Security Cryptography Whatever

Telegram with Matthew Green

Sep 7, 2024

Matthew Green, a leading cryptography expert, dives into the controversial security flaws of Telegram, especially after CEO Pavel Durov's arrest in France. He debunks Telegram’s reputation as a secure messaging app, discussing its non-standard encryption methods and lack of transparency. Green presents alarming critiques of the MT Proto 2.0 protocol and compares it unfavorably to superior platforms like Signal. The conversation also touches on the legal implications of messaging apps in the context of privacy and government oversight.

01:04:04

Episode guests

Matthew Green

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The recent arrest of Telegram's CEO raises critical legal compliance issues, particularly regarding user safety and privacy regulations in varying jurisdictions.

Telegram's controversial crypto protocols, specifically MTProto, have been criticized for flaws that undermine the platform's security and user communication privacy.

The legal scrutiny facing Telegram may set a concerning precedent for encrypted messaging services, impacting overall privacy and regulatory landscapes.

Deep dives

Telegram's Legal Troubles and CEO Arrest

The recent arrest of Telegram's CEO, Pavel Durov, in France has highlighted significant legal issues surrounding the platform. Durov faces charges not only for not cooperating with law enforcement regarding criminal activities on Telegram—such as the distribution of child sexual abuse material—but also for allegedly operating cryptography in France without proper licensing. The French legal system operates differently than that of the U.S., notably with prosecutors working closely with judges, which complicates the process for tech companies like Telegram. This situation raises questions about how companies manage legal compliance regarding privacy and security in different jurisdictions.

Secure Connections Require Thoughtful Key Exchange

00:36

Critique What Matters: Assessing Security Vulnerabilities

00:24

Guardians of Justice: The Exclusionary Rule

00:28

Intro

3min

Understanding Telegram: Origins and Controversies

3min

Navigating the Complexities of Cryptography and Compliance

4min

Decrypting Telegram's Security Protocols

24min

Telegram's Encryption Protocol: A Double-Edged Sword

25min

Exploring Legal Protections: U.S. vs. France

2min

Citizenship, Chat Control, and Privacy Concerns

2min

We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!

Transcript: https://securitycryptographywhatever.com/2024/09/06/telegram

Links:

- https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
- Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit
- Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf
- MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end
- https://words.filippo.io/dispatches/telegram-ecdh/
- MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation
- OTR: https://otr.cypherpunks.ca/otr-wpes.pdf
- AES and sha2 used in ‘Infinite Garble Extension’ mode: https://eprint.iacr.org/2015/1177.pdf
- Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666
- History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture
- https://securitycryptographywhatever.com/2023/01/27/threema/
- https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/
- https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Cryptography Whatever

Telegram with Matthew Green

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Telegram's Legal Troubles and CEO Arrest

Unique Functions of the Telegram Platform

Flaws in Telegram's Cryptography Protocol

Potential Implications for Encrypted Messaging

The Complexity of French Law and Encryption

Secure Connections Require Thoughtful Key Exchange

Critique What Matters: Assessing Security Vulnerabilities

Guardians of Justice: The Exclusionary Rule

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Cryptography Whatever

Telegram with Matthew Green

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Telegram's Legal Troubles and CEO Arrest

Unique Functions of the Telegram Platform

Flaws in Telegram's Cryptography Protocol

Potential Implications for Encrypted Messaging

The Complexity of French Law and Encryption

Secure Connections Require Thoughtful Key Exchange

Critique What Matters: Assessing Security Vulnerabilities

Guardians of Justice: The Exclusionary Rule

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights