This is way more different thing than claiming and proving that Telegram is somehow FSB honeypot.
I did not claim nor attempt to prove that “Telegram is somehow FSB honeypot”. I did claim and I believe I showed that it is indistinguishable from an FSB honeypot. If you’re nit-picking, at least nit-pick the correct claims, instead of some straw-man version of what I wrote that happens to be easier to attack. 😼
Yes, OCCRP received funding from USAID. They put that information very clearly on their own website. Here’s a crazy thought: investigative journalism needs to be funded somehow, and USAID was one of the ways this could be done. If you have a better idea of how to fund investigative journalism, there is a lot of media outlets that would love to hear from you!
The way OCCRP was/is funded does not say anything about the veracity of their reporting. Or that of IStories, which was done independently of OCCRP (that’s an important bit that most people miss).
What does speak to the veracity of reporting is the fact that over a decade and a half of reporting on stuff like this OCCRP has been sued by oligarchs multiple times in the most oligarch-friendly jurisdiction out there, UK (specifically, London), and have not lost a single time. Will Telegram sue OCCRP or IStories? Perhaps. Will they win? I seriously doubt it.
If they do sue, the discovery will be hilarious. IStories folks are going to get access to all sorts of great documents, I’m sure. Can’t wait for these to get published!
Speaking of documents, I like how you quote two random claims made in that OCCRP version of IStories article, and just decide to ignore the bit where Vedeneev claims, in actual court documents, that yes he has access to Telegram infrastructure. And how there are documents showing he owns GNM. And how there are documents showing he also signed documents on behalf of Telegram (hilariously, a document exists that he signed both on behalf of GNM and of Telegram). And how he co-owns or co-owned companies which are also co-owned by people directly connected to the FSB. And a bunch of other stuff.
But that doesn’t fit your “US shill” hot take, so why mention any of that right? 😄
You might also want to read the Russian version of IStories story, for hard documentary evidence of Durov’s connections to FSB:
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/
On a personal note, it is so much joy to see all the hand-wavy pushback in this thread. Clearly the story hit a pain point somewhere. The funny thing is that if similar but much less substantiated claims were made about Signal here, there would be a frenzy of dunking on it as an “imperialist tool of surveillance”. 🤡
Ooh, that’s a good question!
I am going to say Sperm Whales, if only because of how amazing they look while… sleeping vertically:
https://www.nationalgeographic.com/photography/article/sperm-whales-nap-sleeping-photography-spd
Hi, author here. First of all, in that piece I don’t happen to recommend using any specific piece of software. I mention Signal and WhatsApp for comparison, as tools that are considered similar, and yet avoid making the same weird protocol choices.
Secondly, if you have any proof that any specific communication tool is used to “spy” on people, I am sure I am not the only person who would love to hear about it. That’s the only way we can keep each other safe online. Surely you wouldn’t be making unsubstantiated claims and just imply stuff like that without any proof, would you?
And finally, I’ve spent a good chunk of time and expertise on analyzing Telegram’s protocol before I made my claims. I provided receipts. I provided code. I explained in detail my testing set-up. You can yourself go and verify my results.
Instead, you claim it’s “propaganda”, while mischaracterizing what I say in that post. Classy!
AMA is AMA
What have I done.
What lead you to dive into examining Telegram?
I do information security work, and I used to work closely with investigative journalists hailing from Russia, Kazachstan, Ukraine, and other places in that general area. Telegram is massively popular there. Because of this Telegram has been on my radar for a very long time as a serious security threat – not just because its protocol and management are suspect, there are plenty of other IMs like that, but also because of how many people I worked with had used it.
I’ve written about Telegram before, on amore general level (linked in the blog post), so when IStories reached out to me for comment on this it was a good inspiration to dive deeper.
How would you use it if abandoning it is not an option, safety-wise, on android? Like, opening it in browser instead, killing app from the background, or using some app\tool? Not using it for anything sensitive is obvious.
I would not use it. I refuse to accept that abandoning it is not an option. There are plenty of options. It’s always a decision one can make.
Please remember that even if hypothetically you could use it in a way that protects you from the spying – something I am very, very doubtful of! – the mere fact you are using it sucks other people into using it. You personally become one more reason for someone to start using or keep using Telegram. You personally become one more “user” of Telegram, justifying another media organization or NGO to set up or maintain a presence there – which in turn pulls in even more users into the dragnet.
In other words, your decision to use Telegram anyway, even though you know what the issues are, becomes one of the many things that make other people feel that “abandoning is not an option”. I refuse to be a part of that. The only thing I can recommend is to stop using it.
What are other potential worms is in there you may think of? Recently, Yandex and Meta analytics tools got caught in sending browsing data to phone’s localhost - where their locally installed apps caught it and sent back home. If the FSB conection is that deep, there is no end to what they’d want to mine from users.
I think this hits the nail on the head: If the FSB conection is that deep, there is no end to what they’d want to mine from users.
I don’t want to speculate. The possibilities are vast. But I will say what I said in the blogpost: Telegram is indistinguishable from an FSB honeypot.
I don’t trust Telegram the company, I don’t trust Telegram the software, I don’t trust MTProto. I certainly do not trust Pavel Durov. I don’t think we need to speculate on what more could possibly be hiding there, what is already known about Telegram should really be enough to stop using it.
I don’t think this phrase means what you think it means; I do in fact put my money where my mouth is.
My mouth is clearly in the “blockchain-based privacy projects are very likely to be either misguided or outright scams, and this particular project has red flags all over” area. And so my money is on “I need to use tools that actually work; there is low likelihood that this project is such a tool; therefore I shall not waste my time on it”.
Demanding that I spent hours analyzing a project that has so many red flags just because you happen do disagree with me is somewhat weird. I’ve spent enough time having this conversation at all, but hey, that’s good entertainment value!
It’s not on me to disprove random project’s exorbitant claims (“prevents traffic analysis by an adversary capable of watching the entire network, including the NSA”). It’s on the project in question to prove them.
So far I have not seen such proof. I have, on the other hand, seen quite a lot of things that suggest that these claims might, in fact, be unsubstantiated.
I could retort by saying: prove to me that the project’s claims are true, “instead of going hurr durr it’s great I love it” (nice veiled ad hominem there, by the way). But I won’t, even though so far I have arguably provided more concrete reasons why I see this project as problematic than you did for your positive take on it.
Telling persons why they’ve decided to use tokens and not rely on pure altruism is not token hyping.
When the rubber hits the road, “using tokens” in this case means simply relying on greed. And relying on greed instead of altruism for something as fundamental as privacy is very telling. It’s not going to end well.
All the claims against tor and i2p are discussed in numerous academic papers and are acknowledged by the developers themselves
I was not talking about claims about i2p or Tor. I was talking about the claims Nym people make about their own project. I see little reason to trust them on those claims.
You’re entitled to your opinion. I am entitled to mine. I don’t think we will see eye to eye here. In 10 years we will perhaps know; I expect Tor to still be around and useful then, as opposed to Nym.
Sure, here’s my comment:
They make extremely strong claims, and strong claims require strong proof. I do not see such proof anywhere. What I see is that they play fast and loose with website visitor privacy and seem to focus mainly on token hyping.
I would not trust it for anything even remotely sensitive. And I still fully expect them to show up on https://web3isgoinggreat.com/ sooner or later.
While security by obscurity may have been cutting-edge at the turn of the millennium, such an approach is rapidly showing its age. Nym’s cutting-edge mixnet design
I think they really need to use “cutting-edge” more in their materials. Will make them look even more serious and trustworthy.
Also, when you quote whole blocks of text from their materials, please have the decency to mark them as quotes.
Anyway, I stand by my assessment.
I’ve read through dozens of white-papers of “revolutionary” blockchain-based tech startups, all promising to solve Very Important Problems, none actually solving such problems. But sure, let’s start here:
Nym tokens provide credentialed access to privacy-enhanced and uncensored internet communication for a unit of time.
This is “privacy for the rich” model. Unsurprisingly: poor people can’t push the token to the moon! And looking at their website it is clear they focus more on hyping the token than on actual privacy.
Speaking of their website, this privacy-focused project done clearly by people that care a lot about digital human rights and want to fight surveillance capitalism directly includes on their website stuff from fonts.google.com, googleapis.com, youtube.com, play.google.com, doubleclick.net. Looks legit to me!
It’s fascinating how they talk down Tor (“because Tor does not add timing obfuscation or cover traffic to obscure the traffic patterns in circuits”), but fail to mention i2p which solves these issues without the need for bollockschain tokens. Makes sense — Nym seems to basically be i2p with a blockchain token bolted onto it so that it can become an investment vehicle.
So either they did not know about i2p, an important and reasonably well known project which has been around for almost 20 years and is very clearly in the same problem space, or they intentionally decided not to mention it because it would make them look bad. Take your pick: are they ignorant, or disingenuous? Either is a great trait for a project that aims at protecting privacy from the NSA, no less.
On a general level, it is safe to assume any blockchain-based project that offers any kind of token and is in any way monetizable is (at best) a solution in search of a problem, or (at worst) a scam, often Ponzi-shaped, until clearly proven otherwise.
I mean, even the most basic promise of Ethereum smart contracts — that smart contracts are binding, transactions are not going to be reverted, and nobody controls the whole network — flew right out the window just because DAO smart contract had a bug and somebody exploited it; and we can’t have that, can we, if people are meant to invest in this, eh?
Privacy and decentralization are too important subjects to be used by cryptobros in their money extraction schemes.
If you think my opinion was not well informed, think again.
Can’t wait until it inevitably ends up on https://web3isgoinggreat.com/ 👀
Nice!