Sigh... If only we all had a universally used "standard" proper messenger (for daily private communications, not "social media presences"). If only it was so easy to make everyone I know use only one of these. But no - Microsoft had to kill off Skype and I'm stuck using a wild jumble of telegrams, vibers and facebook messengers - none of which I trust or even like, but still have to use to communicate with literally 1-2 persons in each one.
Good luck moving your "international" family chat into one of these. :) And I have a friend who refuses to use TG for private communications not because of security or anything, but because he associates it with the war. And, obviously, I use MS Teams for work but would never even think about also using it for private messaging (whoever at MS thought that having your work and life in one place 24/7 is a great idea for everybody, definitely deserves a promotion... say, to a torpedo driver). And some people think discord is cool; and my recently mobilised friend asked me to use yet another messenger instead of TG to ping him now; and so on and so on.
Lots of nostalgy about the times when everyone around here just used ICQ (not that I want it to come back, really).
I know about it, but never had anyone I know seriously consider it. As far as most people are concerned, it's "just another messaging app out of dozens", I guess. And, of course, people I communicate with have other people of their own to communicate with, and so on, so why would they suddenly install an extra messenger just for me? :)
Most I could do is develop another one of my own. Not that it'd help anyone...
You probably won't ever be able to do that because security is rarely convenient. Use TG for family chats and cat pictures, use Signal for op-sec. The most critical security issue is always the human factor so you are not gaining much from having a secure messenger with your theoretical granpa who has no idea how to validate public keys via side channel etc.
Yes of course and that was how the Internet was originally "supposed" to work. It was supposed to be built in a decentralized manner based on open public protocols.
Unfortunately, the only significant protocols for delivering "content" that are still standing from that original vision are SMTP (e-mail) and HTTP (the web, though it is increasingly privatized). And the only successful addition to that suite, was BitTorrent.
I'm sure if you asked Julian Assange, he'd recommend plain old E-mail with PGP encryption. But this is far too much "your grandfather's" idea of internet privacy for seemingly anyone to stop using these instant messenger apps.
Excellent post as usual on what is not happy topic. I don’t think it is possible to report telemetry after your drone/missile goes boom unless you have some kind of voodoo that raises it from the dead. What I suspect might be happening is that the drone has a very crude mobile phone that transmits its gps and telemetry while it is flying back via the cell phone network. Easy to hide however it could also give Ukraine a way to detect and defeat them as what mobile phone moves in a straight line at hundreds of km per hour. Sort of like detecting the stealth fighters. It may have the radar cross section of a duck but what duck flies at close to the speed of sound?
Can't drones have a "black box" kind of device that survives after the impact, like airplanes do? Obviously, it would be trickier since it also has to be "active" and not just "keep the data intact inside a scorched box waiting for someone to collect it", and maybe I'm just naive, but it doesn't sound like something 1000% physically impossible.
I am sure it is possible- the issue would be transmission as black boxes have a pinger which is very robust but crude. To transmit complex data requires complex systems (relatively) which are easily damaged. Far more effective IMHO would be to constantly update the telemetry and even if the drone crashes or is shot down it would tell you valuable information. You know the target and you would know it’s last position so you would be able to work out air defence positions from even a failure. Totally accurate or fool proof- no but very little in war is.
Right. As a software engineer, I can easily think of a high-level "algorithm" off the top of my head, for example, the black box can have a fragile transmission device safely fixed inside the protective casing (together with the data storage and any required battery, which probably won't have to be large for such a one-time use). Then, as it detects the impact, separation and eventual stabilisation, that casing would "open" (or whatever) carefully to allow the transmission to happen.
Knowing how to implement all this "in metal" and keep it compact enough for a drone (and cheap, too) is way out of my area of expertise, but I wouldn't bet my life on the whole of Russia not having engineers able to pull it off, if they really wanted it.
But yes, realtime transmission up until the impact is much easier and probably more than enough for their current needs.
...and, if nothing else (and if one prefers to think in style, 'the Russians are too stupid to do that'), mind that they always have enough money to buy somebody who is cleverer.
Not you or me to blame, but: the 'first usual reaction' in Ukraine whenever the Russians introduce something new to the battlefield is, 'haha' and 'but, they can't do this and can't do that'.
I am a data engineer/ dba and you are totally correct 👍. Each drone has a cheap sim the sim is the primary key for the data stream and you could pump back airspeed altitude heading and geolocation back into a database or cube and run analysis on it because you know the target and you would have a good idea of weather so it would be possible to work out exactly what happened to each drone eg begun diving on target verify with satellite. Stopped transmitting mid-flight - shot down. Lots of changes in heading and altitude and last transmission far from target - bad weather = weather gods screwed you good weather = Ukraine EW.
1. Serhii Flash (a very authoritative source on UAV connectivity) publicly debunked the whole "note from friendly engineers" thing as well as the idea that RU UAVs are able to use mobile connectivity in Ukraine en masse. There is no hard source for the note either.
2. Telegram is just hands down the most convenient messaging up there is from the user experience, chances are if Russians use Telegram to get drone telemetry, this would only be for the reason to keep all tabs in the same window. Same as anyone using Telegram bots a services up to Ukrainian government ones (e.g. traffic fine monitoring) because it's just a convenient thing to do.
3. There is nothing special to Telegram in means of creating a secure two way link so long as you have connectivity in first place. I literally did just that on our system for debugging with just an SSH tunnel. It's solvable by any half competent IT person so Telegram in itself would only provide some quality of life, but not a technological edge. The fact that Telegram is hard to filter is only relevant in the context of mass medias and regular users, not when you are rolling a telemetry system for devices you are in full control of.
4. Telegram's encryption (MProto) is home-grown and have been subject of many theoretical attacks and criticism. In general it's a bad idea to roll out your own crypto, so the best way to describe Telegram's security is "we don't know" and that would include risks for Russian operators too. That argument is absolutely not in favor of Telegram usage for the military and for Russians it'd be a sign of complacency above all.
5. The issue of mobile connectivity in itself is being worked by Ukraine in a systematic manner. As with anything it's a back and forth battle, but there is no evidence to suggest that Russian UAVs can efficiently use Ukraine's networks. It is plausible of course, but The Economist just went all out with spreading rumors which is hardly helpful for anyone.
tl;dr if Shaheds use mobile connectivity over Ukraine, that happens in a very limited capacity and has absolutely nothing to do with Telegram and its capabilities whatsoever.
To translate this into something I do 'technically understand': the Kh-32 air-to-surface missile.
This is powered by a mix of extremely hazardous, highly toxic fuels (oxidiser and acid). Which is making alone its handling on the ground (like 'mere' refuelling) extremely difficult and time-consuming process, foremost dangerous for those working on the missile, and then flying aircraft from which they are released. And the weapon is notoriously inprecise: requires a target with a radar cross section well above 1,000 square metres to 'work' - which is why it's, actually (or 'by Western standards') entirely pointless to try using it against such targets like average-sized transformation stations.
OK.
Just... and correct me if I'm wrong but, I have a feeling that didn't prevent the Russians from deploying them by hundreds against Ukraine, so also against transformator stations...
I'm not saying it's impossible, I'm just saying that the possibility to use mobile networks was evident from day one and both countries have taken measures (a high altitude flying mobile device is very easy to distinguish), which we on UA side know for a fact. The media storm happened because it was relatively unknown for general public at this point and it also coincided with the publication of a video from a Shahed (which apparently was guided by a radio on a border region rather than mobile) so it quickly spiralled in a psyops.
Right now the technical discussion among the UAV crowd is rather about whether RU UAVs try to use the mobile base station network to navigate passively (which is harder to detect) or if they indeed try to send some data. At any rate, from where I stand it's more of a yellow journalism that actual issue what caught anyone with pants down.
Obviously it's not an argument for Telegram, but I dislike the fact that it spurred discissions on things like mandatory SIM registration and crackdown on Internet which would do very little to help (Russians have ample supply of SIMs from occupied territories).
But as we saw in Jyoti Malhotra Youtuber case it is used to feed info to Pakistan from ISI Spies based in India . The whole idea of the most private app goes down the bin . Pavel Durov is doing nothing about it too. He doesn't even care what happens on his app he just wants to take whatsapp down. Come on atleast make moderation tighter to not have to use Telegram for illegal purposes.
I don't see how this translates to our experience. And what exact "moderation" we are talking about. Right now nothing happened and people call for censorship. Which isn't healthy. That's regardless of Telegram itself.
Terrorist operating using Telegram ofcourse has nothing to do with Ukraine yes but then still those criminals use telegram to plan out attacks and send sensitive data across
Well they can use any other messenger for that exact purpose. There is a principal balance between privacy and enabling the bad guys. You could apply the same argument towards Signal for example. Or even WhatsApp if their E2E claims are to be trusted. Or just the concept of cryptography in general.
While I agree with your general message that Telegram is just an ovehyped app with no real consequence, I don't understand a particular problem:
1. in another threat you're saying drones using Wifi is impractical.
2. in point 5 you're saying drones using mobile internet has also been blocked
3. but in the original post Tom is mentioning that he received confirmation drones are submitting information via Telegram, thus they do have internet access.
I don't see how 3 is possible of both 1 and 2 are correct.
For (2) I'm saying that the blocking is being implemented, but it's inherently imperfect so some devices may slip through (and it's the case of UA UAV flying in RU as well). There have also been reports of satellite terminals being installed (which is viable and highlighted by civilian operators in other countries, see Ofcom's recent regulations).
Flash says that they try to submit telemetry via mobile internet (and Telegram by extension), but are largely unable to. It's more of a question of % of mishaps by UA mobile network filtering of RU UAV communication (which is a constant arms race), and it obviously has noting to do with Telegram or any other application layer.
My line of engineering is not exactly in line with UAV design but is almost. And much of what you wrote I thought also. I.e. what is the big deal? I would have thought Ukraine's efforts re preventing exploitation of cellular networks be focused on intelligent firewalling / filtering by the infrastructure, not banning Telegram. Although can Telegram be used for targeting if it uploads user locations which are then compromised?
Technically speaking both sides can use telegram for telemetry, mapping and all. Or any side for that matter.
The reason why telegram is chosen for such task is this, if you do your own app, and install it in shahed that has a kind of smartphone environment and cellular card. Then you'll have to use some servers to process this, and then once the pattern is established, since traffic goes through Ukrainian networks first, it would be easy to block it. Telegram is firstly using random server from a huge pool to service traffic, and second of all it is... just telegram traffic. Which being encrypted does not show if it telemetry or something.
The only way to deal with that, since shahed will move at 200 km/h, it will switch from one base station to another, is to temporarily deny ANY card switching too fast.
Look, as far as I know, telegram is prohibited for communication and transmitting information. Not for installing it, opening it or using it for social media posts.
Those requirements are developed by cyber safety department, and if they see threat at this angle, then they could be as well correct in their assessment.
You know, it could be Russia is going to invade Ukraine. Nobody is sure, but it could happen. However, there's no reason to be upset about that outlooks.
...nor to do something about it.
Especially not on time.
That was the widespread stance back in, say, October-December 2021. So much so, the boss of the BND was caught sleeping in his hotel room in Kyiv, early on 24 February 2022.
Bottom line: if people do not want to learn from experiences, no problem. Less work for me - at least in this branch. I can go studying space flight, insects or birds instead.
Now this is a topic I feel mostly competent to comment about.
On an application level, users are communicating directly to each over. However that still happens via their internet connection. It's User - Router - Internet - Router - User.
This Telegram connection cannot be used as a homing beacon, because it's only virtually user-user, on a technical level it's not. When phones or other devises are used as homing beacons that's because the phone is trying to wirelessly connect to the cellular tower so the User-Router connection is bein hijacked.
Encryption on the other hand is about ensuring nobody in the middle of this long chain can tap into the conversation and read it, it's about creating this virtual user-user "tunnel" via the internet.
What Telegram and similar apps can do is, if you have an agent or a compromised hacked device close to your target, this device can be used to transmit coordinates, video, ect. And encryption is ensuring Ukraine's own internet network will transmit this being unable to distingquish it from normal civilian usage. The drone itself can also potentially be a Telegram bot, using unsecured civilian Ukrainian routers to receive or transmit anything, from anywhere.
Ukrainians using Telegram does not in any way interfere with Russian agents/bots using Telegram. The only potential interaction that I see is that if less Ukainians were using it, it would make it easier for counterintelligence to find suspicious traffic but I doubt that's actually realistic. And just to be clear, Telegram is just one app of many, that happens to be popular at that area of the world. A small team of university students can create a Telegram-like app as their course assignment, it just won't be as popular and familiar to the soldiers using it.
What's more realistic is for Ukraine to make sure not to use non-encrypted wireless routers. (just to be clear, that literally just means not setting password on you wifi) Those are a huge security risks as these things are happy to transmit any trafic, from anyone, to anywhere. So Russia (and Ukraine btw) does not need some sophisticated long-range signal to guide their drones, they just need the drone to tap into the wifi router of the nearest idiot who forgot to put a password on it, thinking it's too much hassle, and that router will do the job for them.
I always though it's obvious that's the way everyone is doing it. It's a bit of a luck-based approach as you don't know how often you'll lose connection but that's all range/speed really affects - you won't be constantly in coverage and the drone will have to handle things by itself while waiting for the next open connection to hijack.
It can maybe be abused for something like urban ops with quads or land based platforms, but definitely not with high-altitude flying fixed wings.
The reason for this is that even unencrypted Wi-Fi requires a handshake and a bunch of back and forth traffic. If it worked one way you could strap a stupid high power amplifier on the drone and transmit stuff in hopes that the router picks it up, but unfortunately you need to get the router's response back which is not something you can reliably do for home routers on an UAV flying a kilometer above because the router's power is way too small to pick up with an omnidirectional antenna and the drone definitely won't be able to aim a directional one.
This has been studied to death by the hobby scene trying to use stock WiFi for telemetry and video and it's been quickly discovered that even if you were to use high power radios and sharply directional antennas on the ground, the underlying WiFI protocol makes it almost impossible to use over any significant distance. There have been solutions to using wifi cards for that (both UA and RU actively use this btw), but they revolve around putting the radios into non-standard modes that disable the whole handshake sequence completely. Which makes in incompatible with stationary routers.
Fair enough, I'm not sure the handshake is that slow but I defer to people with more hardware technical knowledge. All I know is that Telegram is not the issue, the internet connection that enables its usage is, and that problem needs to be solved.
Problem with the handshake is not about speed, it's with being physically able to receive router's part of it (i.e. with the router's signal strength, like I thought).
Yes, basically this. There are some timings involved (and also maaaybe effects like doppler shift btw), but the most critical part is that the power is inherently assymetrical in this case. That on top of *both* 802.11 and Telegram's TCP layer requiring bidirectional communication. UPD: reading comments below it would seem that Telegram maaay have some kind of one-way protocol options, but I really am not an expert. At any rate, there are much better ways so long as you have connectivity.
There are ways to make it one way which aren't even a secret, but it will exclude:
My point is this: there is a possibility of the Russians 'doing that'. It's a distant possibility, it's unlikely, but there is a possibility they could.
Now, back in 2021, the possibility of the Russian invasion was distant and unlikely, too. And see what happened.
So, expecting the Russians not to use the option, because somebody is convinced that's not feasible, easy, or distant, and unlikely... sigh...
Oh indeed, I definitely think it's stupid for Ukraine military to be using a commercial app with suspicious links to Russia. When I say "unless they hack your phone it's fine"... well you are installing Telegram on your phone... if the applicaition itself is compromised you've just done that. And if you install that without thinking who knows what else you're going to install... So the general message of being careful is definitely on point. It's just that I think the focus should be on securing the routers from being used in a braindead-level stupid ways and also on securing devices from being hacked. Focusing on Telegram individually may not be addessing the worst security threat if then the user is going to install someting even more stupid...
What you said about drones sending back data via Telegram - they can only do that if either wifi or the cellular network transmitted that information. Neither should be doing that if it's properly secured, though the methods would be different (with cellular network it's more about not servicing phone numbers that just entered from Russia at high speed)
Is typical wi-fi router's signal strength really enough for a drone to reach it? Mine doesn't seem to give any signal just a few steps away from under my window, and I live on second floor (first, if you count from "ground floor"). Never tried to connect to it flying past the window at 200 kmph, though... :)
I don't know really. Your example though is a bit weird as you're trying to connect from below, through a concrete wall. I don't know what the range of these things is in the open, and how much variance there is between models.
All I know is, if Russian drones have access to the Internet while inside Ukrainian territory, it's coming from somewhere and that's a much bigger problem than whether they're using Telegram or another app.
To make it clear (technically) about Telegram: the official message about "post-mortem messages" makes perfect sense from a technical standpoint. Now, to the details...
Essentially, Telegram has several different "modes of communication" that could be classified into two big groups: offline and online.
Offline (asynchronous) communication:
#1.1 Offline direct messages: when you send a text message/image/etc. to another person, and the message sits at the intermediary server until the recipient polls it for "updates". Works basically like an email system. Individual messages are encrypted and impossible to decrypt by Durov or the FSB, unless they hack the phone of at least one side of the communication. The history could be read after that (at least Durov claims so).
#1.2 Offline group chats. The same as #1.1, but encrypted with a group key (supposedly). This one can be decrypted and followed by Durov, and by anyone who happen to get into the chat or seize the phone, obviously.
#1.3 Offline pub-sub ("channels"). The same as #1.2, but with only one publisher and unlimited number of readers. If the channel is "open to join", it can be (and is) publicly scraped by FSB and everyone's grandma for stats.
Online (synchronous) communication:
#2.1 Online (synchronous) direct messages: This creates a temporary **online** chat with a PFS ("perfect forward secrecy") feature making it impossible to read the history, even if the phone is seized. The communication here is either direct through UDP-based NAT-puncturing (phone-to-phone), or through a relay server *without storing the messages at the intermediary*. Uses encryption devised by Durov's older brother personally. As a side note, rolling out your own crypto is a **very bad move** in the crypto community, and a sign of the highest hubris.
#2.2. Online direct call: the same as "mode 2" but for real-time voice data. When you call, it shows you four little emojis at the top of the screen - if they don't match with the same at the caller's screen, you're under a Man-in-the-middle (MITM) attack.
#2.3. Online conference: works as Zoom or any other videoconferencing - communication goes through a central relay server and (supposedly) is not stored there. Should be decryptable by Durov, but not FSB.
Now, all this stuff is supported by a distributed infrastructure of relay and storage servers organized in a tree configuration: offline message from Alice to Bob gets first uploaded to the storage server closest to Alice, and then goes up the tree and down to the server where Bob was seen last (with possibly some optimization to avoid unnecessary hops later). One way or another, the messages are **stored at local servers** when sent through any of #1.X modes.
Now, let's say we have three tasks at hand:
A. Guide a drone in real-time through enemy territory using Telegram
B. Target the drone at the last known position of a phone on Telegram (e.g. target an enemy commander)
C. Indicate where our (Telegram-connected) drone was shot down over the enemy territory
Let's figure out which modes fit for each of the tasks.j
Task A: Real-time guidance.
All the offline (1.X) modes are only suitable for the task if the connection is absolutely perfect, with no network congestion, etc. And also, there is significant latency, ranging from 200ms to several hours (in case of network outage). So, these don't fit the goal.
All the **online** modes fit, but again, with many caveats, such as: a drone crossing between cellular towers and operators will lose connectivity with high probability due to IP address change (if using direct UDP connection), or may even have to switch from one Telegram relay to another (again, losing connectivity). This means frequent reconnections. This is very unreliable, especially since the enemy may block regular internet traffic through their cellular or landline connections.
Verdict: using Telegram as a real-time control channel for a drone going through the enemy territory is feasible only as an additional, method, and only for the value of its real-time relay servers. Any other real-time calling app maybe used in the same role, **if it has relay servers in the enemy territory**.
Task B: Target on the phone
To create a connection for a direct voice call, Telegram sends a UDP package directly to the last known IP address of the recipient. This vulnerability was long-known and exploited by the FSB to target activists in the Russian opposition and general internal affairs. IP-based positioning is far from precise, but it can, e.g., reveal concentrations of enemy personnel in an area. To counteract this, you must disable the incoming voice calls feature in Telegram.
Also, Telegram has a feature to "share my position", there are ways to make the victim install a trojan on their phone, etc. Again, no difference from any other messenger (or email).
Verdict: Using Telegram to target individuals precisely is not feasible, unless combined with other methods (e.g., social engineering). For targeting the movements of groups of people, this is perfectly feasible, unless all individuals disable the voice calling feature.
Task C: post-mortem communication
This is where Telegram's offline (#2.X) modes can prove very useful: when the drone is moving through enemy lines, it can send a signal with its coordinates several times a second through Telegram. Telegram's offline modes use the "eventual consistency" mode of distributed communication. This means that if the drone's Telegram app connects to a local Telegram relay for even half a second, it will be enough to send **all** the accumulated messages in a single batch. The relay itself does not need to be connected to the primary network. Therefore, it will still work even if, for example, the city comm operator completely disconnects from the nationwide network during the attack. The Telegram relay will store the messages until the comm operator reconnects upstream. Moreover, **not** sending some messages is already an indication of "something fishy" going on in an area.
Verdict: This is where Telegram truly shines. It is totally possible to use local Telegram relays as "black boxes" for storing drone telemetry data. Even when the drone is already dead, and the connectivity is disrupted countrywide. And this is where Telegram shines compared to other messengers: Durovs made it resilient to nationwide blocking, and it works. Both ways.
Excellent article with clever questions. Now after working ~3 decades as an IT engineer (MS based) I can add some 5 cents (there could be also some duplication to what also some others did write.
1) I don't want to make anyone paranoid, but it doesn't need telegram for a homing beacon functionality. Every smartphone can be used as a homing beacon by the 'silent ping' funcionality.
We used it regularly to get hold through the police on those gents, who were unwilling to come to their army training (every 2 years).
Please keep also in mind that modern smartphones, when turned off are still using some energy, contrary to what the first mobile phones did.
2) Sending data after mission finished:
a) Basically one could construct a black box with a phone connectivity, but that black box would have to resists the energy of the warhead combined with the kinetic energy of the impact itself. IMHO in matters of costs versus benefits this doesn't make any sense, as
b) it would be much cheaper to create no black box and simply use the last available data to check it for each single missile (etc.) against the intended target.
3) Telegram uses phone numbers to identify the users (even when used on the PC)
About it's abilities everyone can easily get an overlook on the internet.
Like with any other communication it always depends who has access to the encryption keys.
If Ukraine wants to have secure communication channels it will have to program it's one app/program and use it exclusively for the militairy and of course regularly changing the keys.
4) Streaming video:
It depends on the available bandwidth. The needed bandwidth depends on the resolution and sampling rate. That data can be either transfered by the telephone functionality (this is what the Telcos sell additionaly as 'data volume') or by wireless IP and for example via satellites acting as access points.
Hope that answered at least some of the questions.
Considering how long Russia has used troll and bot farms (Russia., Russia, Russia) and puts such importance on propaganda and misinformation, I can't understand why anyone would think they would be seriously lagging technically. Their military leadership is wanting, but technically they believe in the latest and best they can obtain..... Personally, I think the idea of using cell phones as homing beacons is damned clever, if a bit diabolical.....but that's me. It reminds me of a period in WW2 when the RAF night bombers were using a rear radar called Monica to detect approaching German night fighters. The Germans developed a device that homed in on the Monica transmissions, leading them to the bombers. The RAF had to stop using Monica.....
It really is a big quandary that the Ukrainian population haven't been herded onto the CIA/NSA/Meta social media platforms that dominate the NATO/G8 countries. I mean it's practically akin at this point to joining the suite of Western international institutions. Even Japan uses Facebook and Instagram in a big way.
Thanks Tom. I don't think Telegram should be singled out like that. At the beginning of last year, there were media reports that a Kyivstar SIM card was found in the downed Shahed and this did not serve as a reason to abandon this mobile operator. On the other hand, the Russians also paid attention to the above-mentioned problems.
It's kind of interesting everyone forgets Telegram was founded and is owned by Russian individuals, and everyone is surprised it is used by Russia for UAVs steering and data collection, or maybe, maybe other purposes...
...this comment only pertains to the eloquent, loquacious, profound, astute and even scurrilous (at times) writing that we were all so fortunate to read.
Obviously, the journalist is overselling this affair, but it does highlight how vulnerable are any military formations to even the crudest form of technological spying these days.
In essence, the Assadists fell for a cheap phone call scam and willingly offered systemic intel on their forces.
And to think this is similar to the kind of phone call scam that plague even civilians. At least in my country, absolutely everybody is confronted to it and 99% of the population know better.
This or the regular drama around running app because Westerner soldiers and especially Westerners spec ops cant stop themselves from using them even during military deployment just show how vulnerable every military institution is.
As for Telegram, I thought everyone realized Durov must be cooperating with the Putin system. The guy was also arrested in France recently. After a few days he was not just release but also awarded French nationality and some national medal trinkets. Apparently, he has the UAE nationality as well ...
Generally speaking, if a web 3.0 service (or really, any IT service) is free, it means you (the user) and your data are the product being sold. I thought everybody realized it.
Telegram has two use cases. One is mostly fine, actually, the other is a bit more risky.
The first use is that of a simple broadcasting medium. You can do reach large groups of people in an easy to use way. Thats great for press releases and all kinds of public information you would otherwise post to a public website, substack or send over unencrypted radio to anyone wanting to listen. That is mostly okay. The Telegram tech group might get information about the phones subscribing to the feed, and might get the usual position informations that phones spam to the world (mostly via ads, see this informative pages by netzpolitik.org (https://netzpolitik.org/databroker-files/), its basically a total mess with any ad based phone app, telegram is probably not even close to the worst offenders, e.g. weather apps sell 10cm exact location data...).
So if the FSB buys phone ad location data, they do not need any Telegram leak for that stuff.
The second use is messaging. Telegram is also popular because it is super easy to write a bot that sends some kind of status info, servers tell admins that there is some problem and so on. That works and Telegram does not have strict bindings to phone sim cards like Signal and others, so bots are easy and popular. So it is very plausible that drones can send basic status messages over that network, just not in the strict "real time" sense, e.g. less than 50ms delays. But it would be totally trivial to add some protocol to update targeting info over-the-air that way. Might take a few seconds or longer, so not good for terminal guidance, but adding new waypoints is probably trivial, if the russians wanted to do that.
Also Let me add in the Recent Jyoti Malhotra Case the ISI was using Telegram to get information off her
Sigh... If only we all had a universally used "standard" proper messenger (for daily private communications, not "social media presences"). If only it was so easy to make everyone I know use only one of these. But no - Microsoft had to kill off Skype and I'm stuck using a wild jumble of telegrams, vibers and facebook messengers - none of which I trust or even like, but still have to use to communicate with literally 1-2 persons in each one.
Well, at least I'm not in the trenches.
There are private secure Messengers though
Good luck moving your "international" family chat into one of these. :) And I have a friend who refuses to use TG for private communications not because of security or anything, but because he associates it with the war. And, obviously, I use MS Teams for work but would never even think about also using it for private messaging (whoever at MS thought that having your work and life in one place 24/7 is a great idea for everybody, definitely deserves a promotion... say, to a torpedo driver). And some people think discord is cool; and my recently mobilised friend asked me to use yet another messenger instead of TG to ping him now; and so on and so on.
Lots of nostalgy about the times when everyone around here just used ICQ (not that I want it to come back, really).
Actually I meant the likes of Signal etc
I know about it, but never had anyone I know seriously consider it. As far as most people are concerned, it's "just another messaging app out of dozens", I guess. And, of course, people I communicate with have other people of their own to communicate with, and so on, so why would they suddenly install an extra messenger just for me? :)
Most I could do is develop another one of my own. Not that it'd help anyone...
I think Signal and the likes are reserved only for hardcore Tech Nerds haha
You probably won't ever be able to do that because security is rarely convenient. Use TG for family chats and cat pictures, use Signal for op-sec. The most critical security issue is always the human factor so you are not gaining much from having a secure messenger with your theoretical granpa who has no idea how to validate public keys via side channel etc.
And we've all seen how Signal was used for op-sec in the US recently... :)
And it proves the point. The weak link is almost always human.
Sure. Who needs a man in the middle when there's an idiot in charge.
Yes of course and that was how the Internet was originally "supposed" to work. It was supposed to be built in a decentralized manner based on open public protocols.
Unfortunately, the only significant protocols for delivering "content" that are still standing from that original vision are SMTP (e-mail) and HTTP (the web, though it is increasingly privatized). And the only successful addition to that suite, was BitTorrent.
I'm sure if you asked Julian Assange, he'd recommend plain old E-mail with PGP encryption. But this is far too much "your grandfather's" idea of internet privacy for seemingly anyone to stop using these instant messenger apps.
Excellent post as usual on what is not happy topic. I don’t think it is possible to report telemetry after your drone/missile goes boom unless you have some kind of voodoo that raises it from the dead. What I suspect might be happening is that the drone has a very crude mobile phone that transmits its gps and telemetry while it is flying back via the cell phone network. Easy to hide however it could also give Ukraine a way to detect and defeat them as what mobile phone moves in a straight line at hundreds of km per hour. Sort of like detecting the stealth fighters. It may have the radar cross section of a duck but what duck flies at close to the speed of sound?
Can't drones have a "black box" kind of device that survives after the impact, like airplanes do? Obviously, it would be trickier since it also has to be "active" and not just "keep the data intact inside a scorched box waiting for someone to collect it", and maybe I'm just naive, but it doesn't sound like something 1000% physically impossible.
I am sure it is possible- the issue would be transmission as black boxes have a pinger which is very robust but crude. To transmit complex data requires complex systems (relatively) which are easily damaged. Far more effective IMHO would be to constantly update the telemetry and even if the drone crashes or is shot down it would tell you valuable information. You know the target and you would know it’s last position so you would be able to work out air defence positions from even a failure. Totally accurate or fool proof- no but very little in war is.
Right. As a software engineer, I can easily think of a high-level "algorithm" off the top of my head, for example, the black box can have a fragile transmission device safely fixed inside the protective casing (together with the data storage and any required battery, which probably won't have to be large for such a one-time use). Then, as it detects the impact, separation and eventual stabilisation, that casing would "open" (or whatever) carefully to allow the transmission to happen.
Knowing how to implement all this "in metal" and keep it compact enough for a drone (and cheap, too) is way out of my area of expertise, but I wouldn't bet my life on the whole of Russia not having engineers able to pull it off, if they really wanted it.
But yes, realtime transmission up until the impact is much easier and probably more than enough for their current needs.
...and, if nothing else (and if one prefers to think in style, 'the Russians are too stupid to do that'), mind that they always have enough money to buy somebody who is cleverer.
Sadly, I've worked with enough Russians in my life to know that they are anything but stupid when it comes to tech.
Not you or me to blame, but: the 'first usual reaction' in Ukraine whenever the Russians introduce something new to the battlefield is, 'haha' and 'but, they can't do this and can't do that'.
Best example: fibre-optic-cable guided FPVs.
Meanwhile, nobody is laughing about them.
I am a data engineer/ dba and you are totally correct 👍. Each drone has a cheap sim the sim is the primary key for the data stream and you could pump back airspeed altitude heading and geolocation back into a database or cube and run analysis on it because you know the target and you would have a good idea of weather so it would be possible to work out exactly what happened to each drone eg begun diving on target verify with satellite. Stopped transmitting mid-flight - shot down. Lots of changes in heading and altitude and last transmission far from target - bad weather = weather gods screwed you good weather = Ukraine EW.
UA UAV engineer here with a few cents.
1. Serhii Flash (a very authoritative source on UAV connectivity) publicly debunked the whole "note from friendly engineers" thing as well as the idea that RU UAVs are able to use mobile connectivity in Ukraine en masse. There is no hard source for the note either.
2. Telegram is just hands down the most convenient messaging up there is from the user experience, chances are if Russians use Telegram to get drone telemetry, this would only be for the reason to keep all tabs in the same window. Same as anyone using Telegram bots a services up to Ukrainian government ones (e.g. traffic fine monitoring) because it's just a convenient thing to do.
3. There is nothing special to Telegram in means of creating a secure two way link so long as you have connectivity in first place. I literally did just that on our system for debugging with just an SSH tunnel. It's solvable by any half competent IT person so Telegram in itself would only provide some quality of life, but not a technological edge. The fact that Telegram is hard to filter is only relevant in the context of mass medias and regular users, not when you are rolling a telemetry system for devices you are in full control of.
4. Telegram's encryption (MProto) is home-grown and have been subject of many theoretical attacks and criticism. In general it's a bad idea to roll out your own crypto, so the best way to describe Telegram's security is "we don't know" and that would include risks for Russian operators too. That argument is absolutely not in favor of Telegram usage for the military and for Russians it'd be a sign of complacency above all.
5. The issue of mobile connectivity in itself is being worked by Ukraine in a systematic manner. As with anything it's a back and forth battle, but there is no evidence to suggest that Russian UAVs can efficiently use Ukraine's networks. It is plausible of course, but The Economist just went all out with spreading rumors which is hardly helpful for anyone.
tl;dr if Shaheds use mobile connectivity over Ukraine, that happens in a very limited capacity and has absolutely nothing to do with Telegram and its capabilities whatsoever.
To translate this into something I do 'technically understand': the Kh-32 air-to-surface missile.
This is powered by a mix of extremely hazardous, highly toxic fuels (oxidiser and acid). Which is making alone its handling on the ground (like 'mere' refuelling) extremely difficult and time-consuming process, foremost dangerous for those working on the missile, and then flying aircraft from which they are released. And the weapon is notoriously inprecise: requires a target with a radar cross section well above 1,000 square metres to 'work' - which is why it's, actually (or 'by Western standards') entirely pointless to try using it against such targets like average-sized transformation stations.
OK.
Just... and correct me if I'm wrong but, I have a feeling that didn't prevent the Russians from deploying them by hundreds against Ukraine, so also against transformator stations...
I'm not saying it's impossible, I'm just saying that the possibility to use mobile networks was evident from day one and both countries have taken measures (a high altitude flying mobile device is very easy to distinguish), which we on UA side know for a fact. The media storm happened because it was relatively unknown for general public at this point and it also coincided with the publication of a video from a Shahed (which apparently was guided by a radio on a border region rather than mobile) so it quickly spiralled in a psyops.
Right now the technical discussion among the UAV crowd is rather about whether RU UAVs try to use the mobile base station network to navigate passively (which is harder to detect) or if they indeed try to send some data. At any rate, from where I stand it's more of a yellow journalism that actual issue what caught anyone with pants down.
Obviously it's not an argument for Telegram, but I dislike the fact that it spurred discissions on things like mandatory SIM registration and crackdown on Internet which would do very little to help (Russians have ample supply of SIMs from occupied territories).
But as we saw in Jyoti Malhotra Youtuber case it is used to feed info to Pakistan from ISI Spies based in India . The whole idea of the most private app goes down the bin . Pavel Durov is doing nothing about it too. He doesn't even care what happens on his app he just wants to take whatsapp down. Come on atleast make moderation tighter to not have to use Telegram for illegal purposes.
I don't see how this translates to our experience. And what exact "moderation" we are talking about. Right now nothing happened and people call for censorship. Which isn't healthy. That's regardless of Telegram itself.
Terrorist operating using Telegram ofcourse has nothing to do with Ukraine yes but then still those criminals use telegram to plan out attacks and send sensitive data across
Same way anyone can betray your national forces and send sensitive data to Spies on the other side. This is actually happening here where I am.
Well they can use any other messenger for that exact purpose. There is a principal balance between privacy and enabling the bad guys. You could apply the same argument towards Signal for example. Or even WhatsApp if their E2E claims are to be trusted. Or just the concept of cryptography in general.
While I agree with your general message that Telegram is just an ovehyped app with no real consequence, I don't understand a particular problem:
1. in another threat you're saying drones using Wifi is impractical.
2. in point 5 you're saying drones using mobile internet has also been blocked
3. but in the original post Tom is mentioning that he received confirmation drones are submitting information via Telegram, thus they do have internet access.
I don't see how 3 is possible of both 1 and 2 are correct.
For (2) I'm saying that the blocking is being implemented, but it's inherently imperfect so some devices may slip through (and it's the case of UA UAV flying in RU as well). There have also been reports of satellite terminals being installed (which is viable and highlighted by civilian operators in other countries, see Ofcom's recent regulations).
Flash says that they try to submit telemetry via mobile internet (and Telegram by extension), but are largely unable to. It's more of a question of % of mishaps by UA mobile network filtering of RU UAV communication (which is a constant arms race), and it obviously has noting to do with Telegram or any other application layer.
My line of engineering is not exactly in line with UAV design but is almost. And much of what you wrote I thought also. I.e. what is the big deal? I would have thought Ukraine's efforts re preventing exploitation of cellular networks be focused on intelligent firewalling / filtering by the infrastructure, not banning Telegram. Although can Telegram be used for targeting if it uploads user locations which are then compromised?
Technically speaking both sides can use telegram for telemetry, mapping and all. Or any side for that matter.
The reason why telegram is chosen for such task is this, if you do your own app, and install it in shahed that has a kind of smartphone environment and cellular card. Then you'll have to use some servers to process this, and then once the pattern is established, since traffic goes through Ukrainian networks first, it would be easy to block it. Telegram is firstly using random server from a huge pool to service traffic, and second of all it is... just telegram traffic. Which being encrypted does not show if it telemetry or something.
The only way to deal with that, since shahed will move at 200 km/h, it will switch from one base station to another, is to temporarily deny ANY card switching too fast.
And the source of original dismissal is this: https://t.me/serhii_flash/5650
And since he is radio engineer you may talk to him, to persuade to leave telegram altogether. I am sure he is well aware of all ins and outs.
So, if somebody continues using Telegram then, actually, 'at own risk', and 'they know better since engineers'.
Cool.
Hope, somebody can inform the Russians about this, so they know it's pointless to even try... :rolleyes:
Look, as far as I know, telegram is prohibited for communication and transmitting information. Not for installing it, opening it or using it for social media posts.
Those requirements are developed by cyber safety department, and if they see threat at this angle, then they could be as well correct in their assessment.
You know, it could be Russia is going to invade Ukraine. Nobody is sure, but it could happen. However, there's no reason to be upset about that outlooks.
...nor to do something about it.
Especially not on time.
That was the widespread stance back in, say, October-December 2021. So much so, the boss of the BND was caught sleeping in his hotel room in Kyiv, early on 24 February 2022.
Bottom line: if people do not want to learn from experiences, no problem. Less work for me - at least in this branch. I can go studying space flight, insects or birds instead.
And he is not "simply" engineer, he is leading engineer in radiotechnical recon and warfare.
Now this is a topic I feel mostly competent to comment about.
On an application level, users are communicating directly to each over. However that still happens via their internet connection. It's User - Router - Internet - Router - User.
This Telegram connection cannot be used as a homing beacon, because it's only virtually user-user, on a technical level it's not. When phones or other devises are used as homing beacons that's because the phone is trying to wirelessly connect to the cellular tower so the User-Router connection is bein hijacked.
Encryption on the other hand is about ensuring nobody in the middle of this long chain can tap into the conversation and read it, it's about creating this virtual user-user "tunnel" via the internet.
What Telegram and similar apps can do is, if you have an agent or a compromised hacked device close to your target, this device can be used to transmit coordinates, video, ect. And encryption is ensuring Ukraine's own internet network will transmit this being unable to distingquish it from normal civilian usage. The drone itself can also potentially be a Telegram bot, using unsecured civilian Ukrainian routers to receive or transmit anything, from anywhere.
Ukrainians using Telegram does not in any way interfere with Russian agents/bots using Telegram. The only potential interaction that I see is that if less Ukainians were using it, it would make it easier for counterintelligence to find suspicious traffic but I doubt that's actually realistic. And just to be clear, Telegram is just one app of many, that happens to be popular at that area of the world. A small team of university students can create a Telegram-like app as their course assignment, it just won't be as popular and familiar to the soldiers using it.
What's more realistic is for Ukraine to make sure not to use non-encrypted wireless routers. (just to be clear, that literally just means not setting password on you wifi) Those are a huge security risks as these things are happy to transmit any trafic, from anyone, to anywhere. So Russia (and Ukraine btw) does not need some sophisticated long-range signal to guide their drones, they just need the drone to tap into the wifi router of the nearest idiot who forgot to put a password on it, thinking it's too much hassle, and that router will do the job for them.
Wireless routers are an intriguing possibility, but I don't think it's feasible for UAVs due to speeds and ranges involved.
I always though it's obvious that's the way everyone is doing it. It's a bit of a luck-based approach as you don't know how often you'll lose connection but that's all range/speed really affects - you won't be constantly in coverage and the drone will have to handle things by itself while waiting for the next open connection to hijack.
It can maybe be abused for something like urban ops with quads or land based platforms, but definitely not with high-altitude flying fixed wings.
The reason for this is that even unencrypted Wi-Fi requires a handshake and a bunch of back and forth traffic. If it worked one way you could strap a stupid high power amplifier on the drone and transmit stuff in hopes that the router picks it up, but unfortunately you need to get the router's response back which is not something you can reliably do for home routers on an UAV flying a kilometer above because the router's power is way too small to pick up with an omnidirectional antenna and the drone definitely won't be able to aim a directional one.
This has been studied to death by the hobby scene trying to use stock WiFi for telemetry and video and it's been quickly discovered that even if you were to use high power radios and sharply directional antennas on the ground, the underlying WiFI protocol makes it almost impossible to use over any significant distance. There have been solutions to using wifi cards for that (both UA and RU actively use this btw), but they revolve around putting the radios into non-standard modes that disable the whole handshake sequence completely. Which makes in incompatible with stationary routers.
Fair enough, I'm not sure the handshake is that slow but I defer to people with more hardware technical knowledge. All I know is that Telegram is not the issue, the internet connection that enables its usage is, and that problem needs to be solved.
Problem with the handshake is not about speed, it's with being physically able to receive router's part of it (i.e. with the router's signal strength, like I thought).
Yes, basically this. There are some timings involved (and also maaaybe effects like doppler shift btw), but the most critical part is that the power is inherently assymetrical in this case. That on top of *both* 802.11 and Telegram's TCP layer requiring bidirectional communication. UPD: reading comments below it would seem that Telegram maaay have some kind of one-way protocol options, but I really am not an expert. At any rate, there are much better ways so long as you have connectivity.
There are ways to make it one way which aren't even a secret, but it will exclude:
- wifi
- telegram (maybe?)
My point is this: there is a possibility of the Russians 'doing that'. It's a distant possibility, it's unlikely, but there is a possibility they could.
Now, back in 2021, the possibility of the Russian invasion was distant and unlikely, too. And see what happened.
So, expecting the Russians not to use the option, because somebody is convinced that's not feasible, easy, or distant, and unlikely... sigh...
Oh indeed, I definitely think it's stupid for Ukraine military to be using a commercial app with suspicious links to Russia. When I say "unless they hack your phone it's fine"... well you are installing Telegram on your phone... if the applicaition itself is compromised you've just done that. And if you install that without thinking who knows what else you're going to install... So the general message of being careful is definitely on point. It's just that I think the focus should be on securing the routers from being used in a braindead-level stupid ways and also on securing devices from being hacked. Focusing on Telegram individually may not be addessing the worst security threat if then the user is going to install someting even more stupid...
What you said about drones sending back data via Telegram - they can only do that if either wifi or the cellular network transmitted that information. Neither should be doing that if it's properly secured, though the methods would be different (with cellular network it's more about not servicing phone numbers that just entered from Russia at high speed)
Is typical wi-fi router's signal strength really enough for a drone to reach it? Mine doesn't seem to give any signal just a few steps away from under my window, and I live on second floor (first, if you count from "ground floor"). Never tried to connect to it flying past the window at 200 kmph, though... :)
I don't know really. Your example though is a bit weird as you're trying to connect from below, through a concrete wall. I don't know what the range of these things is in the open, and how much variance there is between models.
All I know is, if Russian drones have access to the Internet while inside Ukrainian territory, it's coming from somewhere and that's a much bigger problem than whether they're using Telegram or another app.
Looks like Vixen covered this question nicely in the neighbouring thread.
To make it clear (technically) about Telegram: the official message about "post-mortem messages" makes perfect sense from a technical standpoint. Now, to the details...
Essentially, Telegram has several different "modes of communication" that could be classified into two big groups: offline and online.
Offline (asynchronous) communication:
#1.1 Offline direct messages: when you send a text message/image/etc. to another person, and the message sits at the intermediary server until the recipient polls it for "updates". Works basically like an email system. Individual messages are encrypted and impossible to decrypt by Durov or the FSB, unless they hack the phone of at least one side of the communication. The history could be read after that (at least Durov claims so).
#1.2 Offline group chats. The same as #1.1, but encrypted with a group key (supposedly). This one can be decrypted and followed by Durov, and by anyone who happen to get into the chat or seize the phone, obviously.
#1.3 Offline pub-sub ("channels"). The same as #1.2, but with only one publisher and unlimited number of readers. If the channel is "open to join", it can be (and is) publicly scraped by FSB and everyone's grandma for stats.
Online (synchronous) communication:
#2.1 Online (synchronous) direct messages: This creates a temporary **online** chat with a PFS ("perfect forward secrecy") feature making it impossible to read the history, even if the phone is seized. The communication here is either direct through UDP-based NAT-puncturing (phone-to-phone), or through a relay server *without storing the messages at the intermediary*. Uses encryption devised by Durov's older brother personally. As a side note, rolling out your own crypto is a **very bad move** in the crypto community, and a sign of the highest hubris.
#2.2. Online direct call: the same as "mode 2" but for real-time voice data. When you call, it shows you four little emojis at the top of the screen - if they don't match with the same at the caller's screen, you're under a Man-in-the-middle (MITM) attack.
#2.3. Online conference: works as Zoom or any other videoconferencing - communication goes through a central relay server and (supposedly) is not stored there. Should be decryptable by Durov, but not FSB.
Now, all this stuff is supported by a distributed infrastructure of relay and storage servers organized in a tree configuration: offline message from Alice to Bob gets first uploaded to the storage server closest to Alice, and then goes up the tree and down to the server where Bob was seen last (with possibly some optimization to avoid unnecessary hops later). One way or another, the messages are **stored at local servers** when sent through any of #1.X modes.
Now, let's say we have three tasks at hand:
A. Guide a drone in real-time through enemy territory using Telegram
B. Target the drone at the last known position of a phone on Telegram (e.g. target an enemy commander)
C. Indicate where our (Telegram-connected) drone was shot down over the enemy territory
Let's figure out which modes fit for each of the tasks.j
Task A: Real-time guidance.
All the offline (1.X) modes are only suitable for the task if the connection is absolutely perfect, with no network congestion, etc. And also, there is significant latency, ranging from 200ms to several hours (in case of network outage). So, these don't fit the goal.
All the **online** modes fit, but again, with many caveats, such as: a drone crossing between cellular towers and operators will lose connectivity with high probability due to IP address change (if using direct UDP connection), or may even have to switch from one Telegram relay to another (again, losing connectivity). This means frequent reconnections. This is very unreliable, especially since the enemy may block regular internet traffic through their cellular or landline connections.
Verdict: using Telegram as a real-time control channel for a drone going through the enemy territory is feasible only as an additional, method, and only for the value of its real-time relay servers. Any other real-time calling app maybe used in the same role, **if it has relay servers in the enemy territory**.
Task B: Target on the phone
To create a connection for a direct voice call, Telegram sends a UDP package directly to the last known IP address of the recipient. This vulnerability was long-known and exploited by the FSB to target activists in the Russian opposition and general internal affairs. IP-based positioning is far from precise, but it can, e.g., reveal concentrations of enemy personnel in an area. To counteract this, you must disable the incoming voice calls feature in Telegram.
Also, Telegram has a feature to "share my position", there are ways to make the victim install a trojan on their phone, etc. Again, no difference from any other messenger (or email).
Verdict: Using Telegram to target individuals precisely is not feasible, unless combined with other methods (e.g., social engineering). For targeting the movements of groups of people, this is perfectly feasible, unless all individuals disable the voice calling feature.
Task C: post-mortem communication
This is where Telegram's offline (#2.X) modes can prove very useful: when the drone is moving through enemy lines, it can send a signal with its coordinates several times a second through Telegram. Telegram's offline modes use the "eventual consistency" mode of distributed communication. This means that if the drone's Telegram app connects to a local Telegram relay for even half a second, it will be enough to send **all** the accumulated messages in a single batch. The relay itself does not need to be connected to the primary network. Therefore, it will still work even if, for example, the city comm operator completely disconnects from the nationwide network during the attack. The Telegram relay will store the messages until the comm operator reconnects upstream. Moreover, **not** sending some messages is already an indication of "something fishy" going on in an area.
Verdict: This is where Telegram truly shines. It is totally possible to use local Telegram relays as "black boxes" for storing drone telemetry data. Even when the drone is already dead, and the connectivity is disrupted countrywide. And this is where Telegram shines compared to other messengers: Durovs made it resilient to nationwide blocking, and it works. Both ways.
Very informative, thanks a lot!
Excellent article with clever questions. Now after working ~3 decades as an IT engineer (MS based) I can add some 5 cents (there could be also some duplication to what also some others did write.
1) I don't want to make anyone paranoid, but it doesn't need telegram for a homing beacon functionality. Every smartphone can be used as a homing beacon by the 'silent ping' funcionality.
We used it regularly to get hold through the police on those gents, who were unwilling to come to their army training (every 2 years).
Please keep also in mind that modern smartphones, when turned off are still using some energy, contrary to what the first mobile phones did.
2) Sending data after mission finished:
a) Basically one could construct a black box with a phone connectivity, but that black box would have to resists the energy of the warhead combined with the kinetic energy of the impact itself. IMHO in matters of costs versus benefits this doesn't make any sense, as
b) it would be much cheaper to create no black box and simply use the last available data to check it for each single missile (etc.) against the intended target.
3) Telegram uses phone numbers to identify the users (even when used on the PC)
About it's abilities everyone can easily get an overlook on the internet.
Like with any other communication it always depends who has access to the encryption keys.
If Ukraine wants to have secure communication channels it will have to program it's one app/program and use it exclusively for the militairy and of course regularly changing the keys.
4) Streaming video:
It depends on the available bandwidth. The needed bandwidth depends on the resolution and sampling rate. That data can be either transfered by the telephone functionality (this is what the Telcos sell additionaly as 'data volume') or by wireless IP and for example via satellites acting as access points.
Hope that answered at least some of the questions.
Very informative, thanks a lot!
Considering how long Russia has used troll and bot farms (Russia., Russia, Russia) and puts such importance on propaganda and misinformation, I can't understand why anyone would think they would be seriously lagging technically. Their military leadership is wanting, but technically they believe in the latest and best they can obtain..... Personally, I think the idea of using cell phones as homing beacons is damned clever, if a bit diabolical.....but that's me. It reminds me of a period in WW2 when the RAF night bombers were using a rear radar called Monica to detect approaching German night fighters. The Germans developed a device that homed in on the Monica transmissions, leading them to the bombers. The RAF had to stop using Monica.....
I’m surprised that Ukrainian telecom operators cannot automatically disconnect anyone traveling faster than 100km/h, especially during attacks.
A similar limitation used to be built into civilian GPS chips to prevent them from being used in improvised cruise missiles, etc.
It really is a big quandary that the Ukrainian population haven't been herded onto the CIA/NSA/Meta social media platforms that dominate the NATO/G8 countries. I mean it's practically akin at this point to joining the suite of Western international institutions. Even Japan uses Facebook and Instagram in a big way.
Indeed: they should be 'the next' on that list...
Thanks Tom. I don't think Telegram should be singled out like that. At the beginning of last year, there were media reports that a Kyivstar SIM card was found in the downed Shahed and this did not serve as a reason to abandon this mobile operator. On the other hand, the Russians also paid attention to the above-mentioned problems.
https://www.bbc.com/russian/articles/crk26gz6rmvo
It's kind of interesting everyone forgets Telegram was founded and is owned by Russian individuals, and everyone is surprised it is used by Russia for UAVs steering and data collection, or maybe, maybe other purposes...
...this comment only pertains to the eloquent, loquacious, profound, astute and even scurrilous (at times) writing that we were all so fortunate to read.
FUCK YEAH!!!!!!!!!!!!
Sorry to be late for the show.
Did you see that Tom ?
https://newlinesmag.com/reportage/how-a-spyware-app-compromised-assads-army/
Obviously, the journalist is overselling this affair, but it does highlight how vulnerable are any military formations to even the crudest form of technological spying these days.
In essence, the Assadists fell for a cheap phone call scam and willingly offered systemic intel on their forces.
And to think this is similar to the kind of phone call scam that plague even civilians. At least in my country, absolutely everybody is confronted to it and 99% of the population know better.
This or the regular drama around running app because Westerner soldiers and especially Westerners spec ops cant stop themselves from using them even during military deployment just show how vulnerable every military institution is.
As for Telegram, I thought everyone realized Durov must be cooperating with the Putin system. The guy was also arrested in France recently. After a few days he was not just release but also awarded French nationality and some national medal trinkets. Apparently, he has the UAE nationality as well ...
Generally speaking, if a web 3.0 service (or really, any IT service) is free, it means you (the user) and your data are the product being sold. I thought everybody realized it.
Telegram has two use cases. One is mostly fine, actually, the other is a bit more risky.
The first use is that of a simple broadcasting medium. You can do reach large groups of people in an easy to use way. Thats great for press releases and all kinds of public information you would otherwise post to a public website, substack or send over unencrypted radio to anyone wanting to listen. That is mostly okay. The Telegram tech group might get information about the phones subscribing to the feed, and might get the usual position informations that phones spam to the world (mostly via ads, see this informative pages by netzpolitik.org (https://netzpolitik.org/databroker-files/), its basically a total mess with any ad based phone app, telegram is probably not even close to the worst offenders, e.g. weather apps sell 10cm exact location data...).
So if the FSB buys phone ad location data, they do not need any Telegram leak for that stuff.
The second use is messaging. Telegram is also popular because it is super easy to write a bot that sends some kind of status info, servers tell admins that there is some problem and so on. That works and Telegram does not have strict bindings to phone sim cards like Signal and others, so bots are easy and popular. So it is very plausible that drones can send basic status messages over that network, just not in the strict "real time" sense, e.g. less than 50ms delays. But it would be totally trivial to add some protocol to update targeting info over-the-air that way. Might take a few seconds or longer, so not good for terminal guidance, but adding new waypoints is probably trivial, if the russians wanted to do that.