re: pol, redacted Mueller report (~)
Update: I am a terse skim and 100 pages in, and my brain has turned to powdered mush from so much dry reading.
But this is very, very thorough, and surprising in how well media reporting stood up in the fact pattern laid out by this document.
Hey is anyone around Seattle in need of some really boring shelves?
https://seattle.craigslist.org/see/fuo/d/seattle-black-wire-shelves/6869694226.html
in re, LB
Also relevant: https://zenpencils.com/comic/king/
Telegram, part trois
On principal, this should not be a decision I need to make because a popular mobile messaging app is becoming more grabby with data. But that being the reality of it, and with the reality being that many friends use it, I might be able to tolerate this.
I’ll have to think about this more, though.
Telegram, part trois
I am not out to family or out at work. My leading presumption is that (a) the Mormon branch of my family will become extremely aggressive, (b) it’s career-limiting to have a furry identity known by coworkers in my field, and (c) it makes it very difficult for me to share personal thoughts not endorsed by my employer.
Re-evaluating these, I think I might... finally be in a position in which I can weather them okay, when and if they happen?
Telegram, part trois
No response from Telegram support to my question about contact permissions. Hm.
I guess I now get to decide whether I want to let it back on my phone, when I’m reasonably certain it’s scraping new data or someone is actively misusing the contact identification features of the app. I guess I need to assess whether I’m prepared for it to out my private profile to more family and coworkers before proceeding.
Not an easy decision to make, but I might just say fuck it.
re: Telegram, part deux
And support request sent.
I wonder if this is something Telegram itself was running or if someone has been using scraped data and fake contact list additions at Telegram's API. Guess I'll see what they reply back with.
Telegram, part deux
So this is weird. Triaging the accounts I blocked yesterday after "X has just joined Telegram", the block rules show completely different users than the ones I added.
Telegram was definitely calling these contacts I recognized yesterday, and now they are... other people? Hmm.
I wonder if this is some kind of phishing thing being run on their platform. Dropping Telegram support a line.
building fire, anecdote
From https://www.futilitycloset.com/2012/12/01/edifice-complex/:
On visiting the Gold Pavilion Temple in Kyoto, Douglas Adams was impressed at how well the 14th-century structure had weathered the passage of time. His Japanese guide told him that it hadn’t weathered well at all; in fact it had burned to the ground twice in the 20th century.
“So this isn’t the original building?” Adams asked.
“But yes, of course it is.”
re: Telegram (-), data aggregation by corporate messenger apps
2009 me: I really wish I could find more friends online.
2019 me: I really wish online could stop trying to find more friends for me, to sell, for cash.
re: Telegram (-), data aggregation by corporate messenger apps
Or maybe they hooked up some other data integration I just don’t know about.
Guess I’ll keep it off my phone for awhile and see what happens. 🙃
re: Telegram (-), data aggregation by corporate messenger apps
Also, the clue this isn’t coming in via search on my profile is it manifested both times as an automatic contact creation, which only happens when Telegram thinks you already know a person (ie, via mutual contact list inclusion).
Desktop app contacts listed just the two and folks I manually added in the app.
So that doesn’t look like my contacts being scraped directly by the app? More my CDMA/GV number in others’ contacts?
re: Telegram (-), data aggregation by corporate messenger apps
Also, gaming this out, I don't _think_ I've ever given the application access to the phone's number or call history (which is a separate permission in iOS). But I imagine it can get this from metadata pretty easily.
I just reinstalled the app from cloud backup briefly to read its permissions: Siri and Search, Background App Refresh, Cellular Data. No contacts permission or permission to read handset info.
So what do? I don't want to be alarmist here, but I'd really like Telegram to not be blasting my info to contacts it shouldn't have.
re: Telegram (-), data aggregation by corporate messenger apps
Since this is getting boosted, I have no idea what's going on, and this could be Telegram being Telegram, here are the symptoms for my setup:
1. I have Telegram set up using a Google Voice number not associated with any other account and with blank contacts. That number is still the number associated with Telegram.
2. I had Telegram installed on an iOS device with co-residency to a personal number (defined by my CDMA info) and two Google Voice accounts (defined in Google Voice.app). The first account is the Telegram number, the second account is an unassociated personal Google Voice number that I use.
3. I disallowed contacts access for Telegram to my phone's contact list from the first time I installed it. iOS has a permissions model that lets you deny specific permissions on a per-app basis, and I've continued that with every subsequent contacts challenge the app has sent me. I'm reasonably sure I never clicked "allow" on any subsequent challenge.
4. About a week ago, I received a contact on Telegram from someone that has the second (personal) Google Voice account number. I assumed they probably searched for me specifically by my account name and ignored it, since they have that info.
5. Today, I receive another invitation, "X has joined Telegram", this time from an area code and number I recognize that should not have this info. This caused me to delete the app from my phone after blocking the contact.
My current hypothesis is that while main device contacts are denied, Google Voice's application furnishes this info or leaves metadata sitting on the device that Telegram slurps up. It's possible that something simpler is happening here, though, like fat-fingering a dialog a week or more ago. But I'm pretty sure that didn't happen?
Either way, it's enough to provide a cautionary account and to kill the app and its session from my main phone until I figure out what it's doing. I'm certain this is one of those almost-good-faith integrations with customer phone numbers, but I haven't figured out which one it is yet.
re: Telegram (-), data aggregation by corporate messenger apps
I think what I’m going to do for now is keep Telegram desktop available, since contact metadata is not available there. I’m going to also set Telegram back up on a burner Android device.
If contacts from personal numbers keep coming in, I’m going to possibly recreate my account.
Are there good instructions on what to look for/how to restrict or remove Telegram metadata from an account? It seems my number is still associated to the one I set up properly, though it's possible they scraped my device number or Google Voice number from metadata.
re: Telegram (-), data aggregation by corporate messenger apps
This continues a running theme of corporate platforms stapling my accounts together through their ads and data collection integrations instead of account setup. Google+ did the same thing to me by advertising my personal profile as "people you might know" to my family.
It would be really cool if the invasive push to advertise everywhere didn't also out people's private lives to family that may take hostile action against us, thanks.
Dragon. Agender, otherkin, occasional artist and writer, infosec engineer, in about that order. Avatar by Xeirla. Singular they/them preferred.
Also on @Goldkin (meow.social) for follow requests that don't work here.