How the problems of Mail.ru and the FSB were forged by the reputation of Pavel Durov and faith in Telegram

Launched in 2013 in a market that seems to be already in short supply of instant messengers, Telegram instantly began to change the rules of the game, being the first to recognize that the average user wants to protect the privacy of his communications - and thereby opening up a niche that was still not occupied by anyone for the capture, into which, after him, other rush messengers rushed after. And Telegram, meanwhile, was already beating the audience from publics on social networks, and even began to turn into a media platform, taking the ground from under the feet of other sites - from blogs to traditional media.



In February 2016, Durov announced 100 million Telegram users, and on March 22, 2018, the messenger reached a “habitability” of 200 million people.



And even if this is a minuscule against the backdrop of billions of audiences of other projects, among which Telegram is only the ninth in the number of active users, this did not prevent him from becoming a trendsetter among other applications.



Continuation: “ On different sides of the state: how Facebook was fried in the US Congress, while Telegram fought with the FSB ”







How did Telegram get to such a life?



Belief in the security of Telegram, to some extent, is a function of the reputation of Pavel Durov himself



Durov constantly articulates his commitment to libertarian views, advocating, among other things, for the reform of the Russian educational system, the abolition of taxes in the field of information, the abolition of the visa system, registration and military conscription, the reduction of customs duties, the provision of complete autonomy to the regions, open jury trials, etc. - Moreover, Durov does not hesitate to submit his views, as well as the decisions based on them, in an uncompromising form.



Old Testament: VKontakte era



Back in the days of Vkontakte, Durov was embroiled in a corporate war when a major shareholder in the social network, Mail.ru Group, tried to absorb it by buying a 100% stake to merge the site with Odnoklassniki. In response, Durov literally showed the corporation the middle finger:







The outcome of the “war” was decided by the fact that Durov managed to convince the co-founders of VKontakte not to sell his shares. In April 2012, the “war” ended.



Around the same time, in 2011, due to the refusal to block opposition publics on Vkontakte, Durov began to have problems with the Russian authorities.



On December 8, 2011, this conflict became public when, at an official request from the FSB with a list of groups, Durov responded with a picture that immediately became a meme.







The next two years, as the situation with freedoms worsened in Russia, pressure on Durov grew. About what was the last straw, he told two years after the answer with a dog in a hoodie.



On December 13, 2013, the FSB demanded that we give out personal data of the organizers of the Euromaidan groups. Our answer was and remains a categorical refusal - the jurisdiction of Russia does not apply to Ukrainian users of VKontakte. The issuance of personal data of Ukrainians to the Russian authorities would be not only a violation of the law, but also a betrayal of all those millions of Ukrainians who trusted us. In the process, I had to sacrifice a lot. In particular, I sold my share on VKontakte, since its presence could prevent me from making the right decisions. But I do not regret anything - protecting people's personal data is worth it and much more. Since December 2013, I have no property, but I still have something more important - a clear conscience and ideals that I am ready to defend.




Outside of Russia, being in a situation less vulnerable to personal security, Durov took an even more categorical position regarding state pressure.



“On March 13, 2014, the prosecutor's office demanded that I close the anti-corruption group of Alexei Navalny under the threat of Vkontakte blocking. But I did not close this group in December 2011 and, of course, I did not close it now, ”Durov wrote on his page on the social network.



“We will not remove neither the anti-corruption community of Navalny, nor hundreds of other communities whose blockages require us. Freedom of dissemination of information is an inalienable right of a post-industrial society. This is the right without which the existence of Vkontakte does not make sense. ”



New Testament: The Age of Telegram



In an interview with the New York Times, Durov said that the idea of ​​creating a messenger appeared in 2011, when representatives of the Russian special services came to him. As soon as they left Paul’s house, he realized that he simply didn’t have a safe communication channel with his brother, friends and colleagues. If there is no channel, then you need to create it. Which was done.



The first version of the software appeared in 2013, initially an application for iOS was introduced, and then for other platforms, including Android, Windows Phone, Linux, Windows and OS X. When Telegram appeared on the AppStore as an experimental messenger on August 14, 2013, The first paragraph of his description looked like this:



Security. Messages sent to Telegram cannot be heard by third parties like your Internet service provider.



As a result, Telegram was one of the first to loudly and ambitiously declare its focus on protecting privacy.



In fact, immediately after the messenger was published, it was announced that it was protected not only from ordinary intruders, but also from wiretapping by government agencies like the FSB, NSA, etc., even offering such original features as secret chats.



Secret chats in Telegram were launched back in October 2013, while Facebook and WhatsApp provided users with this opportunity in 2016.



Being the first turned out to be important - the repetition of the "Telegram" chips, like end-to-end encryption, by the same "Watsapp", looked like a usual method of competition, saying nothing about the real motivation of developers to protect the privacy of users.



Of course, various features in themselves made Telegram a protected messenger no more than a grenade lighter and a beacon in heels made James Bond an adequate replacement for an airborne company, for example, when storming enemy fortifications.



Their resistance to assault tactics, undermining and any other attempts to inflict harm on the Telegram, the application team demonstrated proposals to crack their product for their own money. Of course, in addition to some major bounties, there is ongoing work to catch vulnerabilities - and Telegram does not spare money to find weaknesses.



The sums of rewards of two hundred - three hundred thousand dollars attracted the attention of the media - and, as a result, even more developers to test the vulnerabilities of the messenger. Now the hype has faded, the search for vulnerabilities has become more routine, but it has not gone anywhere, periodically reminding itself of itself through various publications of the next successful bug hunters.



Thanks to its reputation as a tamper-resistant product, Telegram has become popular, among other things, in countries with authoritarian or overly curious regimes.



In Iran, let’s say, by the end of 2017, more than 40 million people used the “Telegram” - half (!) Of the country's eighty-millionth population, - soon after which it was, among other mass Internet services and resources, blocked by the authorities in the process of suppressing unrest.



For all the declared liberality of the views of “industry captains” like Mark Zuckerberg, Sergey Brin or Tim Cook, the interests of shareholders force them to “flex” under power, for example, in China, putting them in an uncomfortable position in which they are trying to save face, while not giving up his piece of a huge Chinese pie.



In combination with a visible contempt for the financial risks of conflicts with various states, no matter how large the market they are, Durov completes the formation of the image of almost modern Guy Fawkes, the idol of anarchists. And the person who you believe that he will not follow you or merge your data to the side in his application.



In Russia, the Telegram was far from such coverage - in September 2017, Pavel Durov counted 10 million users in his homeland, however, enough to become a bone in the throat of the FSB, in 2016 lobbying for the adoption of the Orwellian package of laws by Yarovoy-Ozerov , giving it the right to demand from any services operating in the territory of Russia “golden keys” to all secret doors - that is, decryption of any, at the discretion of the heirs of the tsarist “secret police” and the NKVD, the communications passing through them.



The procedure for transferring encryption keys was immediately published by the FSB in order No. 432, and to demonstrate the seriousness of the mood of the special services, Roskomnadzor even imposed a demonstration penalty on a number of services, the loudest of which has not yet been unblocked LinkedIn.







In the summer of 2017, stories appeared on several channels in which Durov was called an anarchist and was accused of coordinating many of the terrorist attacks of recent years, including the explosion in the St. Petersburg metro through Telegram. (At the same time, Channel One urged me to subscribe to it on Telegram).



Dmitry Kiselyov on the air of "Russia 24" said that Telegram "is increasingly turning into a communication system for terrorists." NTV channel gave the floor to the head of Roskomnadzor Alexander Zharov, who urged Pavel Durov to “change their minds” and provide the secret services with decryption keys.



On June 26, Durov answered him on his wall:



This requirement not only contradicts Article 23 of the Constitution of the Russian Federation on the right to privacy of correspondence, but also demonstrates ignorance of how communication is encrypted in 2017. In 2017, the exchange of secret information is based on terminal encryption, to which the owners of instant messengers do not and cannot have “keys for decryption”. These keys are stored only on the devices of the users themselves. Although Telegram was a pioneer of this technology, today all popular instant messengers, including WhatsApp, Viber, iMessage and even Facebook Messenger, use terminal encryption. The potential blocking of Telegram will not complicate the tasks of terrorists and drug dealers in any way - they will have dozens of other messengers built on terminal encryption (+ VPN) at their disposal. Not a single country in the world has blocked all such messengers or all VPN services. To defeat terrorism through blocking, you have to block the Internet.


By adding that day:



The time of the appearance of information that Telegram was allegedly used almost three months ago in the preparation of the attack raises questions. It is sad if the Russian special services exploit such a tragedy as an excuse to strengthen their influence and control over the population.



Unfortunately, communication tools like Telegram or WhatsApp cannot only become unsafe for potential terrorists. Encryption of these services either protects all users equally, or puts them all at risk. Failure to end encryption in a single country will make tens of millions of people defenseless from hacker attacks and blackmail by corrupt officials.



Moreover, the weakening of encryption in all instant messengers will lead to undermining the national security of the country as a whole, since in this case foreign intelligence services will inevitably also have access to the correspondence of Russian citizens. At the same time, the risk of terrorist attacks will not disappear - as the events in Paris have shown, one-time phones and regular CMC without any encryption are enough to carry out a terrorist attack.


In addition to media attacks, Telegram had to fight back from Roskomnadzor, which had begun to circle around it:



Telegram works on the same principles around the world: even in conservative Iran, where Facebook and Twitter are blocked, and where Telegram has more than 40 million active users, the government has not received a byte of user personal data from us. We will not make exceptions to our principles in order to maintain market share in individual countries.




Shortly before the start, on March 22, 2018, Telegram stepped over two hundred million users, and on March 29, it “lay down” in Europe and Russia for 3.5 hours due to a power outage in one of its data centers.







Users began to joke about a training outage in Russia, and Roskomnadzor laughed off that he had nothing to do with it.



Symbols of faith in the blessed "Cart"





An example of the belief formed in this way in Telegram will be demonstrated by Bruce Sewell, Apple's General Counsel, who stated in March 2016 that Telegram is an “absolutely unbreakable method of communication”.



But this is the problem of any faith: not everyone is ready to accept it.



Holy Wars against the Telegram



At the end of 2013, a message about the Telegram vulnerability appeared on Habrahabr, which allowed access to the chats of any user who has disabled two-factor authentication by intercepting SMS with a one-time code.



In the summer of 2016, an article “ Why you should stop using Telegram right now ” was published on Gizmodo, the author of which stated that the messenger is not at all as well protected as the Telegram team claims. The main security problem, he called the need to manually enable chat encryption - by default, this feature was disabled, and in order to get a truly secure communication channel, you had to enable it yourself in the settings.



But most of the problems surrounding Telegram were related to linking the account to the user's phone. So, in May 2017, unknown users were able to log into the Telegram accounts of opposition politicians Georgy Alburov and Oleg Kozlovsky. They both received login messages from a new device that was running Linux and was connected to the network through the anonymous Tor network.



After a detailed investigation (the Telegram developers took part in it), it turned out that the incident was connected with the interception of an SMS message with a password to enter the messenger. The most interesting thing is that on the night of the interception of codes, SMS messaging services on the phones of affected users were turned off. Another coincidence is that they were both MTS subscribers, which Alburov and Kozlovsky accused of helping crackers.



At the end of 2017, doubts about the invulnerability of the messenger were sown by Anton Rosenberg, an ex-employee of Vkontakte and Telegram. He said that during the conflict with Pavel Durov’s brother, Nikolai, he, Rosenberg, suddenly lost the history of correspondence from the moment of registration in 2013 in the Telegram messenger. “ It was deleted only on the server, because the messages cached on my phone did not go away. In general, everything looked exactly as if someone had made a request to delete_first_messages (“delete the first N messages of the user”) - such a function was still in the text-engine engine developed in VK and later posted in open source ”. His post made a lot of noise, but his words remained without confirmation.



The Telegram’s official reply to the Gizmodo article said that the author is confused in terms without distinguishing, in particular, conventional and terminal encryption. According to the messenger team, everything is encrypted in it: "Secret chats use end-to-end encryption, cloud chats use client-server encryption to transmit data and, of course, are stored in encrypted form."



In addition, to ensure the security of data that does not have end-to-end encryption, Telegram uses a distributed infrastructure. In this case, information from cloud chats is stored in a large number of data centers around the globe, being under various jurisdictions. Decryption keys are divided into parts and are not stored in the same place as the data encrypted with these keys.



As a result, in order to force Telegram to issue any kind of information related to the messenger users, it is necessary to obtain several court orders from various jurisdictions.



In June 2017, the messenger team stated the following: “To date, Telegram transferred 0 bytes of user data to third parties, including government bodies.”



Politicians, too, despite the situation with Kozlovsky and Alburov, continue to use Telegram. For example, the messenger uses the headquarters of Alexei Navalny.



Telegrams are good service, I use, the headquarters use, there have never been leaks. And if there were - it’s okay, we have no secrets; unlike the authorities, we do not have a situation where we would discuss one thing “to ourselves” and say another “public”.

- Leonid Volkov, IT specialist and chief of staff of Alexei Navalny


In general, until now, all doubts, questions, blockages and attacks have been for the Durov brainchild only good, strengthening his reputation and strengthening his faith in the security of Telegram.



And this is only one side of the large-scale Telegram phenomenon, which includes, in addition to technical, marketing, media, cultural and ideological aspects.



PS You can support the author in rubles using the “Support the author” function or QIWI service.



All Articles