Telegram privacy

image



I decided to write this article after reading reviews on my remark that Pavel Durov's Telegram, which has become, de facto, an instrument for coordinating the protest movement in a number of countries, is not suitable for this purpose, since it has obvious privacy problems.



I must point out that I am not a computer security expert - I am an economist who writes science fiction books in my spare time. Therefore, the purpose of this article is, first of all, to provide a platform and a reason to speak out for experts.



I propose to start the discussion with the fact that when registering a user in Telegram, you must provide your cell phone number. Actually, this is where we can finish. In terms of privacy, this is the worst possible solution.



Want to know why?



Alas, in most countries of the world you need to present your passport to purchase a SIM card. Even in those countries where anonymous purchase of a SIM card is possible, its use is associated with the risk of deanonymization - cellular companies collect and store connection statistics, so that the IMEI of the phone, exactly like geolocation data, will be recorded and stored for many years.



Even the use of a disposable phone will not save - since the real one is nearby and turned on. Naturally, you can take care and come up with a bypass scheme - but such, I think, only people who are paranoid about their own privacy can take care of. Including, of course, crooks and terrorists.



Does Paul understand the dangers of collecting such information? Without any doubt. History teaches us that any data can be obtained officially or stolen - through court requests, bribery and blackmail of employees ...



Or through loopholes in the client - as happened in Hong Kong, when the authorities loaded a huge number of numbers into the application to identify users of these groups. To protect against this, an update of the Telegram messenger was developed. Now, members of large groups can change settings and hide their numbers.



But it was too late for the protesters in Hong Kong - the data had leaked. And this is a matter of life and death - such crimes are punishable by imprisonment for a term of three years to life imprisonment.



Could Paul protect users? He could, at the same time without much difficulty - no one will steal data that is not there. To stop posing a threat to users from countries with totalitarian regimes, Pavel just needs to stop collecting their data.



If Pavel refuses to link the account to the sim card, a significant part of the security problems will disappear. So why is Telegram implementing such a solution?



It is believed that this is a business model reasonably used by Paul. A well-known maxim says: β€œIf you get something for free, then you are the product” - neither add nor subtract. Pavel needs your data - since the goal of his activity is to make a profit. And he can get it by selling user data in an impersonal (hopefully) form and (or) showing them personalized advertising.



There is nothing wrong with a user sacrificing some of their privacy in exchange for a convenient free service. Naturally - when he is warned about this and understands the associated risks. And if he is given the opportunity to refuse this transaction - register and use the service anonymously.



Anonymity does not contradict Pavel's commercial interests - without receiving money from the sale of data, Pavel can receive it directly from users - through various models of anonymous sales. (For example, through Google Play Gift Cards - a gift card purchased, including for cash, that can be activated and used to purchase various digital content in the Google Play Market).



So why hasn't this been implemented? I think that under the influence of the special services - recently all over the world there has been "tightening the screws" - a widespread restriction of personal freedoms. In this case - tracking users is a condition for entering the market - programs that provide communication services without identifying users are closed using an administrative resource.



The foregoing applies only to large products - small ones, using the trick of the "Elusive Joe", are still not covered. So, I would recommend the protesters to coordinate their activities with any of the unpopular messengers - or by email. This decision, however, also has negative sides - the effectiveness of the protest in a mass scale, and such decisions have a high threshold of entry.



At the KPVD painting by artist John Brosio



Post-credits scene:
, - . β€” . Β« ?Β» β€” !



( ) β€” ?



, , , . β€” β€” β€” , .



. . β€” , . β€” . β€” , !



? . , .




All Articles