Drucken

The Security of Telegram’s System

TELEGRAMReasons Signal is recommended over Telegram

There have been a number of reports that activists in Hong Kong are using Telegram to communicate and take collective action. Telegram is not recommended for secure communications for a number of reasons:

1. The security of Telegram’s system has been questioned by security experts for a number of years now

2. Telegram’s end-to-end encryption is not enabled by default. It is only applied for communications between two individuals, and then only if you have also chosen Telegram’s Secure Chat feature. The Secure Chat feature is not available for group chats. This means Telegram is not a secure choice communication for collective action events, which is done through group chats, such as the recent marches in Hong Kong.

3. Telegram requires you to enter and verify your real phone number when registering an account, and to use other people’s real phone numbers to contact them. This means the identities of those in your network are not protected if your device is taken by authorities

4. The “Who Can See My Phone Number” feature, in Telegram’s Privacy and Security settings, only masks your phone number from individuals who are using the app, and the implementation of this feature is buggy. It will not prevent Telegram from recording your phone number along with your account on their server. if you do not turn off “Sync Contacts” and a user has been your prior contact on Telegram, or if someone chooses to reveal their phone number to you via the “Share Contact” option, your phone number can be leaked, and this cannot be undone. Therefore, if your chat app data stored on your phone is downloaded by authorities, it would still be feasible to obtain your contact’s phone numbers.

A more secure chat option available is the app Signal.

Its encryption has been widely audited and recommended by security experts.

  • It offers fully encrypted group chats.
  • It has an expiring messages feature
  • It provides circumvention mechanisms that work — albeit intermittently and unreliably — during periods of high blocking in China. People in Hong Kong should prepare for stronger network controls around communication tools.

While Signal is a stronger security choice, it is worth noting that it also requires you to use your phone number, and to verify it, to register an account. This is a fairly significant and known security problem and it is not clear why these apps require phone number verification. For this reason, when using Signal in Hong Kong, it is recommended that you take some additional steps to mask your identity (see below). Masking your identity is an important step to take to protect your networks if your device is seized.

It also is worth noting that Hong Kong is a territory in which the steps to mask your identity are relatively easy to make (in certain other countries it can be quite difficult to achieve).

Steps for Secure Use of Signal

Setting up Signal securely is two parts:

Steps to Mask Your Identity

1. Purchase a burner phone

Phones carry a serial number, and a MEID (mobile equipment ID) or IMEI (International Mobile Equipment Identity. The MEID/IMEI is used to locate a device on a network, and it is registered with a cell service provider. This means a phone that you have used with a previous phone number has the potential to still be identified as yours even if you have changed the SIM.

To more fully mask your identity, you will need to purchase an unlocked phone with cash. Do not purchase directly from your cell service provider, and do not put a SIM from an existing cell service account that you already have inside the new phone (remember some telecom service providers are China owned, or sister subsidiaries). Using this approach is often called a “burner phone” as it can be easily disposed of with no digital trace (i.e., “burned” away like paper).

Some recommendations of where you can buy such a phone are:

  • Broadway
  • Fortress
  • Suning
  • Chung Yuen
  • and various other small electronic retailers

 

2. Purchase a Burner SIM

Many people are aware that SIMs connect your identity to a cell service provider (and also this information is often shared between service providers during a digital handshake, if one user is on a different cell network). To effectively mask your identity, you need to purchase a pre-paid service plan using cash, and reload the service also using cash only.

Note: To more fully mask your identity, only place this SIM inside a burner phone. If a burner phone is not possible for you to obtain, there are still some security benefits to purchasing and using a burner SIM inside your existing phone. Your data trail is somewhat obscured even if you are not fully masked. So do still implement a burner SIM (which is much more financial accessible) even if you not able to obtain a burner phone.

It is also worth considering the telecom company that runs the SIM’s service you purchase. It is difficult to find a SIM run by a company that is not associated with China (even non-Chinese telecoms have sister organizations or formal business relationships). If you cannot find such a SIM, there are still some security benefits from using a “burner” SIM.

The recommended telecom companies to purchase a SIM from are:

  • SmartTone
  • CSL (PCCW)

Some recommendations of where you can buy such a SIM are:

  • 7eleven stores
  • Circle K
  • And many other convenient stores, electronic vendors and mobile retail vendors.

3. Potential Alternate:

Virtual Phone number Using a virtual phone number is a potential alternative to purchasing a burner SIM. But there are some downsides.

  • The virtual phone numbers can be buggy and don’t always deliver the registration codes.
  • Some apps do not allow the use of a virtual number.
  • If you are using a burner phone, without a SIM, you will not have cell service and will always have to have Wifi to use that phone

When using a virtual number, you enter that number for Signal’s registration screen. When Signal texts a verification code to that number, the virtual number will then forward to an email or your real phone number (depending on the service).

Some potential virtual number options include:

  1. https://www.textnow.com/
  2. https://voice.google.com/u/0/about
  3. https://www.burnerapp.com/
  4. https://www.twilio.com/

 

Steps to Setup Signal

1. Download

Signal is not blocked in Hong Kong, and Signal’s iOS and Android apps are readily available in the respective app stores. Desktop versions are available for Mac OS and Windows. You can access download information here: https://signal.org/download/

2. Insert your burner SIM

Be sure to insert your burner SIM before starting the setup process. This will ensure you can receive the verification code that Signal will send to you. If you are using a virtual number you can skip this step.

3. Register account

When registering your account be sure to use the Burner SIM phone number or the virtual phone number

4. Share number with others when connecting on Signal.

Be sure to encourage your contacts to also obtain burner SIMs or virtual numbers so their identity is protected should your device be seized by authorities.

 

Updates

Use Signal group chats though they do not perform as well

Since Signal group chats are fully encrypted, their performance can be slow (and buggy) when the groups grow larger, and many feel Signal’s group chats stop performing after around 200–250 members (or less) This is a definite advantage that Telegram has over Signal.

However, depending on your organizing needs and the timing of your communications, having unencrypted communications for organizing events can be highly problematic. It can enable authorities’ access to the information and provide enough lead time necessary for them to take actions that shut down or mitigate the success of organized protests. Authorities’ premature discover of activities coupled with a strategic response, is a common protest management technique, and is likely to be something protestors will experience more often going forward. The current Chinese regime is extremely effective at stopping organized action. Therefore, it is beneficial to move to more secure communication channels, even if it increases the administrative efforts of sharing communications across large numbers of people. In addition, managing smaller but multiple groups enables a group administrator to more effectively vet membership if necessary.

Understanding the threats after already being on Telegram

Many protestors are now aware that their phone numbers make them vulnerable to identification to authorities and are rightly concerned about their existing use of their phone number with Telegram.

To understand the threat (which is real) it worth noting, that the cheapest and most readily accessible means of recovering data about those who are members of Telegram groups is seizing someone’s device and looking at group membership. Network analysis requires far more effort to determine individuals’ identities, including technical expertise and investment, network traffic data capture, and hacking or obtaining access in other ways to other captured communication data and metadata to be able to determine people’s identities. While this type of analysis is certainly possible, the scale of protest and the fact that China does not have ready access to the information does make this more of a challenge.

Theforefore, one small positive is, that while not 100% protection, the most effective strategy of increasing security for those who have been using Telegram is to securely clean any devices that have Telegram communications on them, and to use Virtual numbers for all future communications. All protestors that used Telegram should take this action. See steps below.

Steps to securely clean your phones

To securely clean your phones, it is recommended that you take the following steps:

1. Backup any data that you may need a. iCloud or One Drive are strongly not recommended for this activity given these companies compliance with China’s market demands.

2. Encrypt your phone’s drive if encryption is not already applied. a. The drives used in phones often cannot ever be fully erased. Due to the drive design, bits can be recovered in certain circumstances. b. For this reason, encrypting your drive before resetting provides another layer of protection if old data is somehow recovered.

3. Perform a factory reset (this should not be a setting reset, but be a full erase).

a. iPhone

i. Go Setting > General > Reset

ii. Select Erase all Content and Settings

iii. Enter your password and accept the action

b. Android

i. Go Open the Settings > General > Backup and Reset

ii. Select the option Factory Data Reset (bottom of the window)

iii. Select the prompts to move forward with the reset

 

4. Fill phone with media and reset again

While some devices might state that your files will be deleted and cannot be recovered when performing a reset, as noted previously, this is not technically true. As an extra precaution, after you reset, you can also take a video or download media until your camera’s storage is full. And then perform a reset again. This step is more necessary for Android phones (especially older models). Note: while this extra step is not 100% guaranteed to erase all bits, it makes it more difficult for old bits to have space to remain on the drive. On iPhones the encryption key is stored on a different piece of hardware than the phone’s drive and is fully wiped when the phone is reset. Google, when contacted, could not confirm that this was true for their phones, since they have significantly less control over the Android phones supply chains.

.