Saturday night, 9 PM, my wife’s mother writes me this polite message:
Hello, how are you? Tell me please, can you borrow me $200 till tomorrow?
Very weird way to formulate the request. She’s never polite. And of course, she never writes me in Telegram.
She can call, sometimes. Most times it’s when her daughter is offline for some reason, or too busy to pick up, and she wants something urgently. Other times it’s when she needs something from me directly. She’s not a typer, and most times she never even OK the messages. I’m not even sure if she’s able to read or write at lenght.
Another Hack#
A similar hack happened to an old friend from school about half a year ago.
He wrote me a weirdly phrased message, asking me to vote for his niece in some competetition, where (presumably) I could vote with my Telegram account. Yeah, looks totally genuine. Especially (of course!) considering the fact he has no nieces, as he has no siblings.
But what gave up the hackers was the language. He wrote me in Russian, yet we never use that language in our communication.
Erase History#
The event triggered the old task I’ve been postponing for months, if not years. I was willing to export my communication history and remove it from the clients.
I’m not writing ‘remove it from the servers’ because I don’t believe the content is actually getting removed. We have absolutely zero ways of proving it.
As much as I personally have zero ways of believing a ruzzian oligarch.
Even if the server code of Telegram would be open-sourced, we have zero ways of actually proving they run the open-sourced version, and not some other one.
Even if I would be able to host my own Telegram node (which is not possible) as much as I can host, say, Matrix server. Still, all the messages sent to a person on a different server, would be duplicated to that server. And you cannot reliably remove your messages from there, you have no means to prove they were removed.
So, technically, there’s no such thing as entirely removed messages. To me, it’s more like an illusion and my bet that this is purely a gimmic to trick people into believing it’s very secure. When it’s not.
You can remove the messages, yet you have no way to prove they were removed even from the clients. As I’ve been attending school in Belarus, all my schoolmates are from there originally.
It was a nice school that was specialised in math. And I have the class that had even more math lessons (with physics as well). I had a very talented math teacher, so most of my schoolmates are programmers now.
They have a huge protest against the dictator in 2020, and it’s been lost. The lose of the protest triggered massive repressions, and most of the people I know personally were either forced to leave the country or they were imprisoned and then they decided they’d leave the country. I have very little people I know personally that stayed in the country.
In all those cases, it was safer to nuke all the history from the clients, as a person could get imprisoned for basically any message from the past. Even some joke or meme, you can get arrested for many years for that only. That’s what ruzzian-controlled territories are like.
I didn’t bother back then, because I wasn’t in Belarus, and I had no plans to come to that country ever again. I left it long before the protests, basically after the Dec 19, 2010 protests.
The people I’ve communicated with, I know most of them were cleaning their Telegrams, removing their histories. Most of them didn’t bother to remove my histories with them, but some removed everything. One friend, we have an extensive Telegram communication during some period, and he nuked our entire history that spanned years. With one little weird bug: it wasn’t removed from my MacBook and my iPhone. It’s all present, entirely. It’s removed from other devices, and I cannot access it, but I can scroll back for as much as I want.
Export History#
To save some communication that wasn’t removed yet, I decided I’d like to export it all, and then remove the history for everyone who could be in potential danger. The export more likely takes some processing powers, because it was quite long for my MacBook, even when I connected it with wire (LAN cable) to the internet. And it was relatively quick from my powerful PC that is too far from any LAN sockets and is connected via Wi-Fi. The whole export took me about a day.
I was leaving home, so I left the computer on and when I came back the next day, it’s been done.
The export size was 150 GB! It’s a static website, if you export the human-readable data. Otherwise it’s machine-readable json.
Conclusion#
My wife said she felt dirty for the possibility that some hackers could get access to all her communication with her mom. I reminded that it’s unwise to rely on the messenger that’s out of your control, and it should be treated like it can be compromised any moment.
Reply by Email