Citiraj:
Autor The Exiled
Ne kužim kak ne ugrožava sigurnost podataka kad je u svakom slučaju potvrđeno da su korisnički podaci ili kopirani ili preuzeti s namjerom preprodaje ili izmanipulirani ili je ubačen middleware za daljnju kontaminaciju.
|
Ajmo redom:
Citiraj:
|
On 2 August 2016, a report by Reuters stated Iranian hackers compromised more than a dozen Telegram accounts and identified the phone numbers of 15 million Iranian users, as well as the associated user IDs. [...] The attackers took advantage of a programming interface built into Telegram. According to Telegram, these mass checks are no longer possible because of limitations introduced into its API earlier in 2016.[206]
|
Dakle, preko API-ja su provjeravali redom telefonske brojeve i utvrdili da
15 milijuna telefonskih brojeva imaju Telegram račun. I to je sve.
Citiraj:
|
On 30 March 2020, an Elasticsearch database holding 42 million records containing user IDs and phone numbers was exposed online without a password. The accounts listed in the database were those belonging to users in Iran, extracted from an unofficial government-sanctioned version of Telegram. It took 11 days for the database to be taken down, but the researchers say the data was accessed by other parties, including a hacker who reported the information to a specialized forum.[207][208][209]
|
Radilo se o posebnoj "neslužbenoj" verziji Telegrama čija je jedina svrha bila da Iranska vlada pohvata tko koristi Telegram. Dakle osim ako nisi u Iranu i ako ne skineš točno tu verziju aplikacije, podatci ti nisu i ne mogu biti ugroženi.
Citiraj:
|
In September 2020 it was reported there have been successful large-scale Iranian government phishing and surveillance by RampantKitten targeting dissidents in Telegram.[210] The attack relied on people downloading a malware-infected file from any source, at which point it would replace Telegram files on the device and 'clone' session data.
|
Specifični malver koji je tražio da korisnik skine inficiranu datoteku koja opet prikuplja podatke. U svim tim slučajevima radi se o strogo ciljanim napadima koji se mogu izvesti za bilo koji IM i nema tog IM-a koji može odoljeti tim vrstama phishing i sličnih napada.
Telegram je na meti jer je relativno siguran i popularan u državama koje vole prisluškivati svoje građane. Da postoje backdoorovi i da nema enkripcije ne bi se morali zamarati takvim metodama.
I još iz istog Wikipedijinog članka koji si linkao:
Citiraj:
|
However, in December 2020, a study titled "Automated Symbolic Verification of Telegram’s MTProto 2.0" was published, confirming the security of the updated MTProto 2.0 and reviewing it. The paper provides "fully automated proof of the soundness of MTProto 2.0’s authentication, normal chat, end-to-end encrypted chat, and re-keying mechanisms with respect to several security properties, including authentication, integrity, confidentiality and perfect forward secrecy" and "proves the formal correctness of MTProto 2.0". This partially addresses the concern about the lack of scrutiny while confirming the security of the protocol's latest version.[243]
|
Da zaključimo, ne tvrdim da je Telegram najbolji niti najsigurniji klijent, ne preporučam ga bezuvjetno, samo želim ukazati da nije toliko nesiguran koliko se tvrdi i da je sasvim dobra i vjerojatno sigurnija alternativa WhatsAppu i da su manje šanse da će preprodavati vaše podatke.