Author

Topic: [Warning] Avoid Telegram bots for mixing (Read 50 times)

legendary
Activity: 1596
Merit: 1288
December 02, 2023, 08:42:29 AM
#2
It seems that privacy is becoming more and more difficult, and the attempt of these bots to provide some type of encryption will not solve the problem, but always relying on the Telegram bot or Cloudflare or all of these central services may mean that someone may be able to know your output address and thus reveal your privacy. Another issue is that it is not known when these records will be destroyed, and perhaps the mixer itself still keeps them and provides them to third parties.
jr. member
Activity: 49
Merit: 26
December 02, 2023, 06:30:22 AM
#1
There are some mixers that currently provide access to their platforms via Telegram bots.

If you plan to use one, you should be aware that Telegram bots don't use end-to-end encryption and store all the chat log data in plaintext on Telegram servers available for extraction by the Telegram team. The company can hand over your personal info and mixing data anytime to authorities upon a simple request.
Authorities will be able to deanonymize your mixed transactions by simply looking up an output address you provided to the bot and subsequently looking up for the corresponding input address provided in the bot's responses.

This is also known that Telegram collaborate with the law enforcement and doesn't provide end-to-end encryption for their standard and bot chats in order to have chat logs accessible for the extraction upon law enforcement requests:

https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdaten-an-das-bundeskriminalamt-a-0e4d3fcb-8081-4b87-b062-db412bbc294b
Translated: https://www.bitdefender.com/blog/hotforsecurity/der-spiegel-says-telegram-gave-user-data-to-german-police-in-fight-against-terrorism-child-abuse/

The only way to encrypt Telegram communications is by using Secret Chats, that are not available for chatting with bots nor used by default for "normal" chats, that are also prone to server-side logging in the plain text.

If a mixer provides an interface in a Telegram bot, (a) its operators are either unaware of security implications for its users, which means the service shouldn't be trusted overall or (b) that mixer is providing a service via an unencrypted channel with a purpose to undermine users privacy/anonymity.

The following data will be available upon a request originating from a LE agency to provide chat logs from a Telegram bot for each user who interacted with it: username (if defined); phone number; IP address; Telegram client details; OS; chat logs revealing all the input/output address information and UTXOs involved; subsequently if they start investigating a specific user: all user's contacts; the chat logs from all other normal Telegram chats and bots may be revealed, unless the user have used "secret chats" (E2E).

This concern also addresses using any other services via Telegram bots, such as exchanges or any other services that process personal/sensitive data.
Jump to: