Russia Threatens to Ban Encrypted Messaging App Telegram

Russia has threatened to block access to the Telegram messaging platform unless the company that runs the app provides more information about itself (via Sky News).

The head of communications regulator Roskomnadzor, Alexander Zharov, said repeated efforts to obtain the information had been ignored by the company and warned that "time is running out" for the app.

"There is one demand and it is simple: to fill in a form with information on the company that controls Telegram," Zharov said in an open letter. "And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."
Telegram's non-response appears to be down to the repercussions of handing over the requested details: Doing so would effectively add it to the state regulators' registry, which would require it to retain users' chat histories and encryption keys and share them with authorities if asked, according to Russian news agency TASS.

The demand isn't the first time the Russian founders of Telegram – Kremlin, Nikolai and Pavel Durov – have failed to comply with state requests. In 2014, the Durovs refused to turn over data on Ukranian users of Vkontakte, a social network they also set up together.

Telegram claims to split its encryption keys into separate data centers around the world to ensure "no single government or block of like-minded countries can intrude on people's privacy and freedom of expression".

According to the group's policy, it can only be forced to hand over data if "an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Swiss Encrypted Email Provider Launches ProtonVPN With Free Subscription Tier

Encrypted email provider ProtonMail today launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan.

The Swiss-based company said it had been testing its VPN service for four months with the help of over 10,000 members of the ProtonMail community, and the group was ready to make ProtonVPN available to everyone starting Tuesday.


The Proton group said they were motivated to create ProtonVPN to combat increased threats to online freedom, such as the recent repeal of Obama-era rules designed to protect consumer internet browsing history, calls by British Prime Minister Theresa May for increased online surveillance, and the attempts by the U.S. FCC to dismantle net neutrality.
"In the past year, we have seen more and more challenges against Internet freedom," said ProtonMail Co-Founder Dr. Andy Yen, "now more than ever, we need robust tools for defending privacy, security, and freedom online.

"The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them," said Yen. "This is why, as with ProtonMail, we're committed to making a free version of ProtonVPN available to the world."
The group says it has worked to make the best possible VPN service by addressing many of the common pitfalls with existing VPNs. Features therefore include a Secure Core architecture that routes traffic through multiple encrypted tunnels in multiple countries to better defend against network based attacks, a no logs policy backed by Swiss law, as well as seamless integration with the Tor anonymity network. Headquartered in Switzerland, the VPN is also outside of E.U. and U.S. jurisdiction and is not a member of the fourteen eyes surveillance network.

The free tier includes servers in three countries and usage on one device, but bandwidth speeds cannot be guaranteed. The Basic tier costs $4 a month (billed as $48 a year) and includes access to all 112 ProtonVPN servers across 14 countries, high speed bandwidth, and usage on up to two devices, while the Plus tier ($8 per month/$96 per year) offers the highest bandwidth, connection on up to 5 devices, Tor servers, and access to Secure Core data networks hosted in Switzerland, Iceland, and Sweden. The Highest tier ($24 a month/$288 a year) includes a ProtonMail Visionary account.

ProtonMail began crowdfunding in May 2014 and launched in March 2016, led by a group of scientists from CERN and MIT who aimed to deliver an easy-to-use end-to-end encrypted email service with freely available open source code. Earlier this year, the team launched a Tor-based site to make ProtonMail available to users in regions under the oppression of strict state online censorship.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Encrypted Messaging App ‘Signal’ Approved for Use by U.S. Senate

The U.S. Senate has approved popular encrypted messaging app Signal for official use by staffers in the chamber, it was revealed yesterday (via ZDNet).

The news came in a letter sent on Tuesday by Senator Ron Wyden (D-OR), known to be a staunch privacy advocate, in which he underlined his belief that "backdoor-free" encryption should be embraced by the state at all levels rather than something the government should fear.

I have long argued that strong, backdoor-free encryption is an important cybersecurity technology that the government should be embracing, not seeking to regulate or outlaw. My own Senate website, which has used HTTPS by default since 2015, was the first Senate website to do so. With the transition to default HTTPS for all of the other Senate websites and the recent announcement by your office that the end-to-end encrypted messaging app Signal is approved for Senate staff use, I am happy to see that you too recognize the important defensive cybersecurity role that encryption can play.
Signal by Open Whisper Systems is widely considered by security experts to be the most secure mobile messaging platform on iOS and Android, due to features like end-to-end encryption of text, picture, and video messages, support for private calling, and a lack of separate logins.

Members of Congress are for the most part exempt from record-keeping laws, so long as encrypted communications are not "historically valuable", or do not include committee documents. However, workers of the federal government and those who work directly with the president are governed by federal and presidential record-keeping laws. Indeed, communications over encrypted apps may fall foul of the Presidential Records Act, which requires staff to keep records of those conversations.

In January, The Wall Street Journal reported that political aides close to the president had been using Signal, but the White House declined to comment on whether the Trump administration has set up data retention policies for its encrypted messaging use.

Last year, Apple was embroiled in a public dispute with the FBI over a request to create a backdoor into iPhone software so that it could unlock the phone of the San Bernardino shooter. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.

Eventually the FBI backed down in its request and resorted to third-party hacking tools, but throughout the case, Apple CEO Tim Cook remained adamant on the company's continuing stance for user privacy, calling the FBI's request for entering an iPhone "the software equivalent of cancer".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

ProtonMail Launches Tor Onion Site to Evade State Censorship

Encrypted email provider ProtonMail has launched its own onion address, allowing users to access the service over the Tor anonymizing network (via TechCrunch).

The Swiss-based email account provider, which has more than 2 million users, said the measure was aimed at defending against state-sponsored censorship, and pointed to recent moves around the world to block encrypted communications and expand surveillance.

facebook_logo
ProtonMail said it was worried about increased attacks on online privacy, such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation which mandates tracking of web activity.

The service also reported a bump in registrations following President-Elect Donald Trump's election win, with web users said to be seeking a non-U.S. based secure email provider in case of a broad expansion of online surveillance activity.
"Given ProtonMail's recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this," said co-founder Andy Yen in a statement on the launch. "Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step."
ProtonMail can now be reached over the Tor network directly using the onion address https://protonirockerxow.onion. The provider has also posted instructions on how to access the site on iOS devices, although it is currently looking into problems with access via the free Onion Browser app.

ProtonMail is a free download for iPad and iPhone on the App Store. [Direct Link]


Discuss this article in our forums

Leaked Documents Reveal What Kind of Data Cellebrite Can Extract From iPhones

Israeli mobile software developer Cellebrite gained media attention earlier this year when rumors suggested the FBI recruited the company to unlock San Bernardino shooter Syed Farook's iPhone. While the FBI did not enlist Cellebrite's help, the company does have technology licensed by governments that can extract iPhone data. ZDNet has obtained documents that reveal the scope of this technology.

cellebrite
The leaked files are "extraction reports," which are organized to allow investigators to easily see and analyze data from a phone. Extraction is conducted by plugging the phone into a Cellebrite UFED device. While the device is primarily for extracting information currently on the phone it can, in some cases, extract recently deleted items. The phone at the heart of ZDNet's extraction report was an non-passcode protected iPhone 5 running iOS 8.

The first couple pages of the report include case numbers and unique identifying information for the device, including phone number, IMEI numbers and Apple ID. In these first pages, the report also divulges which plugins the software used to extract information from the device. These plugins can help the software extract data from QuickTime and iPhone backups.

The report compiles geolocation data from every photo taken on the device and visualizes it on a map, allowing an investigator to easily see when and where a person was. Text messages are organized in chronological order, which makes it easier for investigators to track conversations. The wireless networks a device has connected to are also logged, including the MAC address of the router, encryption type and the time last connected to the network.

Call log information includes whether the call is incoming or outgoing, the time, date, the other number on the call, and the duration of the call. Contacts, installed apps and user accounts on the device are also collected. Configurations and databases from apps, which include settings and cache data, are included in collection. Notes and voice mails are also extracted.

Finally, Cellebrite's technology includes an analytics engine that can figure out how many actions have taken place per phone number. For instance, it can tell investigators how many calls and text messages have occurred with each contact.

Cellebrite notes that its UFED device cannot crack passcodes on iPhone 4s and later. iPhone 5s and later come with a secure enclave co-processor that makes it even more difficult to crack for information. In November, Cellebrite signed a deal with the Indian government to provide technology to bypass locked iPhones.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums