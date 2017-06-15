US Intelligence Agencies Tried To Bribe Our Developers To Weaken Encryption, Says Telegram Founder (twitter.com) 17
In a series of tweets, Pavel Durov, the Russian founder of the popular secure messaging app Telegram has revealed that U.S. intelligence agencies tried twice to bribe his company's developers to weaken encryption in the app. The incident, Durov said, happened last year during the team's visit to the United States. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," he said. "And that was just 1 week. It would be naive to think you can run an independent/secure cryptoapp based in the US."
Telegram is one of the most secure messaging apps available today, though researchers have pointed flaws in it as well.
Don't trust US (Score:2)
I sense a new business model (Score:2)
Step 1) Create messaging app with no users but strong encryption.
Step 2) Profit from government payoffs!
Step 3) ENDLESS PROFIT
Published source is a huge help here (Score:3, Interesting)
It would be naive to think you can run an independent/secure cryptoapp based in the US.
Published source makes it a lot easier to spot problems with the code.
Also, with published source code you can, with the appropriate license, legally recompile it yourself using your own set of tools as a hedge against the publisher's tool-chain or binary-repository being compromised.
Granted, if your tools (anything from the bare metal on up) is compromised or if you are using it to talk with someone else who is using a different binary, all bets are off.
Published source makes it a lot easier to spot problems with the code.
No it doesn't. It has been shown repeatedly that the idea that thousands of people will look at code and magically spot bugs is a myth.
In practice, people either 1) don't look at the code, or 2) don't have the domain knowledge to know what that very specific function is doing.
In reality, only the person who write it, and the 1 or 2 people who reviewed it really understand what's going on, and often not even the people who reviewed it.
^ This.
Try onboarding a new dev into a framework...
Morse code from the grave... (Score:2)
Telegraph found Samuel Morse is still alive?!
https://en.wikipedia.org/wiki/Samuel_Morse [wikipedia.org]
Not the end of it. (Score:2)
If the NSA failed to bribe their developers, it doesn't mean they are just going to give up. A bribe is just the most cost effective solution for the long term. Have no doubt that they will seek or even maybe even create a weakness in the application.
For real? (Score:2)
While I wouldn't be terribly surprised if the various three letter agencies try this... would they really be stupid enough to let him know where they were from? It's not like they would have appealed to the Russian's sense of patriotism for the US.
On the other hand, this sort of publicity could drive users to his product, providing a motive to lie.
Methinks that we should remain a bit skeptical on this one.