唔好再喺網上裸跑
:^(
Ads
Ads
唔好再喺網上裸跑
多謝你嘅留言。為咗方便我答,我調過你comment嘅次序。
唔係端對端加密就等於佢睇到晒你所有嘢。Groups 更加係冇E2EE呢個option
Kerckhoffs's principle 同我哋講: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Ed Baev of Yalantis “found some terrifying issues with their code. It has lots of hardcode and no constants. There are no system constants, nor constants in the app itself. Other major issues include:
1. Old version of the client in the open source. I don’t really know why, but Telegram usually waits for about 4 to 5 months after the client release and only then it gets to the open source. This means you can only find the outdated version of the client.” 搵唔到合理理由解釋呢件事,而Telegram的 server-side code 是 closed-source 和 proprietary 的。所以keys stored separately 完全係鳩吹都得(你每send 個message咪又係要成個 private key / subkey), server 亦有你嘅 encryption key for Cloud Messages)
2. Magic numbers for int values such as “42540” which are passed as flag values. This made me think their code is obfuscated, but most likely, this isn’t the case.
3. “If-Else” statements are too long and there are really long methods (i.e. 300 lines of code in one method). Moreover, you can't find the documentation for the methods and can't support such code anyhow. This made me curious what sort of a Telegram developer wrote this.
4. Spaghetti code. It's complicated and can make you spend days to simply understand the code architecture.
5. A lot of pure C code used. For developers, this means difficulties in code maintaining and development. Only senior expert developers will be able to deal with such code.”
In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto does not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. They said they saw "no reason why [Telegram] should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist".
In May 2016, the Committee to Protect Journalists and Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, recommended against using Telegram because of "its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green".
On 26 February 2014, Stiftung Warentest criticized the mandatory transfer of contact data to Telegram's servers and the lack of an imprint or address on the service's website. It noted that while the message data is encrypted on the device, it could not analyse the transmission due to a lack of source code. In 2015, the Electronic Frontier Foundation (EFF) found that in Telegram, the communications were encrypted with keys the provider had access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen.
而Telegram founder嘅邏輯, 唔 provide by default等於無:
In Telegram's blog post https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14, Pavel Durov, founder of Telegram and PhD in Philology, mentioned:
"I've been getting this question more often [in 2017]. It's based on the wrong assumption that some other popular messaging apps such as WhatsApp are "end-to-end encrypted by default", while Telegram is not. This post is intended to disprove this myth that has been so carefully crafted by Facebook/WhatsApp marketing efforts.” Right off the bat, they argue that the fact that WhatsApp may not be E2EE (the reasons which he arrived at this conclusion is entirely false, see next comment) as they claim to be implies that Telegram should not be E2EE by default.
Telegram非secret chat 都有用MTProto encryption 加密
只係端對伺服器加密(server-client encryption)而唔係端對端
https://telegram.org/faq#q-so-how-do-you-encrypt-data
2. 採取呢種模式係想設計兼顧安全同便利嘅大眾通訊軟件,所以預設用server-client encryption,而End-to-End Encryption都提供埋畀高危用戶選擇
當然所有嘢前提係你信唔信呢個軟件同公司,唔信嘅佢講嘅所有嘢都係廢嘅
多謝你嘅留言。為咗方便我答,我調過你comment嘅次序。
唔係端對端加密就等於佢睇到晒你所有嘢。Groups 更加係冇E2EE呢個option
Kerckhoffs's principle 同我哋講: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Ed Baev of Yalantis “found some terrifying issues with their code. It has lots of hardcode and no constants. There are no system constants, nor constants in the app itself. Other major issues include:
1. Old version of the client in the open source. I don’t really know why, but Telegram usually waits for about 4 to 5 months after the client release and only then it gets to the open source. This means you can only find the outdated version of the client.” 搵唔到合理理由解釋呢件事,而Telegram的 server-side code 是 closed-source 和 proprietary 的。所以keys stored separately 完全係鳩吹都得(你每send 個message咪又係要成個 private key / subkey), server 亦有你嘅 encryption key for Cloud Messages)
2. Magic numbers for int values such as “42540” which are passed as flag values. This made me think their code is obfuscated, but most likely, this isn’t the case.
3. “If-Else” statements are too long and there are really long methods (i.e. 300 lines of code in one method). Moreover, you can't find the documentation for the methods and can't support such code anyhow. This made me curious what sort of a Telegram developer wrote this.
4. Spaghetti code. It's complicated and can make you spend days to simply understand the code architecture.
5. A lot of pure C code used. For developers, this means difficulties in code maintaining and development. Only senior expert developers will be able to deal with such code.”
In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto does not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. They said they saw "no reason why [Telegram] should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist".
In May 2016, the Committee to Protect Journalists and Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, recommended against using Telegram because of "its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green".
On 26 February 2014, Stiftung Warentest criticized the mandatory transfer of contact data to Telegram's servers and the lack of an imprint or address on the service's website. It noted that while the message data is encrypted on the device, it could not analyse the transmission due to a lack of source code. In 2015, the Electronic Frontier Foundation (EFF) found that in Telegram, the communications were encrypted with keys the provider had access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen.
而Telegram founder嘅邏輯, 唔 provide by default等於無:
In Telegram's blog post https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14, Pavel Durov, founder of Telegram and PhD in Philology, mentioned:
"I've been getting this question more often [in 2017]. It's based on the wrong assumption that some other popular messaging apps such as WhatsApp are "end-to-end encrypted by default", while Telegram is not. This post is intended to disprove this myth that has been so carefully crafted by Facebook/WhatsApp marketing efforts.” Right off the bat, they argue that the fact that WhatsApp may not be E2EE (the reasons which he arrived at this conclusion is entirely false, see next comment) as they claim to be implies that Telegram should not be E2EE by default.
唔好再喺網上裸跑
我亦都講過點可以將password / important chats安全地儲存 at little inconvenience (1Password / KeePassXC; Standard Notes / Nextcloud + LibreOffice).
Signal Groups 無人數限制、全部用一個安全嘅protocol to provide E2EE
問心果句,有幾多個人password 長過30 characters?
2. They continued, “Every popular messaging app offers its users some way to back up their messages to prevent data loss. Messaging apps that ignore backups (such as Wickr/Signal/Confide) never reach 1M DAU [Daily Active User] and remain niche.”
This is a misleading play of words as Signal could never know how many daily active users they have, as they collect almost no data about their users, as described above.
3. Telegram continues, “users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular. […] Secret Chats in Telegram or their copycat versions in Viber or Facebook Messenger [...] also provide e2ee and don’t get backed up).” They claim that the “[c]onsequence of people using [niche] apps can be targeted by governments as those who have something to hide. Due to the limited distribution of such apps, the government can identify and track individuals whose phones connect to the corresponding IP addresses.” It is difficult to see how governments could not track Telegram “Cloud Chat” users since all the chat logs of all users are all permanently stored and logged by Telegram servers in plaintext. In fact, governments can easily subpoena all user data collected by Telegram, and Telegram is legally forced to provide information to government or law enforcement agencies. Edward Snowden’s revelations showed that warrantless searches of private citizens’ records are commonplace and officers in 3-character government agencies can look up such records without even notifying the companies involved. If your service does not even stop mass surveillance, why would government agencies even bother with targeted surveillance?
4. Telegram boldly declares on January 16, 2017 that “WhatsApp's approach has other architectural drawbacks that invalidate end-to-end encryption for 99% of private conversations” (https://telegra.ph/whatsapp-backdoor-01-16), citing an exaggerated news piece from The Guardian, which editors later admitted lacked technical proofreading, that there was a “backdoor” in WhatsApp. This claim caused an outcry amongst 72 security researchers and was likened to the ludicrous claim that “VACCINES KILL PEOPLE” (https://web.archive.org/web/20190724011112/http://technosociology.org/?page_id=1687 and https://signal.org/blog/there-is-no-whatsapp-backdoor/). It is extraordinary that Telegram, a company that appeals to authority by claiming to be consisted of elite PhDs everytime someone poses technical challenges against their MTProto, could conjure the claim that 99% of WhatsApp chats are insecure, and this was soundly refuted by the researchers:
“The imagined attack on WhatsApp […] is a remote scenario requiring an adversary capable of many difficult feats. Even then, the threat would involve only those few undelivered messages, if they exist at all, between the time the recipient changes their phone and the user receives a warning.
In the full scheme of things, this is a small and unlikely threat. The preconditions of the attack (which is not a backdoor) would in practice mean that the attacker had many other ways of getting at their target.”
要自己搵方法/地方記低,否則開唔返backup,亦有被人搵到嘅風險,而backup密碼只係30位密碼
我亦都講過點可以將password / important chats安全地儲存 at little inconvenience (1Password / KeePassXC; Standard Notes / Nextcloud + LibreOffice).
Signal Groups 無人數限制、全部用一個安全嘅protocol to provide E2EE
問心果句,有幾多個人password 長過30 characters?
2. They continued, “Every popular messaging app offers its users some way to back up their messages to prevent data loss. Messaging apps that ignore backups (such as Wickr/Signal/Confide) never reach 1M DAU [Daily Active User] and remain niche.”
This is a misleading play of words as Signal could never know how many daily active users they have, as they collect almost no data about their users, as described above.
3. Telegram continues, “users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular. […] Secret Chats in Telegram or their copycat versions in Viber or Facebook Messenger [...] also provide e2ee and don’t get backed up).” They claim that the “[c]onsequence of people using [niche] apps can be targeted by governments as those who have something to hide. Due to the limited distribution of such apps, the government can identify and track individuals whose phones connect to the corresponding IP addresses.” It is difficult to see how governments could not track Telegram “Cloud Chat” users since all the chat logs of all users are all permanently stored and logged by Telegram servers in plaintext. In fact, governments can easily subpoena all user data collected by Telegram, and Telegram is legally forced to provide information to government or law enforcement agencies. Edward Snowden’s revelations showed that warrantless searches of private citizens’ records are commonplace and officers in 3-character government agencies can look up such records without even notifying the companies involved. If your service does not even stop mass surveillance, why would government agencies even bother with targeted surveillance?
4. Telegram boldly declares on January 16, 2017 that “WhatsApp's approach has other architectural drawbacks that invalidate end-to-end encryption for 99% of private conversations” (https://telegra.ph/whatsapp-backdoor-01-16), citing an exaggerated news piece from The Guardian, which editors later admitted lacked technical proofreading, that there was a “backdoor” in WhatsApp. This claim caused an outcry amongst 72 security researchers and was likened to the ludicrous claim that “VACCINES KILL PEOPLE” (https://web.archive.org/web/20190724011112/http://technosociology.org/?page_id=1687 and https://signal.org/blog/there-is-no-whatsapp-backdoor/). It is extraordinary that Telegram, a company that appeals to authority by claiming to be consisted of elite PhDs everytime someone poses technical challenges against their MTProto, could conjure the claim that 99% of WhatsApp chats are insecure, and this was soundly refuted by the researchers:
“The imagined attack on WhatsApp […] is a remote scenario requiring an adversary capable of many difficult feats. Even then, the threat would involve only those few undelivered messages, if they exist at all, between the time the recipient changes their phone and the user receives a warning.
In the full scheme of things, this is a small and unlikely threat. The preconditions of the attack (which is not a backdoor) would in practice mean that the attacker had many other ways of getting at their target.”
唔好再喺網上裸跑
Despite the fact that The Guardian has withdrawn the claim eight hours after initial online publication on January 13, 2017 (https://www.theguardian.com/technology/commentisfree/2017/jun/28/flawed-reporting-about-whatsapp), Telegram continues to cite the news article they published three days after the retraction and passes this long-withdrawn claim as fact, whilst conveniently not bothering to offer a single word on what the “backdoor” was, despite the “alternative fact” that WhatsApp and its underlying Signal Protocol was “backdoored”, was the presupposition and the conclusion of the article.
Telegram’s blog post continued by paraphrasing WhatsApp’s FAQ, and inciting users’ fear by reminding everyone that WhatsApp is acquired by Facebook. While WhatsApp does collect and report metadata about users, it has nothing to do with this “backdoor”, which concerns end-to-end encryption of a very small subset of messages. The blog post reasons that because WhatsApp does not enable security notifications by default, WhatsApp does not provide end-to-end encryption whilst Telegram never provided any form of end-to-end encryption by default all the while. They boasted that the “Telegram way” of rescuing the poor users who have to trust a company is to have them trust Telegram instead. (As described by them: “Telegram's Cloud Chats offer server-client encryption and secure in-house backups”, which if translated to English, means “Telegram’s unencrypted chats use HTTPS only, and your chats are being processed and stored on our servers, which run on hardware unbeknownst to its users, with source code concealed from public view, just like the insecure Google and iCloud servers. Our offering is a telecommunications app, but we are sure that companies who have managed servers for decades must be inferior to us, a startup that has barely been founded for 3 years [at the time].)
5. “Unlike what you have in niche apps, […] on Telegram, in cloud chats our servers do have access to the encryption key, so individuals can not be singled out and targeted based on the fact that they use secret chats and thus have something to hide.” I honestly could not believe this came out of the blog post of a messaging service that claims to offer end-to-end encryption. When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ If individuals have privacy rights, then invoking ‘nothing to hide’ is irrelevant. I guess at least they were right when they said users of end-to-end encrypted instant messaging cannot afford to have something to hide, because every Telegram user have been robbed of their rights and cannot expect any privacy whatsoever.
The one thing this PhD in Philology did well however, is to delude Telegram users into thinking their conversations are secure in the hands of the UAE-headquartered company, where human right records are stellar. 大陰蒂國 (United Kondom) is the legal domicile of the company, wherein the RIP Act of 2000 requires persons to self-incriminate by disclosing passwords to government representatives. Failure to do so is a criminal offense, with a penalty of up to five years in jail. This policy is so deprival to natural rights, even the CCP didn’t dare to enact a similar policy until late 2019. Telegram then challenged the whole cryptanalysis field by issuing a challenge that is impossible to refute in an attempt to trick the public into thinking Telegram is uncrackable. (see next comment)
Telegram’s blog post continued by paraphrasing WhatsApp’s FAQ, and inciting users’ fear by reminding everyone that WhatsApp is acquired by Facebook. While WhatsApp does collect and report metadata about users, it has nothing to do with this “backdoor”, which concerns end-to-end encryption of a very small subset of messages. The blog post reasons that because WhatsApp does not enable security notifications by default, WhatsApp does not provide end-to-end encryption whilst Telegram never provided any form of end-to-end encryption by default all the while. They boasted that the “Telegram way” of rescuing the poor users who have to trust a company is to have them trust Telegram instead. (As described by them: “Telegram's Cloud Chats offer server-client encryption and secure in-house backups”, which if translated to English, means “Telegram’s unencrypted chats use HTTPS only, and your chats are being processed and stored on our servers, which run on hardware unbeknownst to its users, with source code concealed from public view, just like the insecure Google and iCloud servers. Our offering is a telecommunications app, but we are sure that companies who have managed servers for decades must be inferior to us, a startup that has barely been founded for 3 years [at the time].)
5. “Unlike what you have in niche apps, […] on Telegram, in cloud chats our servers do have access to the encryption key, so individuals can not be singled out and targeted based on the fact that they use secret chats and thus have something to hide.” I honestly could not believe this came out of the blog post of a messaging service that claims to offer end-to-end encryption. When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ If individuals have privacy rights, then invoking ‘nothing to hide’ is irrelevant. I guess at least they were right when they said users of end-to-end encrypted instant messaging cannot afford to have something to hide, because every Telegram user have been robbed of their rights and cannot expect any privacy whatsoever.
The one thing this PhD in Philology did well however, is to delude Telegram users into thinking their conversations are secure in the hands of the UAE-headquartered company, where human right records are stellar. 大陰蒂國 (United Kondom) is the legal domicile of the company, wherein the RIP Act of 2000 requires persons to self-incriminate by disclosing passwords to government representatives. Failure to do so is a criminal offense, with a penalty of up to five years in jail. This policy is so deprival to natural rights, even the CCP didn’t dare to enact a similar policy until late 2019. Telegram then challenged the whole cryptanalysis field by issuing a challenge that is impossible to refute in an attempt to trick the public into thinking Telegram is uncrackable. (see next comment)