The company has updated its FAQ page to say that private chats are no longer shielded from moderation.

Telegram has quietly removed language from its FAQ page that said private chats were protected from moderation requests. The change comes nearly two weeks after its CEO, Pavel Durov, was arrested in France for allegedly allowing “criminal activity to go on undeterred on the messaging app.”

Earlier today, Durov issued his first public statement since his arrest, promising to moderate content more on the platform, a noticeable change in tone after the company initially said he had “nothing to hide.”

“Telegram’s abrupt increase in user count to 950M caused growing pains that made it easier for criminals to abuse our platform,” he wrote in the statement shared on Thursday. “That’s why I made it my personal goal to ensure we significantly improve things in this regard. We’ve already started that process internally, and I will share more details on our progress with you very soon.”

Translation: Durov is completely compromised and will do whatever NATO tells him to do. Do not trust in the security of Telegram, which frankly was never that good to begin with. And do not trust anything else even remotely connected to the company or Durov personally.

  • someone [comrade/them, they/them]@hexbear.netOP
    link
    fedilink
    English
    arrow-up
    14
    ·
    3 months ago

    Are private chats not end to end encrypted? They should be, so it shouldn’t be possible to moderate.

    Telegram has a few different chat type options:

    • Public, which is what it sounds like, available for groups. Server-side encryption, so Telegram (the company) can see everything.

    • Private, which is like an unlisted/unsearchable public group chat, same encryption limitations.

    • Secret, which are strictly one-on-one, and default to server-side encryption. The user can select end-to-end encryption for these on a per-chat basis. It can’t be made the default.

    If not, it sounds like the app is a complete joke.

    Oh it always has been from a security perspective. They use a homegrown E2EE known-to-be-flawed protocol called MTProto instead of using a professionally-audited one like in Matrix.

    • PorkrollPosadist [he/him, they/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      3 months ago

      If I were to choose one app, it would probably be Matrix due to the fact that is supports E2EE not only in private messages, but in chatrooms, and due to the fact that you can self-host it (this is a simple requirement which all these other “apps” fail). But it Matrix isn’t a panacea either. From my understanding, while the cryptography is considered to be sound, the protocol itself reveals a lot of metadata. If I were going to use Matrix for ninja shit, it would absolutely not be on a publicly federated server. It would be a private, unadvertized server which only the cool kids get told about.

      If it were a matter of life or death, the only thing I’d really trust is GPG and dead drops.

      • someone [comrade/them, they/them]@hexbear.netOP
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 months ago

        I agree on Matrix. It’s not ideal right now but it’s easily better than the alternatives. I don’t trust systems that can’t be self-hosted.

        If it were a matter of life or death, the only thing I’d really trust is GPG and dead drops.

        I like the cut of your jib.

      • gay_king_prince_charles [she/her, he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        3 months ago

        For reference, the metadata leaked is: Sender id, recipient id, if the recipient saw the message, when the message was delivered, all reactions and the length of the message.

        For example, this is what the server sees in an encrypted message:

        type": "m.room.encrypted" "event_id": "$UE04iZS0h4U-_ZhKwPESa3ah1r6u1sURytMhU8GyVnc" "content": -{ "algorithm": "m.megolm.v1.aes-sha2" ciphertext": "AwgAErABPeRzzy2zD0X3/XYuP6Z/ GoxYVEFYafFRtrDUalTz9HnOvy+Y7v3Mb/ ucbMiyKTe74h2QdgRaHQk9JaDN5Cwq6hmHQuy5pxxnNki9 YZ4BD5mNbaWc5kL7k2+qftumwHWxdYvUTLBwz3dK6c29ik 69wcX1wyB6NReP90/2xVxHQjHH727yzLyrYuOYapTy9Esdzc HXvoIJ5AIVLSzaAEulY5YcwhHQQQF3LHNrkwZ2W0AYy77Z WzfutYGinFpqXWRTXFM65V9V7nVkmPjjOCNc+Eiz70h0zRu QQC2XXZcWhbt7rwKPeeoffaWHhmNiMOGBioBkpzlljw4" "device_id": "RYIDRJCFLQ" "sender_key": "EhlZmYo85D8ICluhCNUIk+U/ TbTzMG5oB+b7z/+w8Bs" "session_id": "j+fsgZDUu2ocbB8fLWpQlJFBNnNkGLOefZnBceTI4OE" origin_server_ts": 1725666785233 "sender": "@criticalresist8:matrix.org" "room_id": "!RsmVqNrD6NO0EJIN:genzedong.xyz" "unsigned
        

        And after decryption, you get this:

        type": "m.room.message" "content": -{ "body": "i love when dogs do that with their head" "m.mentions": - { "msgtype": "m.text