Watch his interview with Tucker Carlson and you’ll see. He doesn’t acquiesce to government requests for moderation control, censorship, and sharing private user data so they target him. He refuses to implement backdoors as well. In stark contrast to western social media companies.
When an authoritarian govt is calling for the release of someone who runs a "private" messenger, it suggests they have a back door. Otherwise they tend to oppose all private messaging.
No, there is no logical link between the two events. Russian govt can protest that for propaganda reasons: to make a point that Western governments are restricting freedom of speech.
They're hitting that Uno Reverse card. Tbf, the US does a LOT of the stuff that we openly criticize Russia and China for. Which, I would hope that people have enough insight to recognize that this is a bad thing across the board. The only people who get hurt and face consequences from this kind of a thing are the citizens.
This is a key perspective people fail to take into account. We've been conditioned by movies, books etc to think everyone fits into these black and white "good and bad" categories.
Most western countries do horrific things we do not find acceptable, but when we do find out we hand wave it away because they're the "good guys".
They don't tend to care until large enough quantities of people start listening despite whatever filters (i.e. de-ranking social media posts) and countermeasures (i.e. cable news assets) are put in place before it gets to that point. Then they very likely have the ability to label it as misinformation and find a legal reason to prosecute under a number of broad categories: https://www.thefederalcriminalattorneys.com/false-informatio...
It came very close to this during Covid, and maybe once or twice since then.
You're free to say what you want, and everyone is free to ignore you if what you say doesn't jive with "common sense".
No. What would be illogical is to assume that because Russia might be motivated to protest for the sake of propaganda, that it is not also, or instead, motivated by not wanting to lose access to a hypothetical backdoor.
I don't completely buy the fact that he was arrested because he didn't cooperate with authorities. World Police forces have an history of infiltrating criminal groups and gaining their trust; planting backdoors isn't the only way they can investigate people.
Also, this way they're yelling loud to these people "hurry! pick another platform!".
And then, he is also on Putin's wanted list; his arrest could one day turn him into a valuable bargaining chip.
Also now they have added “because people watch football matches illegally on Telegram”. So they are going to throw everything at kitchen sink at Durov, probably also national security issues because anti-French political groups use Telegram in Africa.
It is still not backdoor, sorry, you are completely mistaken.
They came - tried to come - in the front door openly (the expression of back door means completely different, just look it up and you will see) to catch criminals, doing well known and prominent criminal activity, but the Telegram decided to protect the criminals instead. You can try to smear in whatever imaginative reasons behind when the reason are in the front of your face, like it or not, it does not matter if you like it or not! Also how much people like the Telegram because 'it is soo user friendly and pretty', not in pair with serious crimes committed and aided there, completely not!
Also it is still the investigative phase but the suspicion is warranted completely.
I seriously do not understand low moral people shielding those helping criminals, do you really not knowing what are you doing, seriously, just because there is a - misleadingly presented - popular service there? Really? Very worrying the moral state of social media user masses.
Telegram publishes open-source clients that can run on open-source platforms. Signal does not offer any client that doesn't depend on proprietary code (either iOS or Google Play Services) and is aggressive about taking down third-party builds that remove that dependency. I'd say there's a lot more reason to assume Telegram is not wilfully backdoored than Signal (though I'd trust Wire or Matrix ahead of either of them).
We have no real way to check for backdoors in Signal either. Signal is not transparent about what code their servers are running, and you are not allowed to start your own server with a known version. They do not allow for independent distribution of reproducible builds on F-droid, or any other application store that does not identify you. They will take steps to lock out any independent implementations of the client from their servers. That the code for their client is released is good, but not good enough.
Huh, I was going to point out that the Signal server isn't Free Software either, since for a while it wasn't being published, but it seems they have gotten back into publishing it.
while it's amazing for them to keep maintaining it, as the person mentioned down the thread, it's hard to know what they are actually running, right? and it's not a lot of work to patch this or clone/branch as necessary before deploying. Oh well, i already resigned that a part of my life will be run by someone else by now.
Publishing server code provides no assurance of anything (although it is still nice, for other reasons) since nobody can know if what they (for any "they") run in production is the same as the public source.
Open client code and documented protoccols are much more important. If you can compile your own client from open source code and it works fine, then you can know for sure what you're sending to the server.
If you bothered to look, you would find that both of the examples given are open-source servers. You might then deduce that you misunderstood the comment to which you replied.
You cannot audit the system/service logs for those servers, neither can you audit the hardware running those servers, nor the internet providers who can snoop on the traffic et al... That's the argument behind "Open source server" in case it wasn't clear.
This might be where the misunderstanding is. This software is indeed server software that anyone can run, and the global network consists of servers run by many independent entities, in many cases with full control of the hardware. One of these entities can be you, and it is completely possible to run from home.
The integrity of your conversation with someone would then depend on both your endpoints, clients, and the respective server.
Just like email, but for chat. There is no single gatekeeper who is allowed to use the network.
No misunderstanding at all. The argument is very clear.
> global network consists of servers run by many independent entities
This is not the case for all the popular chat apps including Signal which uses centralized servers which they run themselves. They clearly see little benefit from this distributed independent server model.
And even that doesn't mean the server is open source.
As I explained earlier if you cannot audit the physical server you are connected to, claiming it's open source is useless. FYI that's literally how the term open source was used in this context!
> The integrity of your conversation with someone would then depend on both your endpoints, clients, and the respective server.
Client to client verification simply works and eliminates the need to also "verify" the server which if compromised introduces an even higher risk of contamination in the trust model (too many co-dependent functions are delegated to the server), not to mention collusion in establishing integrity of yet another device that we need to trust.
Not sure what part of my comment amused you so much.
An IM platform server can be open sourced. Just like any kind of software.
It's just a matter of publishing your code and, preferably making it possible to verify that the service your users are connecting to is build using the same published code.
How could you possibly verify what code they are running server-side?
Typically, the way it goes is that you implement e2ee such that even a fully compromised server cannot read the clients messages, publish the client's source code, and build it yourself or use reproducible builds. That ladt part is where you can criticize Signal. Whether they publish the server code is mostly irrelevant unless you want to run a separate messenger infrastructure.
> unless you want to run a separate messenger infrastructure.
Or if you S2S federate with the upstream server. Which is a core differentiator of XMPP and Matrix. Signal server(s) notably supported proper federation during their initial growth-phase but famously closed it off ("The ecosystem is moving").
Similar story as Google [Chat/Talk/Hangouts], which did federate over XMPP before they closed that down years ago.
Which government? There has been a lot of mysterious deanons of protesters in Belarus in 2020. You know, the kind of deanon where armed people break down you door and you're going to be beaten and tortured for several days in the very least.
In practice it is very easy to deanon using social engineering.
It is enough to open a shared link to expose your IP. A lot of people would click something like "Belorussian protestors got deanonized" or "10 ways to keep you safe" in a group chat. Just get it a catchy title. And this link is specially crafted to lead to the exposer server.
Who would watch an interview being held by a crazy person and take it at face value? Anyone with half a brain would avoid watching or listening to Tucker Carlson like the plague.
