US Intelligence Agencies Tried To Bribe Our Developers To Weaken Encryption, Says Telegram Founder

In a series of tweets, Pavel Durov, the Russian founder of the popular secure messaging app Telegram has revealed that U.S. intelligence agencies tried twice to bribe his company's developers to weaken encryption in the app. The incident, Durov said, happened last year during the team's visit to the United States. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," he said. "And that was just 1 week. It would be naive to think you can run an independent/secure cryptoapp based in the US."

Telegram is one of the most secure messaging apps available today, though researchers have pointed flaws in it as well.

Published source is a huge help here

[davidwr]

It would be naive to think you can run an independent/secure cryptoapp based in the US.

Published source makes it a lot easier to spot problems with the code.

Also, with published source code you can, with the appropriate license, legally recompile it yourself using your own set of tools as a hedge against the publisher's tool-chain or binary-repository being compromised.

Granted, if your tools (anything from the bare metal on up) is compromised or if you are using it to talk with someone else who is using a different binary, all bets are off.

Re:Published source is a huge help here

[alvinrod]

No it doesn't. It has been shown repeatedly that the idea that thousands of people will look at code and magically spot bugs is a myth.

You don't need thousands of people doing that, and if you had closed code and paid for an audit of it, the auditors wouldn't do that either. But it is by definition easier for me, you, or anyone who actually cares to evaluate open source code because we actually have access to the code.

If you wanted to evaluate it really well what I'd suggest doing is creating a set of test cases prior to even looking at the code. If something gets caught by some simple black-box tests, it's obviously not very good. Better yet, open source your test cases so then can be reused and built-upon. But since you can access the code, you could also analyze it from a white-box perspective with the test cases and look for any branches or paths that the test cases didn't cover, which may be sources of bugs or intentional tampering.

Hell, if you want cheap labor, just have an instructor make it a project for a testing or cryptography class. It gives the students something a little more real to work with, as well as the opportunity to get involved with an open source project.

Re:Don't trust US

Is there any actual proof that these accusations are true? Or are we suppose to automatically believe everything a Russian company says just like every statement made by Putin is the truth and nothing but the truth? And since this is a Russian company they are required by Russian law to hand over their encryption keys and any other information the state security agencies ask them for or they cannot operate in Russia. And if the accusations are true than at least we have a couple government agencies doing their fucking jobs. It is still amazing people act surprised when they learn that an intelligence or counter intelligence agency actually spies. It's like an avalanche of stupidity has blanketed the world and wiped away any intelligent thought on the planet.

Good lord! People have picked sides and there is no amount of evidence or facts that would ever get them to alter their opinions. Todays' political upheaval has accelerated because the goal is not to fix any of the problems we currently face it is all about winning the argument and nothing else. And to win the argument all the various sides use lies, obfuscation, and screeching hyperbole. And all of this has been accomplished using the most effective weapon the world has ever seen. The Internet. It is easy to manipulate global public opinion.

Is it any wonder that this type of thinking is leading us into the next global war? Because WW3 has already started and by the time the mindless proles and trolls on the Internet realize that it will be to late. Every day the world's natural resources are becoming scarcer, the global population is increasing and accelerating the depletion of the natural resources, technology is replacing human workers in a world where there is already a shortage of jobs paying more than minimal subsistence wages, and the intertwined global economies are marching towards a global trade war which will inevitably lead towards real wars. At least the US citizens will finally receive a ROI for all the money spent on creating the strongest military on the planet.