Telegram FOSS acquire your biometric data

Hi there,
we are an Italian association (EXIT) and would like to share with you an “smart user” experience.

A few weeks ago, one of our members, performs an update of its version of LineageOS, from 7.1 to 8.1 and reinstall every apps (not using seedvault), Telegram FOSS included (from F-Droid).
In the evening of the same day opens Telegram FOSS and starts chatting.
After a few seconds, an unusual icon appear and disappear very quickly on the taskbar at the top.

After a few minutes this person realized that the icon signaled access to the camera, thanks to the new feature introduced in LOS 8.1 and going to check in the settings he had the confirmation: Telegram FOSS had just had access to the camera.

Why this?
Because the digital fingerprint had changed due to the LOS update, Telegram servers holders was thus necessary to have confirmation that the person was the same through the acquisition of a biometric data: photo of the face.

Attention!

EXIT

3 Likes

Since Telegram FOSS is FOSS, perhaps link the offending code?

1 Like

Extraordinary claims require extraordinary evidence.

2 Likes

Ask to the Telegram (FOSS) developer if it allows remote control of the camera (audio, and other devices)…

I don’t seem to find your issue: https://github.com/Telegram-FOSS-Team/Telegram-FOSS/issues ?

Was this explanation provided by the app developer?

This is obviously a crude approach, but…

in widgets directory, ChatListItemAnimator.java has several places and ways photos are taken and processed.

Because the server source is not open, there is no way (for me) to easily know what signals may be sent from server to TM app to cause photos to be taken and uploaded.

When in doubt, cover camera (and microphone), or remove battery, AND do not use apps with non-free net tag.

1 Like

Any program that requires your phone number just to use the app should be a a no-no straight off the bat. May I suggest Conversations from f-droid? Search for free xmpp server online and create a login and password. Input login and pass in Conversations as existing account. Add family and friends.

3 Likes

You might want to ask yourself if you trust Telegram at all. Some of us have already seen this new information about what Telegram gives the govt, but perhaps OP has not seen this information yet - https://www.rt.com/op-ed/541894-leaked-document-big-tech-privacy/

1 Like

I don’t think your source portraits Telegram as very untrustworthy.
That Russia Today link (ew!) even talks about their “strict policy of not coorperating with court orders”. Yes it says “apart from confirmed terrorist cases” but I think it misquotes the original source where the FBI basically says “Telegrams website claims that they might help us with terrorist cases . . . but we don’t even know who to contact”

Don’t get me wrong: of the messengers that I do use Telegram is the one I like the least.
Plain messages as default and non-free server are among the reasons. “Giving something to the govt” isn’t.

In the last days I’ve seen multiple cases of “Telegram . . . such evil . . . many bad” sentiments. And all of them were pretty unfounded, overly vague or just bogus. And I don’t really understand where that is coming from.

2 Likes

Since there’s no default encryption and no group encryption, it really makes it clear that it’s not “an encrypted messenger” and never secure, users never enable secret chats to begin with (it’s an extra hard step, oh they don’t see old messages on new devices…terrible :)), so everything is stored unencrypted on their closed source proprietary servers.

On the other hand they brag that they cooperate, at least Durov did when it came to ISIS.

In the news now there’s that austrian/german assasination plan on Telegram, that’s secure?

In the past the Navalny team bought Telegram info on the their spies from people, see: https://www.bellingcat.com/resources/2020/12/14/navalny-fsb-methodology/

We’re biased around here, we like open systems, open code, decentralized ecosystems, federated networks.

Quicksy is for your normie friends, use Conversations, use Siskin IM for your walled gardened buddies, etc.

1 Like

I think you have a point when you criticize Telegrams for incentivizing not using the encryption and all in all for not being a very secure messenger. But I hear a lot of funny claims lately that don’t appear to hold water (like this one)

Count me in on all those things. But I also like facts.

I recall (and a quick google search appears to confirm that) that back in the day (about 2016) they banned some public ISIS channels and accounts that posted on these channels. Is this what you are talking about?
One can criticize that (I don’t think I do). But I guess it might be noteworthy that A) it appears they banned the accounts on their own initiative (in other words: no “cooperation”) and that B) those channels are public (hence the name). This is the “social media” feature of Telegram. Not the messenger.

As an Austrian I am not aware that my government has plans like this. I think you mean this. Right?
So basically in this case Telegram did NOT delete some public channels (again, one can criticize that and I think I do) and the German government is trying to turn up the legal heat. But all they did (and can do) was sending a request for legal aid to Dubai. Good luck with that.
What exactly was your point?

Please read that article carefully. They did NOT buy that information from Telegram. They bought it from a Telegram Bot. Bots are third party software that use Telegram as infrastructure to provide services. This particular bot or bots appears to have a very shady business scheme. But neither did they buy information from Telegram nor about Telegram users.

1 Like

What exactly was your point?

Not secure encrypted messenger

Please read that article carefully.

Please read my post carefully, I didn’t say that they did, “people” meant that the fact that they could, from 3rd parties is awful enough… :wink:

more details:

" Berlin — Radical opponents of coronavirus vaccines and restrictions allegedly plotted to kill the elected leader of the eastern German state of Saxony. Six suspects were under investigation following raids carried out on Wednesday morning on suspicion of a serious crime endangering the state.

Following threats against Saxony’s Prime Minister Michael Kretschmer in a chat group on the Telegram messaging service, officers from the Saxony State Criminal Police Office (LKA) searched six properties."

"Telegram has been blamed in Germany for fueling an increasingly virulent subculture of anti-vaccine conspiracy theorists who exchange news about supposed dangers and arrange protests that have spilled over into violence.

The app, which says it does not bow to “government censorship”, has become increasingly popular with activists and protesters, especially as platforms like Facebook become more responsive to government pressure to crack down on those spreading lies, threats or conspiracy theories.

Telegram did not immediately respond to a request for comment.

Last month, a group of protesters held a torch-lit gathering outside the home of the regional interior minister of Saxony, in what was widely seen as an implicit threat of violence against her."

edit: new german chancelor, olav scholz, actually adressed this in his very first speech to the parliament:

1 Like

you are completely out of reality for the facts you present seeing that you are opensource lovers, you are defending something meaningless because the state does its job to protect the rights of its citizens and not to select those rights according to its need, while the telegram seeks to protect the right of those who have a different opinion and believe in it and the free speech which people are recently losing from the big media companies and big tech, the telegram has a constant pressure from many countries and this is not understood by everyone involved and you, it is your choice in the end whether you want to use the telegram or not but not to throw mud on it for a great weight it is holding for the right of free speech across the globe.

Maybe read again what was written here?

Hope you’re not defending the murder plans as free speech or smth lol :slight_smile:

Most of the criticism was against non-secure, non-private, non-foss nature of it around here…

you should read not me because you confuse things. are two different issues, as I wrote above, do you want a controllable telegram or ???. leave the work of the state to the state, here we are talking about a program that is currently the safest for free speech :sunglasses:

I merely quoted from the article. This is all over the news around here. All major news outlets report on this.

Sadly, those threats are not unfounded at all. Nearby s.o. recently shot a guy working at a gas station just because he reminded to wear a mask :frowning:

To answer Licaon_Kters question: yes. This is a thing.

German journalists simply joined the (previously public) chat and recorded voice messages of the threat. Then they went to the RL meeting and confronted the guys while filming (“no comment”). The police now holds six people under custody (among them the “admin” of the telegram channel).

1 Like

thanks, this is a clear explanation :+1:

I was really worried about this topic for about 30 secs before I remembered I have masking tape over my phone cameras <-- Dropping this idea here for other paranoid people :wink: