Push me and then you can get your satisfaction
The authors (of the restriction draft law) propose to introduce such a notion as “information and communication services” into the laws “On Information ...” and “On Communications”. Their activity means the transfer of “text, voice and image messages that are technologically inextricably linked to communication services provided by third parties on data transmission networks of telecom operators”. Representatives of Internet companies and operators, having familiarized themselves with the document, came to the conclusion that we are talking primarily about instant messengers, although theoretically, social networks can also be affected by the law.
“The latest results from the analysis of the MTProto protocol: eprint.iacr.org/2015/1177.pdf . This paper shows that this protocol is not persistent in the IND-CCA model, i.e. It is possible to convert any ciphertext to some other ciphertext that can be decrypted into the plaintext source. Despite the fact that the attack is theoretical, the authors recommend not to use self-made solutions, but to implement well-tested designs, and they suggest changing the protocol so that the attack does not take place. ”
“I don’t like Telegram, but, in general, it is definitely better than other popular messengers, at least because there is an opportunity to make an encrypted chat with a more or less normal matching of the key fingerprint, but for normal chat, only the transport is protected, as well as , in fact, the majority of other popular messengers, and the media, for the most part, describe Telegram as a super secure solution that even terrorists use, so you, like, will definitely do it. I consider such an exaggeration on the part of the media to be quite a big problem, no kidding, because Such news attracts many technically illiterate new users to Telegram. If in the same Tor security is built architecturally, then the security of the correspondence of illiterate Telegram users rests only on the principles of developers about data disclosure and physical security of servers, and in the case of compromise, not only the users themselves suffer, but you too, if you corresponded with the user, the data which, for example, was given to government organizations. ”
“This topic is much bigger than all of us, because such important technology for humanity as IM and audio-video calls cannot be managed by one company. There are all sorts of work groups supporting industry-critical libraries and programs, such as openssl, apache. I think some IETF should do this.
It’s just that at some point they squander this and open standards didn’t manage to do commercial work. The fact that IM is now monopolized by companies is terrible. Ideally, all instant messengers should maintain a unified minimum standard sufficient to communicate with anyone, like email, and all of their branded pieces to be implemented within the network for their users.
Imagine that emails could only be sent between outlook, but you can’t go to gmail anymore. Or you could only call from Nokia to Nokia, but not to Samsung. This is exactly what the messengers look like right now. ”
“The most obvious and obvious file telegram: centralized servers. Take the ass those who manage them - and everything. No telegraph. Even if no one read my correspondence in the past.
This file follows from a slightly less obvious file - the closeness of the source code of the servers. ”
Source: https://habr.com/ru/post/273001/
All Articles