Investigation by investigative journalism outlet IStories (EN version by OCCRP) shows that Telegram uses a single, FSB-linked company as their infrastructure provider globally.

Telegram’s MTProto protocol also requires a cleartext identifier to be prepended to all client-server messages.

Combined, these two choices by Telegram make it into a surveillance tool.

I am quoted in the IStories story. I also did packet captures, and I dive into the nitty-gritty technical details on my blog.

Packet captures and MTProto deobfuscation library I wrote linked therein so that others can retrace my steps and check my work.

  • rysiek@szmer.infoOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    4 个月前

    they already who which user is which IP from the servers they control
    (…)
    when they already control Telegram’s servers

    Who is “they” here?

    If you meant “the compromised provider” here, then no, we cannot assume they know which IP address is used by which user. Full disk encryption exists, you can rent a (physical, dedicated, as is the case here) server from a provider and set it up in such a way that you can be reasonably sure that the provider does not have access to the data on the server.

    So in that case the provider would only see the traffic without the ability to connect easily IP addresses with actual devices or users. That is not enough to reliably track anyone long-term, as IP addresses change in ways that often make it difficult to figure out if some traffic comes from the same user/device or not – especially when you travel. But add an identifier visible directly on the wire, like the auth_key_id, and you can pretty easily say “yes, this new IP address is now used by the same device”.

    If you mean “Telegram”, and assume Telegram cooperates fully with the FSB, to the point of providing unfettered access to data on Telegram’s servers, then sure. But I cannot prove that, and neither could the IStories team. Can you? You can of course make any assumption you want to (and I am not saying your assumption here is necessarily wrong – only that I cannot prove it), but when I publish I can only work on things that I or somebody else can prove.

    And in this story, I can prove that Telegram’s protocol has a very weird, unexpected “feature” that combined with IP address allows anyone with sufficient access to track Telegram users. I can show that this feature is not necessary in such a protocol – other protocols used by other similar tools do not have that issue. And IStories team seem to be able to prove that all Telegram traffic flows through a single infrastructure provider that has ties to the Russian FSB.

    That’s all we got currently, but that’s already plenty. Because both of these are decisions made by Telegram, and they strongly reinforce one another.

    It just seems like an incompetent implementation.

    If that was the only weird technological decision by Telegram with strong consequences for privacy of its users, I could agree.

    But as I discuss at length in that blogpost, Telegram has a long, long history of such “incompetence”; they also tend to react badly to anyone pointing this kind of thing out. The auth_key_id issue has been pointed out years ago and not only is it not fixed, there is no indication that Telegram even considers fixing it.

    Can you imagine the veritable shitstorm if Signal pulled something like that?

    As I wrote in my blogpost, in the end it does not matter if this is incompetence or malice – the end result is exactly the same.