Telegram’s war with Russian authorities may soon become crypto’s war — we should learn wisely
Telegram has been the white horse in the battle for data protection, privacy, and open-source software. They’ve taken on Russian censorship head-on, reportedly survived multiple FBI infiltration attempts, and faced down crackdowns by at least 6 different countries. What many crypto and blockchain proponents fail to understand is that Telegram’s war will soon become their war. By understanding the battlefield and the tactics being employed by both sides, we can understand where decentralized technology may still be vulnerable.
We’re still perfecting blockchain security. We’ve built the building, now we’re arming the alarm. The problem is that our focus is often misdirected when it comes to the security of decentralized systems. We consider the potential of malicious actors — attacks on blockchains, mining centralization, colluding validators. We harp on the risks of custodians — exchange hacks, internal fraud. We even point to individual dangers — lost or stolen keys, the risks of self banking. But the greatest danger is in the foundations of our digital world. These are the risks that threaten the entire existence of blockchain. If we don’t identify these and accurately move to solve them, they may very likely destroy the dream of decentralization. Telegram is our word of warning.
Digital Cousins: Telegram and Blockchain
Telegram and blockchains aren’t so unlike. While Telegram is not decentralized, nor entirely open-sourced, it’s mission is similar: provide privacy and personal autonomy to individuals, reduce the control of central organizations and governments, and allow people to interact free of coercion and censorship. Just like with crypto, Telegram has stirred up some controversy.
The first real attack came as Russian officials targeted Telegram under the pretense that terrorists had used the platform to coordinate attacks — the age-old adage: censorship for security. Backed by federals courts, they demanded that Telegram turn over their platform’s encryption keys. Telegram politely refused. Russia began a series of coordinated attacks dedicated towards eliminating Telegram from Russia. These censorship attempts by Russia have highlighted our current systems’ points of failure. It’s likely that these same points will one day be targeted by entities who seek to censor and control crypto and other decentralized applications.
The Russian Strategy
Telegram started using Amazon's AWS to bypass Russian censorship. Now, if you were @roscomnadzor (highly unlikely because nobody's as dumb as these doorknobs), what would you do? Certainly not block 655352 IP addresses belonging to Amazon, right? That would be so stupid… oh pic.twitter.com/AxEHfRUGnU
— Manual (@manualmanul) April 16, 2018
Failing to eliminate Telegram with a straight ban, Russia targeted those foreign ISPs associated with Telegram. The two main routers of Telegram traffic? Amazon and Google cloud services. So what did Russia do? It banned 15.8 million IPs associated with these two cloud providers — how much of this traffic actually related to Telegram is impossible to determine.
Dear Russian users, maybe your devices are offline. Here's the reason: Our cloud servers are Amazon Global Servers. Roskomnadzor banned today over 1.8 million IP addresses belonging to Amazon and Google's cloud infrastructure.
Please use manual button to control devices.
— ITEAD Studio (@ITeadstudio) April 17, 2018
Obviously, the collateral damage was immense. Sites unrelated to Telegram went down and even payment portals proved unresponsive as the Russian ban far exceeded its original scope. Not stopping there, Russia then targeted VPN providers, asking that they ban Telegram messages. Next, they approached app store providers, requesting that they remove Telegram from their app stores for Russian users. How much Apple complied isn’t clear; they didn’t comply immediately or fully, but they apparently stopped allowing Telegram to update their app, even outside of Russia. Pavel Durov, founder and CEO of Telegram, discussed his frustration on Telegram. Soon after the public criticism, Apple again began permitting updates.
Recently, Russia moved towards stricter action, banning any internet traffic from foreign servers, arguably a clear move against Telegram and other controversial services. The impact of such a ban has yet to be realized.
The fact is, Russia took advantage of the weak points in our digital world in its quest to destroy Telegram. Take heed comrades! Censorship is coming to decentralized tech!
The main weak points appear at the points of connection between people and applications: centralized operating systems, centralized Internet Service Providers (ISPs), app stores, VPNs. It’s through these portals that users connect with Telegram and Blockchain applications. It’s through these points that freedom of information and privacy are most vulnerable.
The unexpected point of failures
Traditionally in crypto, points of failure revolve around protocol errors, human errors, and endpoint attacks. But take a step back and you’ll see that the industry is facing as relevant threats and attack vectors from sources outside its realm of control; these are often overlooked.
Internet Service Providers (ISPs) were the first targets of the Russian censorship campaign — and rightfully so. ISPs route information and messages along their electronic pathways — from your computer to the destination computer and vice versa. Unfortunately, these centralized points provide easy access to governments or entities looking to monitor or restrict internet behavior. Russia isn’t the first country, nor will it be the last, to take advantage of ISP centralization. But even in democratic countries, ISPs still have been known to restrict access. Sites like Wikileaks, or forums with controversial topics, have been the frequent targets of ISP censorship. The repeal of Net Neutrality left the door open for further censorship, as well as the harvesting of user data. It’s not unrealistic to imagine that crypto could be the target of similar crackdowns. There could be a significant incentive for this to happen too, especially as decentralization begins challenging various centralized entities or even the ISPs themselves. ISPs might even refuse to route information that they viewed as potentially harmful to their business. Or they could receive directives from governmental entities to regulate access to decentralized services — as has happened with Telegram.
App stores were the Russian government’s next target. App stores serve as the main onboarding point for customers. With crypto, customers will use app stores to download wallets, to download nodes, and to download decentralized apps. In addition to Apple’s questionable handling of the Telegram fiasco, they have a history of censorship, both on behalf of national directives as well as for their own benefit. Per request from the Chinese government, Apple reportedly removed VPN apps from its Chinese app store and even transferred iCloud operations and encryption keys to a Chinese-based provider. This site reported that Apple refused to update their app after they published an article discussing iPhone X jailbreaking. There are lists of cases like this: Apple censoring an app that showed the dark side of smart-phone production. Apple censoring an educational app that sought to provide educational content about Android.
Google isn’t much better. The Google Play store banned this alternative social media network for its lax free-speech moderation. Google also has a long history of following various national gag-orders.
The power of app stores to approve or reject updates and even ban certain apps is immense. Imagine you created a crypto app and are managing thousands of users? You identify an error in the application and create an update to resolve it; yet Google or Apple rejects your update, putting all of your users at risk. You have zero recourse. These situations represent just how much applications rely on Apple and other app store operators. Decentralized applications cannot live on centralized services and still expect to be decentralized. Without safe and censor-free onboarding locations, crypto will be hard-pressed to see mass adoption.
App stores serve essentially as mobile operating systems. But what about those desktop operating systems? They also offer a vulnerable avenue for censorship. There’s certainly precedent for it. Microsoft, in the early 2000s, lost a lawsuit for limiting the types of applications that users could install on Windows OS. Microsoft was heavily incentivized to do this as third-party programs like Java and Netscape directly competed with Microsoft-developed products like Internet Explorer. As demand for decentralization rises, these new solutions will surely conflict with Apple’s and Microsoft’s interests. What will happen when Apple and Microsoft view decentralized apps as a threat to their business models?
Take ZenGo for example — a current project dedicated to building a decentralized, keyless crypto wallet solution for mobile users. Onboarding users today means connecting with users on their terms — through app stores, through ISPs. Creating convenient crypto solutions means working through these centralized points. Only when decentralized app stores, operating systems, and ISPs exist will apps like ZenGo be able to remain entirely censorship free and accessible to all users.
Finally, Russia took towards banning all internet traffic from foreign servers — the final nail in the coffin of the free internet. Telegram was just the beginning. As long as there are efforts to create applications and technology that limit the power of centralized entities, those same entities will try to sabotage the success of those applications. Today, there are many places ripe for sabotage. What will happen when the focus moves from Telegram to crypto or blockchain related services? How will decentralized technology succeed when Apple and Google cripple app developers, Microsoft and Apple play favorites on their operating systems, and ISPs refuse to route relevant traffic? If we fail to recognize these pain points and solve them today, it will be too late.
We cannot see the development of true, decentralized technology when the platforms and services we’re using to access that technology are centralized and vulnerable to censorship. We need to recognize that decentralization depends on more than just decentralized platforms and currencies. We need decentralized ISPs, decentralized operating systems, and decentralized app stores. Only then will decentralized technology succeed. Telegram is fighting the good battle. Decentralization is what we need to win the war.
FOLLOW me on Twitter: @noamlevenson
I love getting questions or suggestions, so comment away! I do my best to respond to all thoughtful comments.