I once visited Moscow for a AI coding jam sponsored by the Russian state, and while I was there, there was a Telegram group for all of the students to use to communicate during the jam. This Telegram channel was set up by the state officials.
A small section of Russian students were floored, and responded that they thought Telegram was banned in the country at the time (circa 2017-2018). The state officials laughed and responded that it wasn't any concern because they could read everything in any chat they wanted.
I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
Maybe it was some dry joke, maybe those students were woefully misinformed, who knows. But it certainly broke any confidence I had in the security of any existing messaging app.
I personally use Signal, but that's mostly just because I have personal friends who use it and it's convenient to use on my PC.
Edit: Kinda funny, I only just logged into this site again, and some of my last previous comments were about the same thing.
Signals problem is they are too extreme on the security aspect neglecting everything else but a messaging app is much more than one feature to be considered a serious alternative for the masses. It hasn't even solved backup of your chats as a basic feature because it's not important to their developers but a non-negotiable feature for the majority of chat app users.
That may be true for Android devices but not for Mac and iphone. I checked a week ago when i wanted to give signal another chance after years but it's utter lack of a convenient backup and restore functionality drove me once again away. This means if you loose or damage your phone or macbook all chat history is forever lost. That may be convenient if you're the ceo of amazon but not for normal people.
The worst thing for me was that app versions expire pretty frequently with no warning, then you just stop getting notifications. Which is extra annoying cause I'm only on it for some bar trivia group that totally doesn't need e2ee (or even e).
Also, Facebook Messenger recently added e2ee, which made it glitchier, fussier, and not really any more secure given that the key is a short numeric code.
Web-apps in the browser can't be used for encryption because in that model the server is always trusted to send whatever code it wants. That defeats the point of end-to-end encryption. That's why Mailvelope is a browser add-on and webmail clients don't just embed openPGP.js. This way they can create releases of the crypto-code and distribute them over trustworthy channels.
If Isolated Web Apps (IWAs) take off, it may become an option.
The fact that Telegram is home to thousands of military bloggers discussing the war in Ukraine without getting blocked is a clear signal that the platform is completely compromised and controlled by the Russian state. There is a 0% chance they would allow a free flow of information of this type.
Telegram is also home for many oppositioners of Russian State and Putin, Russian Liberals and LGBT communities. Why would government-controlled platform ever allow it?
2. They can dox and eliminate any real threat if they can monitor the most popular communication tool
According to many sources, Telegram is a vital communication tool of the Russian military in the war with Ukraine. If that's true, then there can be only two primary interpretations: 1. Russian gov is astoundingly incompetent 2. They are able to monitor Telegram
Your theory is interesting, but the most popular social network in Russia is Vkontakte, not Telegram. It is indeed controlled by the government and any "illegal" liberal channels are banned on sight.
> If that's true, then there can be only two primary interpretations
There is a third possible explanation:
3. This particular war is full of misinformation and lies from both sides. Telegram can be used as a tool to spread your disinfo, masking it as truth.
I really doubt that russian military uses Telegram to coordinate anything, and if they do - it could be rare cases where soldiers haven't gone through any special training. But I can see how Telegram can be used to share other non-vital data. If it's true, then surely it's not incentive from above, but initiative from below.
You should keep in mind that it's not professional specialists on the battlefield, but mostly people who've been regular citizens just a few years ago.
As far as I know VK is not nearly as popular as Telegram specifically as a communication tool, aka a messaging app. WhatsApp and Telegram being by far the most popular options in Russia.
> Telegram can be used as a tool to spread your disinfo, masking it as truth.
So can TV, newspapers, local websites, etc etc. And yet we know what happened to all Russian media that tried to spread messages contradicting the official position. I don't believe Russian gov (or Soviet for that matter) is confident enough to allow dissenting opinions to be spread on such a massive scale without a high degree of influence and/or monitoring.
I know usually the burden of proof is on the side of the conspiracists, but in this case I am not taking any chances. If it's a Russian company that is widely used by the Russian ideological state apparatus, I have zero trust in whatever their encryption promises are.
> I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
The Russian state stopped blocking Telegram after the state investments in the platform, that tells you everything you need to know about its security and the deals they must have made with the Kremlin.
If something isn't blocked in Russia right now, it's because they have access to it.
For a while now I just assume anything that is used/allowed in Russia and/or China is only because those states have access to the contents. They are advanced and powerful enough to ban and create alternatives. So Russia probably can access whatsapp messages. Meaning that any three letter agency can do that as well.
> The Russian state stopped blocking Telegram after the state investments in the platform,
Where are you getting this from? Russia has seen Telegram as an enemy since day 0, and probably had to lift their block because it didn't work at any point, Telegram was available in the country the entire time.
Have these "state investments" been reported on by some reputable organizations?
So RDIF says they've invested in Telegram, Telegram says they were approached but said no. Is there any 3rd party sources for this that can confirm either side?
Yup, and it's a tragedy. A boss cares about the work being delivered, and wants the end product as a valuable piece of the business.
It's not like school where if one is late, one might as well not even turn it in; even if it's late, it's still valuable, and school doesn't teach that.
> To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.
It's not true. I just recently switched phones. If you activate your phone on the app, you can't use the app on your previous phone without authenticating again, and it only shows your local history. I lost all my history when moving phones, as I chose not to back up my messages (who would?).
> I lost all my history when moving phones, as I chose not to back up my messages (who would?).
The trick is to use the local backup option (it's encrypted with a key from the whatsapp servers, but all the files are kept on your device), and use syncthing to copy the whole folder structure (containing the backup and the media) to the new phone before installing whatsapp. When first run, the whatsapp client detects the presence of that backup, asks whether you want to use it, gets the key from the whatsapp servers (after you authenticate your account), and restores the backup.
(By the way, Signal can do the same trick, but it's slightly less user-friendly: the encryption key does not come from the signal servers, it's a sequence of numbers you have to write down and type on the new phone.)
Really. It's a constant fight between Telegram and the not-so-great Russian Firewall. There are actually public channels you can join in Telegram that run a tally of Telegram IPs blocked by Roskomnodzor.
We even had a speaker advertise a telegram channel for everyone I was there with to talk to each other, and the Russian audience laughed to his amusement. I didn't get the joke; kind of funny now.
I still never ended up using it, have too many messaging apps as it is. It's really sad how much that can limit staying in touch with international friends though.
My speculation is that it maybe tries to crack the hashed value and input that to the phone instead, rather than interfacing with the password screen.
in other words: the encryption/wipe code may be a function of the password screen, but the phone may accept a hashed key as a valid unlock attempt through a different interface that does not contribute to the failed attempts limit.
Of course it is highly unlikely that it interfaces with the password screen. My point is that if you could extract a hash from the secure enclave it would make much more sense to brute force it on a powerful external cluster. However this seems not to be possible as the decryption is only possible inside the secure enclave element unique to the device, thus decryption attempts have to be done on the the device itself, GrayKey seems to have managed to circumvent the wrong attempts counter and/or the triggering of subsequent protection mechanisms.
From what I can tell, it simply tries to brute force the password (perhaps with some informed suggestion). It does appear to have access to an exploit that bypasses/disables the encryption lock that wipes data off the phone after failed attempts, but it does not appear to utilize an exploit/backdoor to gain access to the device; it gains access the "legitimate" way.
This. I recently worked with a company that produces drones among other things, and spoke with the head of research there.
More or less, they said they had given up on putting money into drone R&D until battery technology caught up, as they had plenty of ideas that they believed in but were unfeasible due to battery life.
As RC vehicles {car|helicopter|plane} get larger they reach a certain mass where liquid fuel - usually a petroleum - is preferable to battery. Why is this not an alternative for drones?
It's hardly $30k to buy a gas drone. You can buy a Cox .049 engine for $50 or so.
You're looking at a fixed wing aircraft though with one of those. What's made the quadcopter drone possible is the high torque and instantaneous throttle response of small electric motors, combined with fast control electronics. The conventional way to fly a small helicopter is just like a full sized helicopter, with a main rotor and a mechanical swash plate.
With the right control electronics, these can easily be made into drones, but people tend to not like them as much anymore because they're mechanically complex and finicky. The electric motors are simple, and when one goes bad you just drop in a new one.
Could you couple one of those engines to a generator, and use that to power the electric motors? You'd need a battery or supercapacitor to handle change in throttle demand that outpaces generator response too.
Weight is the limiting factor. Try to find a generator that can output up to 400amps at 25V (what my big drone draws) and yet weighs less than five pounds including fuel.
I think that’s a more impossible goal than increasing power density in batteries is.
Controls are more complicated if you're not using electric motors where a microcontroller can easily adjust the RPM. Someones already linked a hybrid drone with a gas powered generator but it's not cheap. In high volume it could probably come down a lot but I don't know how much demand there is for it.
The electric motors used can change the speed of 4+ independent propellers extremely quickly.
This is hard to do with petrol engines, without costing a lot of extra weight or mechanical complexity, in a system where any single failure means a crash
I wonder if there's some simple variable transmission that could be electronically controlled to deliver power from the motor to the propellers in highly controlled fashion.
A generator and four motors. Efficiency would probably be around 70%. It's about 90% in diesel-electric locomotives where more weight and money is spent on efficient conversion hardware.
This might enable electronic control witout using any motors just one simple coil per propeller. Energy generated through this way of control could be stored to power onboard devices.
I've watched people fly RC airplane and helicopters with gas engines. They still exist, and there are air fields for them. I've seen them since the 90s as a kid. They aren't expensive but, are bigger and require an actual landing and takeoff area.
Given the line of sight limitation for drones, gas power does not add much value. Batteries are usually sufficient to map/photograph the area within range of the operator. Given this legal limitation, it is often more economical to hire a small plane like a Cessna with an avionics package and a 400 mi range.
All the French bakeries I went to actually had a huge amount of fresh baguettes, absolutely delicious and 35 cents each. Maybe they were bad compared to gourmet baguettes, of course, but they were great compared to the American variants
A small section of Russian students were floored, and responded that they thought Telegram was banned in the country at the time (circa 2017-2018). The state officials laughed and responded that it wasn't any concern because they could read everything in any chat they wanted.
I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.
Maybe it was some dry joke, maybe those students were woefully misinformed, who knows. But it certainly broke any confidence I had in the security of any existing messaging app.
I personally use Signal, but that's mostly just because I have personal friends who use it and it's convenient to use on my PC.
Edit: Kinda funny, I only just logged into this site again, and some of my last previous comments were about the same thing.