The Effects of Iran's Telegram Ban

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country.

The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used extensively by activists, independent and citizen journalists, dissidents and international media. It will also impact electoral politics in Iran, as centrist, reformist and other relatively moderate political groups that are allowed to participate in Iran's elections have been heavily and successfully using Telegram to promote their candidates and electoral lists during elections. State-controlled domestic apps and media will not provide these groups with such a platform, even as they continue to do so for conservative and hardline political forces in the country, significantly aiding the latter.

From a Wired article:

Researchers found that the ban has had broad effects, hindering and chilling individual speech, forcing political campaigns to turn to state-sponsored media tools, limiting journalists and activists, curtailing international interactions, and eroding businesses that grew their infrastructure and reach off of Telegram.

It's interesting that the analysis doesn't really center around the security properties of Telegram, but more around its ubiquity as a messaging platform in the country.

Posted on June 22, 2018 at 12:58 PM • 16 Comments

Comments

Denton ScratchJune 22, 2018 1:58 PM

Harrumph.

I think it's interesting to compare the way Russia's and Iran's attitude to Telegram is presented (argh censorship); with the way Western governments and IGOs have been leaning on TwatFaceTube to actively interfere more and more in user-contributed content (ho hum, too bad but clearly necessary).

Just sayin.

Clive RobinsonJune 22, 2018 2:22 PM

@ Bruce,

It's interesting that the analysis doesn't really center around the security properties of Telegram, but more around its ubiquity as a messaging platform in the country.

The actual security of Telegram --which is weak anyway-- is mainly irrelevant to the users, it's the perception of securiry real or otherwise that more or less defines the usage.

For years Microsoft and others used ROT13 to hide information from view along with ":" colon extensions to create hidden files. Prior to that "Ctrl Z" to give false file endings in MS .txt files used by edit. None were in anyway secure but the perception and actual result were the opposit.

The fact is that few take on the fact that the --supppsadly-- secure messaging apps mark a user as a "Person of Interest" irrespective of the actual use to which they put it. On this score not even WhatsApp has sufficient users to make it "ubiquitous in use" thus usless as an identifier.

Even in the US prosecuters are using the fact that a secure communications application of any kind can be construed as at the least suspicious if not a signe of criminal intent or actual criminal activity without offering any evidence of content let alone use. Thus you have to ask what we view as "represive regimes" might regard as sufficient to sanction some form of action?

My advise is not to use such "privacy" applications at all, but use external "One Time" codes/phrases in what appears plaintext for "secret communications" of importance, along with other OpSec techniques from times past that have been carefully modernized.

Yes I know good OpSec is a hassle but if you want to preserve your freedoms, liberty and life, you have to ask "Would you use anything less?".

Petre PeterJune 22, 2018 2:47 PM

Because in cities i trust systems more than people, coruption turns institutions into a form of reputation inheritance that ensures the passing of genes instead of knowledge. Just who has been behind the Telegram?

bobJune 22, 2018 5:10 PM

@bruce

"It's interesting that the analysis doesn't really center around the security properties of Telegram, but more around its ubiquity as a messaging platform in the country."

If the point of the analysis is the negative consequences of state control, centering on the security properties of telegram would be beside the point, yes? Also, it would be read by many as "good riddance".

@Clive Robinson

"Yes I know good OpSec is a hassle but if you want to preserve your freedoms, liberty and life, you have to ask "Would you use anything less?"."

My answer is "to generate a market tendency".

It is clear to me that security is not a fight that can be fought alone. I can have the best opsec, but the end result is greatly limited by the tools in my belt and the capabilities of my adversaries, including governments. Laws can give or take opportunities for devs to develop, or users to use, said tools, they can make or brake a market. At the same time, the market can make or brake laws, and users (and devs, clearly) make or brake markets.

I believe it is better if a bazillion people use a tool that is a bit more secure than the standard, than if a bit of people use a tool that is a bazillion times more secure. The first scenario raises the standard, the second does not. I believe, in the long run, the second strategy is determined to fail at preserving your freedoms, liberty and life.

Clive RobinsonJune 22, 2018 6:32 PM

@ bob,

The first scenario raises the standard, the second does not. I believe, in the long run, the second strategy is determined to fail at preserving your freedoms, liberty and life.

But as I have noted on this thread and several previously there are other scenarios so it is possible to preserve your freedoms, liberty and life, without using an application or physical technology of any privacy / security level at all, let alone one that raises some standard. And importantly do it without raising the suspicion of an observer hostile or otherwise. Which in turn means the question of legality does not arise nor does the near imposability of growing a security based mass market product sufficiently to give cover. You simply use what those who have already grown a mass market give you by way of communications in a standard OS distribution.

As I've noted before, it's impossible for adversaries to back door such systems, which is why "golden XXX" initiatives are a bust before they even pass the legislation.

BobJune 22, 2018 7:17 PM

@Clive Robinson

I think i dont understand at all what you said. To begin with, "as I have noted on this thread and several previously there are other scenarios". Is "use external "One Time" codes/phrases in what appears plaintext" an example of what you refer to? To me, it is an example of what i refer to with "the second".

Clive RobinsonJune 23, 2018 3:19 AM

@ Bob,

I think i dont understand at all what you said... ...To me, it is an example of what i refer to with "the second".

It was your use of the word "tool", to most people tool is an object you use rather than something you do which would be a method.

Thus a pen is a tool and the method that uses it would be writting or drawing.

I assumed by tool you ment an object such as a physical device such as a token or an information device such as a piece of software.

To me the difference is important. A physical token or piece of software would be verifiably in your possession, thus can be used as direct or indirect evidence against you. Where as sonething you could do entirely in your head can not be used indirectly as evidence and only directly if your are caught/observed in the act in a provable manner which can not happen with a well designed One Time code/phrase.

If you want to know why the distinction is important you need to look at the history of evidence and Dr. Edmond Locard's "Exchange Principle", it's in effect the "Forensic foundation/touch stone" as it in effect defines "trace evidence" which is factual and may or may not be circumstantial evidence or even irrelevant, but still "Prima facie Evidence" that will stand unless rebutted,

https://en.m.wikipedia.org/wiki/Locard%27s_exchange_principle

The point is once you are aware of it you can reduce prima facie evidences quality to something that is an irrelevance or easily rebutted.

For instance, lets assume you can not do something entirely in your head and need to do "rough working out" with pencil and paper. The exchange principle holds that the paper will leave contact evidence on the pencil, but this proves little other than the pencil was used. However the pencil leaves a clear impression on the paper which could be quite significant to a prosecution. The easy solution is to burn the paper to ash and then break up the ashes, thus the significance is reduced to at best supposition that can be rebutted if the ash is ever found and connected. However what few people realise is that the majority of surfaces are sufficiently soft to hold an impression and those that are sufficiently hard can hold a static image by electrical charge patterns (see ESDA tests). The solution to this is to put individual sheets of paper on a glass surface, and when finished wipe the glass down with a soft cloth, then destroy the sheets of paper. In effect the use of the cloth turns the static image into randomized thus usless noise.

It is this reason why desks in the likes of Commcens / crypto cells / SCIFs etc frequently have glass tops.

BobJune 23, 2018 6:18 AM

@Clive Robinson

Sincerely, all that information is valuable and interesting. The bad part is i dont see much relation between it and what i said, except for the first sentence, which clarifies our misunderstanding but does nothing more.

Telegram MessengerJune 23, 2018 1:33 PM

@Bruce

Why Iran and China and Russia ban Telegram and don't ban Signal and WhatsApp?

HmmJune 23, 2018 9:40 PM

@Bob

What Clive is saying is that he's obviously hiding something and is therefore supposed guilty
because he put pencil to paper rather than keeping it in his otherwise externally deniable mind.

I'm paraphrasing badly but he understands that I'm ribbing him to toughen him up for the real world.


BobJune 24, 2018 4:27 AM

@Telegram

As far as i know, signal is banned in iran, and i would not be surprised if it is banned in china and russia now that they do cannot count with domain fronting. As to why russia bans telegram, the founder of telegram is russian and a critic of the russian government, seems like a good reason.

@Hmm

I understand, but what i tried to say is using the best method available, like the one clive described, will not do a thing against fascist politics (except you are an activist, maybe). Using the best method is good if you want to preserve your freedoms, liberty and life, AND you communicate with someone who knows and understands said method, AND you are communicating something that puts you in danger. Thats a very specific use case... for all other uses cases, such "privacy" applications are good if you want to preserve your freedoms, liberty and life, because they participate in a much needed market force.

HmmJune 24, 2018 9:15 PM

" because they participate in a much needed market force. "

Privacy isn't nearly the market force it ought to be. Maybe someday.

Name (required)June 25, 2018 4:46 AM

@Telegram

>Why Iran and China and Russia ban Telegram and don't ban Signal and WhatsApp?

Because of its broadcast channels probably.

GregJuly 6, 2018 3:10 AM

@Telegram Messenger,

It can be interpreted as a sign that Telegram is less "cooperative" than Signal and WhatsApp. However, I think the popularity of Telegram can be attributed to being the enemy of the enemy due to its Russian roots. I just dont buy the fact that the founders are anti-Russian.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.