(Cross-posted from: https://lemmy.dbzer0.com/post/26559848/)

Some significant news for Telegram users!

See this article for some interesting backstory context on Pavel Durov and Telegram: https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8

Since the post article is in French, here’s an auto-translation:

Pavel Durov, the founder and CEO of the encrypted messaging service Telegram, was arrested around 8 p.m. on Saturday evening as he got off his private jet on the tarmac of Le Bourget airport. The 39-year-old Franco-Russian was accompanied by his bodyguard and a woman.

The arrest was carried out by the gendarmes of the GTA (Air Transport Gendarmerie). Registered in the RPF (wanted persons file), Pavel Durov came straight from Azerbaijan. He had over his head a French search warrant issued by the OFMIN of the National Directorate of the French Judicial Police, issued on the basis of a preliminary investigation.

Why was he under threat of a search warrant?

The Justice considers that the lack of moderation, cooperation with the police and the tools offered by Telegram (disposable number, cryptocurrencies, etc.) makes it complicit in drug trafficking, paedophile offences and fraud.

This search warrant ran if, and only if, Pavel Durov was on national territory. “He made a mistake tonight. We don’t know why… Was this flight just a step? In any case, he’s locked up!” a source close to the investigation told TF1/LCI. Since he knew he was persona non grata in France, Pavel Durov used to travel to the Emirates, the countries of the former USSR, South America… He travelled very little in Europe and avoided countries where Telegram is under surveillance.

And now?

Investigators from the ONAF (National Anti-Fraud Office attached to the Customs Directorate) notified him and placed him in police custody. He is expected to be presented to an investigating judge this Saturday evening before a possible indictment on Sunday for a multitude of offences: terrorism, drugs, complicity, fraud, money laundering, concealment, paedophile content…

“Pavel Durov will end up in pre-trial detention, that’s for sure,” comments an investigator to TF1/LCI. “On his platform, he allowed an incalculable number of misdemeanours and crimes to be committed for which he does nothing to moderate or cooperate,” said a source close to the case.

His pre-trial detention at the end of his indictment is indeed in no doubt. Pavel Durov, a billionaire, has substantial means to flee and his guarantees of representation will hardly convince the judges.

A net with international resonance

For the investigators, this international sweep has various objectives. First, it makes it possible to kick the anthill, impress and deter the perpetrators of crimes and offences who exchange, until now, freely on Telegram. Secondly, they aim to put pressure on European countries to step up joint work to make secure messaging on terrorist cases bend.

Indeed, Telegram is a hive of criminal content. At the moment, the platform is in the news with the illegal broadcasting of Ligue 1 matches. But on this encrypted messaging service, many accounts are used by organized crime. Beyond terrorism, the most dangerous pedophiles communicate on Telegram to exchange content. “It has become for years THE number 1 platform for organized crime,” comments an investigator.

  • Gregor@gregtech.eu
    link
    fedilink
    arrow-up
    13
    ·
    3 months ago

    Yes, they do, but it’s very inconvenient. You can’t access such chats on desktop, no cloud syncing…

    • GolfNovemberUniform@lemmy.ml
      link
      fedilink
      arrow-up
      4
      arrow-down
      5
      ·
      3 months ago

      Hey at least it exists. And don’t that features make it more vulnerable? You need to store the encryption key in the cloud to make that work conveniently.

      • Corvid@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        3 months ago

        Signal doesn’t store your encryption key in the cloud and yet it supports e2ee messaging on multiple devices including desktop.

        • GolfNovemberUniform@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          5
          ·
          3 months ago

          It requires a QR code to connect a new device which I didn’t consider convenient but I guess I was too strict on that one.

        • takeda@lemmy.world
          link
          fedilink
          arrow-up
          4
          arrow-down
          9
          ·
          3 months ago

          Do we know how it does that. Signal is praised for security, but a lot of things it does feel iffy and don’t make me trust it.

          • Corvid@lemmy.world
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            2
            ·
            3 months ago

            Signal is open source. Go read the source or a write up describing what it does.

            • takeda@lemmy.world
              link
              fedilink
              arrow-up
              3
              arrow-down
              4
              ·
              3 months ago

              Did you compile and use that on your phone or are you using the app in the app store?

          • phase@lemmy.8th.world
            link
            fedilink
            arrow-up
            4
            ·
            3 months ago

            You have to scan a qr code when installing an app on another device. I assume it’s a safe way to transmit the key without having it transmitted over the network.

          • ᗪᗩᗰᑎ@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            3 months ago

            a lot of things it does feel iffy and don’t make me trust it.

            Like what? It’s open source and has many cryptographer’s eyes on it as it’s the “golden standard” of encrypted messaging apps.

            • takeda@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              There are some red flags for me:

              • first I doubt anyone compiled the code themselves and use what’s in the app store
              • the insistence to be tied to the phone number
              • refusing to work if you don’t update (in the app store)
              • ᗪᗩᗰᑎ@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                2 months ago

                first I doubt anyone compiled the code themselves and use what’s in the app store

                Molly-FOSS exists and is basically a Signal fork built by a third party that removes any non FOSS components. So there are groups of people who are building the Signal code and enhancing it.

                the insistence to be tied to the phone number

                This is a legacy requirement (Signal used to send encrypted messages via SMS) and is now primarily used for spam mitigation. This feature is unfortunately (or fortunately depending on your POV) costing them millions now, so I suspect they will eventually be forced to look to alternative spam mitigation methods as the cost to benefit ratio starts looking cheaper at spending engineer/developer time to figure out some alternative method.

                refusing to work if you don’t update (in the app store)

                If you’re referring to the expiration of the app ever ~90 days, this is security feature. It prevents people from using old/outdated and potentially insecure or unpatched versions of Signal. Secondly, you don’t need to update via the app store. There are some Signal forks (not sure if Molly is one of them) that remove this expiration, but even they will state that you should not expect the app to work forever as Signal’s always being updated and using an old client will always be liable to break as its basically not being maintained.

      • Gregor@gregtech.eu
        link
        fedilink
        arrow-up
        4
        ·
        3 months ago

        You don’t have to store the encryption key in the cloud. Just the encrypted data. Signal does it this way.