Telegram is indistinguishable from an FSB honeypot
a year ago
- #Telegram
- #FSB
- #Surveillance
- Telegram's protocol design includes a long-term identifier (auth_key_id) prepended in cleartext to encrypted messages, facilitating user tracking.
- Investigative reports suggest Telegram's infrastructure is linked to the Russian FSB, enabling global surveillance of users.
- Telegram's MTProto 2 protocol uses obfuscation and temporary auth_key_ids, but these can still be linked to user devices over time.
- Unlike Signal and WhatsApp, Telegram does not use TLS for client-server communication, opting for its own MTProto 2, which includes cleartext identifiers.
- Most Telegram communications are not end-to-end encrypted, with only 'Secret Chats' offering this feature, which is discouraged by the UI design.
- Telegram's design choices, combined with its infrastructure provider, significantly enhance the FSB's surveillance capabilities.
- The information security community has historically focused on Telegram's encryption rather than its metadata leakage, which is now evident.