this post was submitted on 02 Oct 2024
365 points (98.7% liked)

Privacy

32517 readers
160 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Telegram CEO Pavel Durov recently announced that Telegram would be handing over user data (such as phone numbers and IP adresses) to the authorities. Now it turns out that it has been doing so since 2018.

My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

To reduce confusion, last week, we streamlined and unified our privacy policy across different countries.

Telegram was built to protect activists and ordinary people from corrupt governments and corporations โ€”ย we do not allow criminals to abuse our platform or evade justice.

Full text of the post.๐Ÿ“ฐ My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

๐ŸŒ Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

โš–๏ธ Whenever we received a properly formed legal request via relevant communication lines, we would verify it and disclose the IP addresses/phone numbers of dangerous criminals. This process had been in place long before last week.

๐Ÿค– Our @transparency bot demonstrates exactly that. This bot shows the number of processed requests for user data.

โœ‰๏ธ For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

๐Ÿ“ˆ In Europe, there was an uptick in the number of valid legal requests we received in Q3. This increase was caused by the fact that more EU authorities started to use the correct communication line for their requests, the one mandated by the EU DSA law. Information about this contact point has been publicly available to anyone who viewed the Telegram website or googled โ€œTelegram EU address for law enforcementโ€ since early 2024.ย 

๐Ÿค To reduce confusion, last week, we streamlined and unified our privacy policy across different countries. But our core principles havenโ€™t changed. Weโ€™ve always strived to comply with relevant local laws โ€” as long as they didnโ€™t go against our values of freedom and privacy.

๐Ÿ›ก Telegram was built to protect activists and ordinary people from corrupt governments and corporations โ€”ย we do not allow criminals to abuse our platform or evade justice.

top 50 comments
sorted by: hot top controversial new old
[โ€“] xiao@sh.itjust.works 108 points 2 months ago (5 children)

Telegram was built to protect activists and ordinary people from corrupt governments and corporations โ€” we do not allow criminals to abuse our platform or evade justice.

Criminals according to what standard ? In some countries, activism or sympathy with a cause is considered criminal behavior.

Evade justice ?? What justice is he talking about? The justice of the United States of America, Chinese justice, or the justice of the nationalities he possesses?

Better to avoid this platform

[โ€“] melroy@kbin.melroy.org 29 points 2 months ago (1 children)

You are 100% correct!

When governments are corrupt; rebellion is the same as criminal, because you are going against the government. That is the whole problem.

[โ€“] sunzu2@thebrainbin.org 7 points 2 months ago

PoliScie 101.

Even the US founders hinted at this issue, if not outright called it out and added some protections for the plebs via a few amendments... But normies got nothing to hide ๐Ÿคก

[โ€“] zante@lemmy.wtf 15 points 2 months ago

As a Russian he should know better anyone the difference between an Activist and a criminal is one phone call from the FSB

[โ€“] zingo@sh.itjust.works 13 points 2 months ago* (last edited 2 months ago) (1 children)

Criminals according to what standard ? In some countries, activism or sympathy with a cause is considered criminal behavior.

Exactly!

It is a slippery slope.

Even with services like Proton (big company in the privacy realm) etc, you can only fully trust yourself.

That's why documents are always client side encrypted before I send my data, to any cloud platform.

[โ€“] boldsuck@scribe.disroot.org 2 points 2 months ago

Even with services like Proton (big company in the privacy realm) etc, you can only fully trust yourself.

Thatโ€™s why documents are always client side encrypted before I send my data, to any cloud platform.

Exactly. I will never understand why people have their secret GPG-key on services like Tuta or Proton instead of on their own devices. ๐Ÿ˜‚

[โ€“] msage@programming.dev 8 points 2 months ago

Criminals like Edward Snowden I guess

[โ€“] UnfortunateShort@lemmy.world 5 points 2 months ago

Justice he dicides on and can get away with.

[โ€“] zante@lemmy.wtf 56 points 2 months ago (3 children)

Everyone was told, from the outset , not to trust telegram. Amnesty International, the EFF, the cryptography community all said this as long as 10 years ago.

Itโ€™s actually pathetic to read a Russian talking about how it was โ€œbuilt for activists and not criminals โ€œ . What a worm.

[โ€“] drwho@beehaw.org 10 points 2 months ago

There are lots of things I could say to agree with you, but all I can do is gesture helplessly.

[โ€“] delirious_owl@discuss.online 5 points 2 months ago

I don't think Russians actually thought that. Its just that if they publicly pointed out the issues with Telegram and publicly suggested better alternatives, bad things would happen to them.

[โ€“] loutr@sh.itjust.works 2 points 2 months ago

I know "security experts" from a top French bank who insisted on using telegram instead of signal. So even people who were supposed to stay informed about this stuff fell for the hype and marketing.

[โ€“] zephorah@lemm.ee 23 points 2 months ago (12 children)

This is really simple. Use Signal or WIRE. Proton or maybe Tutanota for email.

Avoid garbage like Telegram and FB Messenger. Discord as well.

[โ€“] floquant@lemmy.dbzer0.com 13 points 2 months ago (3 children)

There seems to be a gross misunderstanding of how everything works here. Any platform will need to provide data to authorities when "asked properly" - as in, receives an actual order from some enforcing body that has authority on the subject in question. No commercial company will fight the CIA in court to protect your data. The best you can hope for is that they minimize what kind of data they collect about you in the first place - in the case of E2EE, they will only have access to IPs and other metadata such as connection timestamps and nothing else. But all of the services you listed will collect at least IPs and most will do phone numbers as well. The only difference with Telegram is that they're transparent about it. You can either avoid using commercial platforms altogether, or use them in a way such that data retrieved from them will be useless. But believing that "Signal will never give my IP to law enforcement" is delusional.

load more comments (3 replies)
[โ€“] possiblylinux127@lemmy.zip 13 points 2 months ago* (last edited 2 months ago) (2 children)

Wire isn't that great. Definitely avoid email as it is riddled with problems that aren't easily fixable despite what the email companies tell you.

Simplex Chat, Signal or possibly Matrix

[โ€“] delirious_owl@discuss.online 3 points 2 months ago (1 children)

I use Wire. Its the best option right now. Better than SimpleX, Signal, and Matrix for many reasons

[โ€“] possiblylinux127@lemmy.zip 6 points 2 months ago (6 children)

It really isn't though

It is less secure, less private and less user friendly and is run by a company who I question.

load more comments (6 replies)
load more comments (1 replies)
[โ€“] sunzu2@thebrainbin.org 7 points 2 months ago (1 children)

That's the privacy starter pack.

Mid level is Linux, DeGoogled pbone, and openwrt on the router

Make your fed work for you! You pay him a healthy wage for it ๐Ÿธ

load more comments (1 replies)
load more comments (8 replies)
[โ€“] SorryforSmelling@lemmy.blahaj.zone 21 points 2 months ago (3 children)

ok this feels like a real hot take. but i am somewhat glad about this. in my country telegram has the reputation to be the nazi (and sometimes the pedo-) app. so i am not unhappy those people online activity can be used against them in court. That beeing said i can respect people who feel otherwise.

[โ€“] JargonWagon@lemmy.world 3 points 2 months ago

I'm with you. If they're verifying the information request, as in vetting it to determine if there is actual criminal behavior going on i.e. pedos/money laundering/etc, then good. Hand them over to the authorities.

They state that they don't cater to corrupt governments or organizations - good.

Everyone here arguing against these things are throwing up major red flags. Didn't the CEO just go to court because he wasn't handing over information willy nilly? I would hope Signal and Proton would be doing the same things.

load more comments (2 replies)
[โ€“] underisk@lemmy.ml 17 points 2 months ago (3 children)

Never trust a third party to keep your shit private. Especially if privacy is their main selling point.

[โ€“] delirious_owl@discuss.online 2 points 2 months ago (4 children)

Foss code and client side encryption is fine.

load more comments (4 replies)
load more comments (2 replies)
[โ€“] delirious_owl@discuss.online 15 points 2 months ago (6 children)

Why do you think they (and Signal) require phone numbers?

[โ€“] ByteOnBikes@slrpnk.net 8 points 2 months ago (1 children)

I've been calling this out for years.

And every time, some commenter goes, "Nu uh, look at their website bro! It's super private!"

[โ€“] delirious_owl@discuss.online 1 points 2 months ago

Nuh uh! We've been telling people to avoid Telegram and Signal for years!

[โ€“] jaypatelani@lemmy.ml 5 points 2 months ago
[โ€“] Pika@sh.itjust.works 2 points 2 months ago* (last edited 2 months ago) (6 children)

In terms of end-to-end encryption I don't mind if they have my phone number or not, if it's done right.

Let's use signal for example, because honestly they do it pretty decently, the most information that you can obtain from signal in a data information request is the date and time that an account is created, and the last time the account went online.

Actual content such as the user's contact list, the people that user was talking with(including groups), and of course the messages that you sent are fully end to end encrypted meaning that signal does not have access to it meaning that they cannot give that information out in a data information request as they never had it in the first place.

The most that signal is able to confirm in a data information request, is yes this specific account ID has a signal account and this is the last time they went online.

load more comments (6 replies)
load more comments (3 replies)
[โ€“] slazer2au@lemmy.world 14 points 2 months ago

Telegram was built to protect activists and ordinary people from corrupt governments and corporation

Didn't they announce that they were no longer sending data to China about users participating in the Hong Kong unrest, implying that they were giving data.

[โ€“] Phoenicianpirate@lemm.ee 12 points 2 months ago (2 children)

Good thing I never trusted it.

[โ€“] quant@leminal.space 4 points 2 months ago

Implementing an in-house encryption was raising eyebrows already back then. No e2ee as default was also a red flag since it gives users without proper knowledge a false sense of security.

load more comments (1 replies)
[โ€“] dwt@feddit.org 11 points 2 months ago (1 children)

Surprised pikachu faceโ€ฆ.

[โ€“] Mojeek@lemmy.ml 2 points 2 months ago

noone expected this

[โ€“] todd_bonzalez@lemm.ee 9 points 2 months ago (1 children)

This is a wild admission. Not only does it show that Telegram completely betrayed all of their users, but it also reveals that they know about all the terrorism and child porn channels on their service, and deliberately didn't delete them.

[โ€“] grrgyle@slrpnk.net 4 points 2 months ago

If I'm being charitable I could presume that they left them so as to not disrupt sting operations

[โ€“] ReluctantZen@feddit.nl 5 points 2 months ago

You mean they've lied all along?

load more comments
view more: next โ€บ