• True@lemy.lolOP
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    3
    ·
    edit-2
    2 months ago

    The article mention that he is detained as part of a investigation:

    Durov was traveling aboard his private jet, TF1 said on its website, adding he had been targeted by an arrest warrant in France as part of a preliminary police investigation.

    TF1 and BFM both said the investigation was focused on a lack of moderators on Telegram, and that police considered that this situation allowed criminal activity to go on undeterred on the messaging app.

    • NoForwardslashS@sopuli.xyz
      link
      fedilink
      arrow-up
      43
      arrow-down
      3
      ·
      2 months ago

      Now we are detaining CEOs for potential criminal activity on their platforms, I expect to see many other CEOs behind bars before the end of the weekend

    • hoshikarakitaridia@lemmy.world
      link
      fedilink
      arrow-up
      32
      arrow-down
      10
      ·
      2 months ago

      I don’t like that at all.

      Hate on billionaires all you want, but a platform like this shouldn’t be forced to moderate. It runs completely counter to the USP of the app. It’s encrypted anonymous communication capabilities.

      • elvith@feddit.org
        link
        fedilink
        arrow-up
        12
        arrow-down
        2
        ·
        2 months ago

        It’s encrypted anonymous communication capabilities.

        Unless you enable it for every single chat (and IIRC only available for chats with only two persons, not group chats) there’s no encryption. Or did they change that? The only encryption that applies to most chats on that platform should be transport encryption via TLS.

        • Fushuan [he/him]@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          That’s not correct. There’s user to server encryption, just not e2e. It’s less secure, sure, but given that they want to arrest the CEO over his compromise on keeping that actually private, it seems trustworthy enough, and has been over the years.

          • balsoft@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            2 months ago

            There’s user to server encryption, just not e2e.

            That’s exactly what the comment said: The only encryption that applies to most chats on that platform should be transport encryption via TLS. It’s about the same level of encryption as Lemmy PMs.

            The fact that Telegram doesn’t cooperate with French authorities doesn’t mean that it doesn’t cooperate with other authorities or sell your data to the highest bidder. They have all the technical means for it.

            Don’t use a regular Telegram chat if your life depends on the messages being private. Use XMPP, Matrix with E2EE, or at the very least Signal. Heck, even WhatsApp is (reportedly) better, as it claims to provide E2EE and that’s been checked by some security professionals who have been given access to the source code. If you absolutely must use Telegram for something like that, only use secret chats.

            • rdri@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              That’s not correct. Toy may call it TLS but it’s a custom protocol. Data is not kept unencrypted on their servers, according to their docs.

              • balsoft@lemmy.ml
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                2 months ago

                Toy may call it TLS but it’s a custom protocol.

                Sure, it’s mtproto. The security it provides for non-encrypted chats (which are the absolute majority of chats) is not any different from just having TLS for transport. It’s potentially even worse as it’s not as well-audited.

                Data is not kept unencrypted on their servers, according to their docs.

                That just means that they store both your data in some encrypted way and the key. They can still read it trivially. You don’t even have to know the protocol to understand why: you can add new devices without having any other device online, and read all non-secret chats. It might also just mean disk encryption, in which case it’s plain-text in RAM while the server is running.

                • rdri@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  2 months ago

                  is not any different from just having TLS for transport

                  Yes, in simple terms, all encrypted transfer protocols are similarly protected from mitm attacks.

                  That just means that they store both your data in some encrypted way and the key. They can still read it trivially.

                  They can and they said the decryption keys are always kept separately (there are probably more layers than I can describe) from the data to make sure the servers are not used to decrypt the data locally. They can be lying for all I care. The bigger problem is that people somehow assume this a huge threat, while all previous cases didn’t involve anything like that. People are getting into trouble for their public content - protected by some encryption but visible to anyone interested (who then report it to oppressive authorities).

                  While some go extra mile to explain to you how you should use e2e for your family group chats, real criminals do their stuff everywhere (especially on telegram) for years, staying safe. Problem is not how weak or strong the encryption is, but that once you are under oppression and do opposition activities, you’re going to learn by yourself how to deal with it. Signal will not save you from people in your group chats if they are there to report on you.

                  • balsoft@lemmy.ml
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    edit-2
                    2 months ago

                    Problem is not how weak or strong the encryption is

                    Here it’s definitely part of discussion. The context was

                    It’s encrypted anonymous communication capabilities.

                    It’s barely anonymous, and poorly encrypted. The latter is the reason Durov is in custody while Signal devs are scott free. He could easily turn illegal stuff over to French authorities, but doesn’t.

                    The bigger problem is that people somehow assume this a huge threat, while all previous cases didn’t involve anything like that.

                    There have absolutely been cases where a backdoor/weakness/lack of encryption used to catch criminals before: https://en.wikipedia.org/wiki/Operation_Trojan_Shield https://en.wikipedia.org/wiki/Ennetcom https://en.wikipedia.org/wiki/EncroChat . I distinctly remember that there were also arrests of opposition activists in Russia based on personal messages in VKontakte, but can’t find the news right now.

                    real criminals do their stuff everywhere (especially on telegram) for years, staying safe.

                    Some are staying safe, others are being caught precisely because of this.

                    Problem is not how weak or strong the encryption is, but that once you are under oppression and do opposition activities, you’re going to learn by yourself how to deal with it.

                    Using better encryption schemes is definitely part of that.

    • EleventhHour@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      edit-2
      2 months ago

      I see, perhaps I’m just unfamiliar with the criminal justice system in France

      In the United States, this would not be considered an arrest, but an investigative detention (a minor but important distinction)