zlacker

[parent] [thread] 14 comments
1. drdaem+(OP)[view] [source] 2024-08-27 18:29:43
> In Pavel's interview with Tucker Carlson

He also said that he doesn't visit Russia anymore, yet a recent FSB leak indicates that he was frequenting there. And before that he heavily marketed Telegram as ad-free forever. And before that there were quite weird populist PR tactics when professional cryptographers pointed out Telegram's crypto is a mess.

YMMV, but I wouldn't trust a single word from this guy.

replies(5): >>dmix+E2 >>jaykru+N7 >>codedo+R41 >>ein0p+0o1 >>proper+L72
2. dmix+E2[view] [source] 2024-08-27 18:42:06
>>drdaem+(OP)
Has that FSB leak analysis been vetted by anyone besides that Russian newspaper that published it?

If it's true then he was reckless in his traveling not just to France.

replies(1): >>drdaem+s4
◧◩
3. drdaem+s4[view] [source] [discussion] 2024-08-27 18:51:59
>>dmix+E2
Good point. No, I haven't seen any independent confirmations yet.
replies(1): >>cvalka+Cs
4. jaykru+N7[view] [source] 2024-08-27 19:05:05
>>drdaem+(OP)
> Telegram's crypto is a mess

Telegram's crypto may be weird, as the professional cryptographers you allude to have pointed out; I don't know, not being a cryptography expert. But MTProto 2.0 has been shown to enjoy many nice security properties (including a version of forward secrecy, though one afaik not as good as that enjoyed by Signal): formal proofs available here https://github.com/miculan/telegram-mtproto2-verification/tr... and some peer reviewed papers describing the formal verification effort are linked to there as well. Considering that I think calling Telegram's crypto "a mess" is misleading.

replies(3): >>drdaem+jf >>jazzyj+Wr >>ezst+Pj1
◧◩
5. drdaem+jf[view] [source] [discussion] 2024-08-27 19:39:38
>>jaykru+N7
It used to have issues, they have improved since, but I don't consider Telegram to be encrypted or private (and I'm also not a crypto expert, so the details elude me anyway) so I haven't really kept track of this.

Honestly, the issue was not about their crypto at all, but about the attitude and how they reacted. It's literally as if someone says "dude, I know a thing about crypto and you might've made a mistake there" and Pavel immediately goes into offensive defense, preaching how they have the best ACM champion PhDs and shifting the burden of proof, basically a canonical Putin/Trump-style of evading an argument.

That's what makes me wary of this guy, not his product.

◧◩
6. jazzyj+Wr[view] [source] [discussion] 2024-08-27 20:43:33
>>jaykru+N7
Ironically, just being able to produce a valid proof is hardly proof that an implementation has those properties, it just means they put some effort into it.
replies(1): >>jaykru+oV
◧◩◪
7. cvalka+Cs[view] [source] [discussion] 2024-08-27 20:46:22
>>drdaem+s4
Yes, independently vetted.
replies(1): >>lolind+1L
◧◩◪◨
8. lolind+1L[view] [source] [discussion] 2024-08-27 22:33:44
>>cvalka+Cs
Citation?
◧◩◪
9. jaykru+oV[view] [source] [discussion] 2024-08-27 23:59:13
>>jazzyj+Wr
This would be a valid point if the client source code wasn't available; you can build the app from source and sideload it onto your Android phone or verify [0] that the build available for your platform matches the code you've audited for compliance to the protocol. Granted I don't know if anyone's performed such an audit, but it's at least an option.

[0] https://core.telegram.org/reproducible-builds

10. codedo+R41[view] [source] 2024-08-28 01:43:38
>>drdaem+(OP)
This is not the first time Pavel being not very truthful. I rememeber when he was the CEO of Vkontakte, in 2012 he published a post claiming that he is living a modest life: "I don't own planes, cars or homes. My world is walking or riding the subway and sleeping in a 215 sq ft rental apartment. Those who want to be me would also have to give up meat, alcohol and expensive clothes". And just a year later there were the news that he broke the traffic rules while driving a Mercedes, hit a traffic cop, showed an indecent sign to him and ran away into Vkontakte office located nearby while his guard blocked the cop trying to chase him.

There also was a story when he claimed that Telegram is developed abroad but it turned out that many of Telegram employees actually worked at the same beautiful historical office building where Vkontakte was located at that time.

Also, a fun fact, when he was a CEO of Vkontakte, one day he was throwing banknotes into the crowd from a window in that notable historical building. Maybe he was conducting an experiment with universal basic income, who knows.

replies(1): >>proper+772
◧◩
11. ezst+Pj1[view] [source] [discussion] 2024-08-28 05:05:30
>>jaykru+N7
The characteristics of MTProto are barely relevant when it is not used in the real world: group chats cannot be encrypted with it, 1:1 chats have caveats like terrible UX and the need for both parties to be online to initiate a session.
12. ein0p+0o1[view] [source] 2024-08-28 05:55:54
>>drdaem+(OP)
Doubtful that he’s “frequenting” there given how he left the country. When the FSB (Russian FBI) demanded he comply with the laws and provide the decryption keys he had his lawyers send a prank letter to the head of the FSB with two physical keys (as in, the actual keys you open your door with) attached to it as a sign of “compliance”. Try that in the US and see if you can “frequent” the country after that.
◧◩
13. proper+772[view] [source] [discussion] 2024-08-28 13:20:11
>>codedo+R41
AFAIK all this info was leaked by the enemy of Pavel's brother, they had a conflict over a woman, not saying the information is false

> while driving a Mercedes it's typical for the rich to register their properties to a friend/family/classmate

replies(1): >>codedo+ux3
14. proper+L72[view] [source] 2024-08-28 13:23:39
>>drdaem+(OP)
> professional cryptographers pointed out Telegram's crypto is a mess

They can earn a lot of money via Telegram Bug Bounty Program if they can prove it

◧◩◪
15. codedo+ux3[view] [source] [discussion] 2024-08-28 21:33:34
>>proper+772
Did friends and classmates ride the subway (mentioned in the post) for him too?
[go to top]