Signal suspects fake news against him to force the public to use less safe solutions. And a few days before, the creator of Signal recalled the weaknesses of Telegram, a competitor, which is heavily used in Ukraine.
It is a message that takes on a very special hue, in these very difficult times for the Ukrainian population. In a tweet posted on March 1, 2022, the Signal instant messaging application denounced what appears to be a destabilization operation against it. It would be, adds the service, to push Internet users to use less secure applications.
” Rumors are circulating that Signal is hacked and compromised. This is wrong. Signal is not hacked. We believe these rumors are part of a coordinated disinformation campaign to encourage people to use less safe alternatives. “, writes the direction of the project, which does not say what are these more risky solutions.
” We see these rumors popping up in messages across several different apps. These rumors are often attributed to official government sources and read ‘attacks on the Signal platform’. This is fake and Signal is not under attack », is it added. This is not the first time that the service has been questioned, wrongly so far.
The countries in which these hallway noises resonate are not mentioned by Signal, but the first tweet observed ” an increase in use [de Signal] in Eastern Europe suggesting that Signal rumors are likely to come from ex-Soviet bloc members as well as Belarus or Russia.
Signal has the particularity of offering by default discussions that are encrypted from end to end, that is to say on the smartphone, before circulating on the network. This method of protection hides the content of messages using complex mathematical operations, which only people with legitimate access to the conversation can read.
Reading is done with a set of keys. Without the one devoted to decryption, it is impossible to read the messages: intercepting them is useless. Under this regime, no third party outside the chat can read what is being exchanged, whether that third party is called Signal, ISP or government. Only peripheral elements (metadata) can be collected.
Telegram is popular in Ukraine, but does not offer encryption by default
A few days before Signal’s message, Moxie Marlinspike, a hacktivist and cryptographer behind the application, pointed to Telegram’s over-success in Ukraine. It’s February 25, the day after the Russian invasion, that he had published his messagebelieving that this could pose a serious security risk to the population.
” Telegram is the most popular messenger in town. After a decade of deceptive marketing and press, most people believe this is an ‘encrypted app’. The reality is quite different: Telegram is by default a database in the cloud containing a clear text copy of all the messages that everyone has sent or received. »
Should Telegram therefore switch to end-to-end encryption by default? On the sixth day of the Russian offensive in Ukraine, it is clear that this is not (yet?) the case: as of March 1, no announcement to this effect has come from the Telegram site, its official account on Twitter or that of Pavel Durov, nor on his Telegram account.
” All messages, photos, videos, documents sent/received in the last 10 years, all contacts, members of groups, etc. are accessible to anyone with access to this database », warned Moxie Marlinspike, who has often criticized Telegram, saying that the comparison with Signal does not hold water.
” Many Telegram employees have family in Russia. If Russia doesn’t want to bother with the hack, it can leverage the ability to pressure families into accessing it. “, he also added. Pavel Durov himself could be concerned, as he has Russian nationality.
Telegram is a competing application of Signal, but which has the particularity of not offering end-to-end encryption by default. This is why Telegram is said to be less secure than Signal. Admittedly, there is an option that can be activated in Telegram to occasionally request end-to-end encryption, but you still need to know it.
