenger" ensures that
>each time you start a conversation, your messages will only be readable by
>the folks you intend to speak with. If the operator of a messaging service
>tries to view the content of your messages, all they'll see is useless
>encrypted junk. That same guarantee holds for anyone who might hack into
>the provider's servers, and also, for better or for worse, to law
>enforcement agencies that serve providers with a subpoena.
>Telegram clearly fails to meet this stronger definition for a simple
>reason: it does not end-to-end encrypt conversations by default. If you
>want to use end-to-end encryption in Telegram, you must manually activate
>an optional end-to-end encryption feature called "Secret Chats" for every
>single private conversation you want to have. The feature is explicitly
>not turned on for the vast majority of conversations, and is only
>available for one-on-one conversations, and never for group chats with
>more than two people in them.
>As a kind of a weird bonus, activating end-to-end encryption in Telegram
>is oddly difficult for non-expert users to actually do.
>For one thing, the button that activates Telegram's encryption feature is
>not visible from the main conversation pane, or from the home screen. To
>find it in the iOS app, I had to click at least four times -- once to
>access the user's profile, once to make a hidden menu pop up showing me
>the options, and a final time to "confirm" that I wanted to use
>encryption. And even after this I was not able to actually have an
>encrypted conversation, since Secret Chats only works if your conversation
>partner happens to be online when you do this.
>Starting a "secret chat" with my friend Michael on the latest Telegram iOS
>app. From an ordinary chat screen this option isn't directly visible.
>Getting it activated requires four clicks: (1) to get to Michael's profile
>(left image), (2) on the "..." button to display a hidden set of options
>(center image), (3) on "Start Secret Chat", and (4) on the "Are you sure..."
>confirmation dialog. After that I'm still unable to send Michael any
>messages, because Telegram's Secret Chats can only be turned on if the
>other user is also online.
>Overall this is quite different from the experience of starting a new
>encrypted chat in an industry-standard modern messaging application, which
>simply requires you to open a new chat window.
>While it might seem like I'm being picky, the difference in adoption
>between default end-to-end encryption and this experience is likely very
>significant. The practical impact is that the vast majority of one-on-one
>Telegram conversations -- and literally every single group chat -- are
>probably visible on Telegram's servers, which can see and record the
>content of all messages sent between users. That may or may not be a
>problem for every Telegram user, but it's certainly not something we'd
>advertise as particularly well encrypted.
>(If you're interested in the details, as well as a little bit of further
>criticism of Telegram's actual encryption protocols, I'll get into what we
>know about that further below.)
>But wait, does default encryption really matter?
>Maybe yes, maybe no! There are two different ways to think about this.
>One is that Telegram's lack of default encryption is just fine for many
>people. The reality is that many users don't choose Telegram for encrypted
>private messaging at all. For plenty of people, Telegram is used more like
>a social media network than a private messenger.
>Getting more specific, Telegram has two popular features that makes it
>ideal for this use-case. One of those is the ability to create and
>subscribe to "channels", each of which works like a broadcast network
>where one person (or a small number of people) can push content out to
>millions of readers. When you're broadcasting messages to thousands of
>strangers in public, maintaining the secrecy of your chat content isn't as
>important.
>Telegram also supports large public group chats that can include thousands
>of users. These groups can be made open for the general public to join, or
>they can set up as invite-only. While I've never personally wanted to
>share a group chat with thousands of people, I'm told that many people
>enjoy this feature. In the large and public instantiation, it also doesn't
>really matter that Telegram group chats are unencrypted -- after all, who
>cares about confidentiality if you're talking in the public square?
>But Telegram is not limited to just those features, and many users who
>join for them will also do other things.
>Imagine you're in a "public square" having a large group conversation. In
>that setting there may be no expectation of strong privacy, and so end-to-
>end encryption doesn't really matter to you. But let's say that you and
>five friends step out of the square to have a side conversation. Does that
>conversation deserve strong privacy? It doesn't really matter what you
>want, because Telegram won't provide it, at least not with encryption that
>protects you from sharing your content with Telegram servers.
>Similarly, imagine you use Telegram for its social media-like features,
>meaning that you mainly consume content rather than producing it. But one
>day your friend, who also uses Telegram for similar reasons, notices
>you're on the platform and decides she wants to send you a private
>message. Are you concerned about privacy now? And are you each going to
>manually turn on the "Secret Chat" feature -- even though it requires four
>explicit clicks through hidden menus, and even though it will prevent you
>from communicating immediately if one of you is offline?
>My strong suspicion is that many people who join Telegram for its social
>media features also end up using it to communicate privately. And I think
>Telegram knows this, and tends to advertise itself as a "secure messenger"
>and talk about the platform's encryption features precisely because they
>know it makes people feel more comfortable. But in practice, I also
>suspect that very few of those users are actually using Telegram's
>encryption. Many of those users may not even realize they have to turn
>encryption on manually, and think they're already using it.
>Which brings me to my next point.
>Telegram knows its encryption is difficult to turn on, and they continue
>to promote their product as a secure messenger
>Telegram's encryption has been subject to heavy criticism since at least
>2016 (and possibly earlier) for many of the reasons I outlined in this
>post. In fact, many of these criticisms were made by experts including
>myself, in years-old conversations with Pavel Durov on Twitter.1
>Although the interaction with Durov could sometimes be harsh, I still
>mostly assumed good faith from Telegram back in those days. I believed
>that Telegram was busy growing their network and that, in time, they would
>improve the quality and usability of the platform's end-to-end encryption:
>for example, by activating it as a default, providing support for group
>chats, and making it possible to start encrypted chats with offline users.
>I assumed that while Telegram might be a follower rather than a leader, it
>would eventually reach feature parity with the encryption protocols
>offered by Signal and WhatsApp. Of course, a second possibility was that
>Telegram would abandon encryption entirely -- and just focus on being a
>social media platform.
>What's actually happened is a lot more confusing to me.
>Instead of improving the usability of Telegram's end-to-end encryption,
>the owners of Telegram have more or less kept their encryption UX
>unchanged since 2016. While there have been a few upgrades to the
>underlying encryption algorithms used by the platform, the user-facing
>experience of Secret Chats in 2024 is almost identical to the one you'd
>have seen eight years ago. This, despite the fact that the number of
>Telegram users has grown by 7-9x during the same time period.
>At the same time, Telegram CEO Pavel Durov has continued to aggressively
>market Telegram as a "secure messenger." Most recently he issued a
>scathing criticism of Signal and WhatsApp on his personal Telegram
>channel, implying that those systems were backdoored by the US government,
>and only Telegram's independent encryption protocols were really
>trustworthy.
>While this might be a reasonable nerd-argument if it was taking place
>between two platforms that both supported default end-to-end encryption,
>Telegram really has no legs to stand on in this particular discussion.
>Indeed, it no longer feels amusing to see the Telegram organization urge
>people away from default-encrypted messengers, while refusing to implement
>essential features that would widely encrypt their own users' messages. In
>fact, it's starting to feel a bit malicious.
>What about the boring encryption details?
>This is a cryptography blog and so I'd be remiss if I didn't spend at
>least a little bit of time on the boring encryption protocols. I'd also be
========== REMAINDER OF ARTICLE TRUNCATED ==========