Black PR Telegram. Who to believe?
Recently, on Geektimes, a fuss was raised with the article “Bad Telegram” or How I did not take money for the black PR of Telegram in Habrahabr . As a result, they found out that the acquaintance of Burumych reads his daughter's correspondence and that the greeting “Good afternoon” is better than “Good day”.In order to throw in useful information to the fan, we and Edison specialists made a selection of publications about Telegam and secure messengers so that the inquisitive reader could independently conclude (and not get a “paid” expertise) which we should trust and use for our purposes. Pro level of confidence / yellowness of the media I propose to decide the reader yourself.
The flow of adequate and inadequate information about the security of communication (including messengers) is growing and will grow, and I really want the competent, independent and understandable analytics to be found on Habré.
')
What criteria to use for evaluating the safety of instant messengers can be seen from fighters for digital immunity - Electronic Frontier Foundation (EFF). By the way, the question is, are these criteria exhaustive or additional (for example, about masking metadata) needed?
To increase the degree of objectivity and independence, please comment in the comments of those who understand the issue about the security of instant messengers.
Based on what data can you draw conclusions?
Strategic Intelligence Information Work Washington Platt
Electronic Frontier Foundation
www.eff.org/secure-messaging-scorecard
The Electronic Frontier Foundation (EFF) has published a serious analytical material (last updated 2015-11-03), assessing the degree of security and privacy of mobile and online messengers. EFF awarded points to the participants, evaluating the applications by seven parameters.
- Is the data encrypted during transmission?
- Is the data protected from reading by service providers?
- Can the user verify the identity of his interlocutor?
- Is the correspondence history protected from decryption when intercepting the current key (this question implies that the encryption key must change constantly, and the keys used are safely deleted along with the random data on which they were built)?
- Is the solution code open?
- Are the encryption methods described in detail?
- Has an independent security audit been conducted in the last 12 months?
More about the criteria in English
METHODOLOGY
Here are the criteria for various communication tools.
1. Is your communication encrypted in transit?
This criterion requires that all user communications are encrypted. If you’re not interested in a network connection, it’s not recommended. We do not require that metadata (such as user names or addresses) is encrypted.
2. Is your communication encrypted with a key the provider doesn’t have access to?
This criterion requires that all user communications are end-to-end encrypted. It means that it will be generated and stored at the endpoints (ie by users, not by servers). Endpoints but it is not necessary to end the keys or synchronize the keys between two devices. It is fine if users have public keys are exchanged using a centralized server.
3. Can you verify your identity with identity?
It is a criterion that has been compromised. Two acceptable solutions are:
There are no translations available.
A key exchange protocol with a short-authentication-string comparison, such as the Socialist Millionaire's protocol.
Other solutions are possible between the users and the cryptographic channel. For the scorecard, we are simply not evaluating the security of that mechanism.
4. Are your communications secure if your keys are stolen?
This is a criterion that requires it to be encrypted with the ephemeral keys. It is imperative that these keys can be reconstructed. Note that this criterion requires criterion 2, end-to-end encryption.
Note: For example: TLS with a Diffie-Hellman cipher suite) and non-forward-secret end-to-end encryption plus an explicit guarantee that you are not logged by the provider. It is not a cessation of secrecy at all.
5. Is the code open to independent review?
This criterion requires that it can be independently compiled. Although it is preferable to be a license. This is a case in point: backlash, back doors, structural problems. Note: When the tools are used, it is not a complete OS. This is a compromise, but it’s beyond the scope of this project.
6. Is the crypto design well-documented?
This criterion requires clear application. This is a white paper written by the audience of professional cryptographers. This must provide answers to the following questions:
What are the algorithms and parameters (such as key sizes or elliptic curve groups)?
How keys are generated, stored, and exchanged between users
Their key
This is a clear statement about what the model aims to provide. This should also be a clear statement.
7. Has there been an independent security audit?
This criterion requires an independent review. This is a review of the instrument of the development team. Audits by an independent security team within a large organization are sufficient. It is not a problem.
[ source ]
Here are the criteria for various communication tools.
1. Is your communication encrypted in transit?
This criterion requires that all user communications are encrypted. If you’re not interested in a network connection, it’s not recommended. We do not require that metadata (such as user names or addresses) is encrypted.
2. Is your communication encrypted with a key the provider doesn’t have access to?
This criterion requires that all user communications are end-to-end encrypted. It means that it will be generated and stored at the endpoints (ie by users, not by servers). Endpoints but it is not necessary to end the keys or synchronize the keys between two devices. It is fine if users have public keys are exchanged using a centralized server.
3. Can you verify your identity with identity?
It is a criterion that has been compromised. Two acceptable solutions are:
There are no translations available.
A key exchange protocol with a short-authentication-string comparison, such as the Socialist Millionaire's protocol.
Other solutions are possible between the users and the cryptographic channel. For the scorecard, we are simply not evaluating the security of that mechanism.
4. Are your communications secure if your keys are stolen?
This is a criterion that requires it to be encrypted with the ephemeral keys. It is imperative that these keys can be reconstructed. Note that this criterion requires criterion 2, end-to-end encryption.
Note: For example: TLS with a Diffie-Hellman cipher suite) and non-forward-secret end-to-end encryption plus an explicit guarantee that you are not logged by the provider. It is not a cessation of secrecy at all.
5. Is the code open to independent review?
This criterion requires that it can be independently compiled. Although it is preferable to be a license. This is a case in point: backlash, back doors, structural problems. Note: When the tools are used, it is not a complete OS. This is a compromise, but it’s beyond the scope of this project.
6. Is the crypto design well-documented?
This criterion requires clear application. This is a white paper written by the audience of professional cryptographers. This must provide answers to the following questions:
What are the algorithms and parameters (such as key sizes or elliptic curve groups)?
How keys are generated, stored, and exchanged between users
Their key
This is a clear statement about what the model aims to provide. This should also be a clear statement.
7. Has there been an independent security audit?
This criterion requires an independent review. This is a review of the instrument of the development team. Audits by an independent security team within a large organization are sufficient. It is not a problem.
[ source ]
Top list of the most protected instant messengers according to EFF:
- Chatsecure is a free open source iOS and Android messaging application with encryption support. The developer is the Guardian Project. The messenger complies with all the necessary parameters proposed by the EFF, guaranteeing the highest degree of security and privacy (but only if used with the Tor-based Torb plugin).
- CryptoCat is an open encryption messenger that works with Chrome, Firefox, Safari and Opera browsers, as well as a separate service on Apple OS X and on the iPhone. This summer, the developers of CryptoCat were looking for sponsors to develop the Android version and create an encrypted video chat - perhaps soon a “cryptoclot” will appear on this platform.
- Signal, RedPhone and Textsecure are Whisper Systems' products, designed, respectively, for messaging on iOS devices, making confidential calls from Android devices and chatting between Android users. Each of the applications is open source and offers full encryption of data transfer and storage.
- Silent Phone and Silent Text are secure call and messaging services from Silent Circle . Of course, they are paid, but they are compatible with iOS and Android platforms, and also work on traditional PCs. Silent Circle has also developed its own model of a penetration-proof smartphone based on a modified Android build called Blackphone. Corporate support is also offered.
- Telegram is a free cross-platform messenger that allows you to exchange messages and media files. The system uses a proprietary server part that runs on the facilities of several hosting companies in the USA and Germany, and several open source clients (under the GNU GPL). For the messenger, MTProto protocol was created, which implies the use of several encryption protocols. When authorizing and authenticating, RSA-2048, DH-2048 algorithms are used for encryption, and when sending protocol messages to the network, they are encrypted with AES with a key known to the client and the server. Also used cryptographic hash sum SHA-1 and MD5.
- Pidgin is a multi-protocol, open-source IM client with support for Jabber, AIM, ICQ, GTalk, MSN, Yahoo !, Sametime, etc. There is a possibility of audio and video communications.
Caution long image
Summary table
Log] [aker
- Telegram messenger merges metadata for everyone (December 1, 2015 Maria Nefedova)
- Telegram has blocked 78 channels of ISIL, and experts question the security of the messenger (November 20, 2015, Maria Nefedova)
- China blocked the Telegram (July 13, 2015, Anatoly Alizar)
- Pavel Durov about Telegram expenses and future plans (June 9, 2015, Maria Nefedova)
- Telegram offers hackers $ 400 thousand (November 5, 2014, Anatoly Alizar)
Habr
- The matrix of the capabilities of modern messengers with an emphasis on security (November 23, 2015, Scratch)
- On the intricacies of privacy in the Telegram Bots API: "this is not a bug, this is a feature" (July 3, 2015, deNULL)
- Telegram attack for 2 ^ 64 operations, and why the supervillain doesn't need it (March 12, 2015, Davidov)
- Potential vulnerability in Android Telegram (February 19, 2015, visput)
- Is Telegram Safe? v2 (December 2, 2014, f0rbidik)
- Openness API Telegram (February 11, 2014, Bakuutin)
- Anxiety Symptoms Telegram (October 15, 2014, alex0ff)
- New bug in Telegram (December 26, 2013, me3k)
- Is Telegram Safe? Or as I was looking for a bookmark in MTProto (December 22, 2013, x7mz)
- Are there any more Telegram bookmarks? (December 23, 2013, aabc)
- Callback to Telegram developers (December 20, 2013, ArtyomKazak)
- Trap for hacking contests (December 20, 2013, galaxy)
- $ 200,000 to anyone who hacks the Telegram IM messenger (December 18, 2013, alizar)
Kaspersky
Push me and then you can get your satisfaction
- The Golden Key, or the Adventures of Pinocchio in the country of cryptography (November 25, 2015, Serge Malenkovich)
- Declassified materials, or are messengers safe? (November 20, 2015, Alex Perekalin)
- Cameron against encryption (January 15, 2015 Igor Oskolkov)
- Nine safest messaging systems (November 14, 2014, Brian Donohue)
- Secure internet messenger. Does he exist? (16 April 2014, Alex Savitsky)
Security lab
- Telegram discloses metadata to third parties (November 30, 2015)
- Telegram is not as secure as it seems to terrorists (November 19, 2015)
- Telegram management denies the presence of a vulnerability in the application for secure communication (February 24, 2015)
- Terrorists have developed a Telegram blocking bypass plan (November 19, 2015)
Tj
- Users of "Habrakhabra" complained about the offer to write custom-made articles with the anti-spray Telegram
- Paranoid messengers (February 25, 2014 Elistratov)
- Pavel Durov commented on the story of the preparation of the attack through Telegram for CNN (October 4, 2015)
- The media reported on the massive transition of Ukrainian politicians to Telegram because of reports of vulnerabilities in Viber (August 17, 2015)
- “I imagine how the new generation of Russians is beginning to believe in the superiority of state regulation over freedom” (July 03, 2015)
- In Telegram refuted the report of a security specialist about hacking a messenger (February 24, 2015)
- Telegram will pay 300 thousand dollars for deciphering the correspondence of two bots
Roem.ru
- Cellular networks have noticed the boom of "unregulated" instant messengers from corporate clients (September 2, 2015)
- Chinese authorities conducted a Telegram PR and its encryption functions (July 13, 2015)
- Pavel Durov: there is no real freedom of speech in any country (April 3, 2015)
- Durov crossed Slack and secret chats (March 19, 2015)
- Durov ignore orders of the authorities to issue information from Telegram (March 9, 2014)
- UCP showed "care" about Telegram (November 18, 2013)
RBC
Officials decided to limit the communication of Russians in messengers (December 9, 2015)
The authors (of the restriction draft law) propose to introduce such a notion as “information and communication services” into the laws “On Information ...” and “On Communications”. Their activity means the transfer of “text, voice and image messages that are technologically inextricably linked to communication services provided by third parties on data transmission networks of telecom operators”. Representatives of Internet companies and operators, having familiarized themselves with the document, came to the conclusion that we are talking primarily about instant messengers, although theoretically, social networks can also be affected by the law.
PS
According to a study conducted by Kaspersky Lab together with B2B International, 62% of respondents do not consider online messengers safe, 61% do not trust IP-telephony, 60% are wary of video chats. Nevertheless, 37% of those who took part in the survey most often use online messengers for communication, 25% - social media messengers and 15% - VoIP services.
The main findings of the study
One of the critical vulnerabilities of modern messengers (including Telegram) is unprotected metadata (attackers can get a list of contacts to determine the circle of communication, network access time, etc.), and very often the fact of communication is much more important than the content of communication. What tools to solve it (exclude from the system centralized servers or something else) I propose to discuss in the comments.
UPD
ru_crypt :
“The latest results from the analysis of the MTProto protocol: eprint.iacr.org/2015/1177.pdf . This paper shows that this protocol is not persistent in the IND-CCA model, i.e. It is possible to convert any ciphertext to some other ciphertext that can be decrypted into the plaintext source. Despite the fact that the attack is theoretical, the authors recommend not to use self-made solutions, but to implement well-tested designs, and they suggest changing the protocol so that the attack does not take place. ”
ValdikSS :
“I don’t like Telegram, but, in general, it is definitely better than other popular messengers, at least because there is an opportunity to make an encrypted chat with a more or less normal matching of the key fingerprint, but for normal chat, only the transport is protected, as well as , in fact, the majority of other popular messengers, and the media, for the most part, describe Telegram as a super secure solution that even terrorists use, so you, like, will definitely do it. I consider such an exaggeration on the part of the media to be quite a big problem, no kidding, because Such news attracts many technically illiterate new users to Telegram. If in the same Tor security is built architecturally, then the security of the correspondence of illiterate Telegram users rests only on the principles of developers about data disclosure and physical security of servers, and in the case of compromise, not only the users themselves suffer, but you too, if you corresponded with the user, the data which, for example, was given to government organizations. ”
zhovner :
“This topic is much bigger than all of us, because such important technology for humanity as IM and audio-video calls cannot be managed by one company. There are all sorts of work groups supporting industry-critical libraries and programs, such as openssl, apache. I think some IETF should do this.
It’s just that at some point they squander this and open standards didn’t manage to do commercial work. The fact that IM is now monopolized by companies is terrible. Ideally, all instant messengers should maintain a unified minimum standard sufficient to communicate with anyone, like email, and all of their branded pieces to be implemented within the network for their users.
Imagine that emails could only be sent between outlook, but you can’t go to gmail anymore. Or you could only call from Nokia to Nokia, but not to Samsung. This is exactly what the messengers look like right now. ”
J_o_k_e_R :
“The most obvious and obvious file telegram: centralized servers. Take the ass those who manage them - and everything. No telegraph. Even if no one read my correspondence in the past.
This file follows from a slightly less obvious file - the closeness of the source code of the servers. ”
Source: https://habr.com/ru/post/273001/
All Articles