I see your stand from the comment above though, I’m not going to argue that. Peace.

Which is good because calling making a tech product safe “censorship” is a pretty fraught position to defend.

So, your strategy here was to purposefully make a convenient strawman ragebait of “we should ban general computing” – something that has exactly zero to do with the blogpost – and then ask a trick question? Clearly you are not here to have a conversation in good faith. Why bother?

But please do elaborate what my “stance on general purpose computing” is? Genuinely curious.

Regarding the question of why LLMs are “somehow a bigger problem”, I never said they are a “bigger problem”. I did not compare them to anything. Comparing LLMs to “general purpose computing” is like comparing hypermarkets to “the market economy” (and just before you go on another red herring quest: I said “market economy” not “capitalism”, that’s a whole different conversation). It makes no sense.

Hypermarkets are one possible artifact of the market economy, and LLMs are one possible artifact of general purpose computing. That does not change the fact that hypermarkets have huge issues attached to them. Just as LLMs have huge issues attached to them.

We can have general purpose computing while recognizing issues related to LLMs, just as we can have market economy while recognizing issues with hypermarkets. We can choose to promote or discourage them in our environment. Pointing out issues with them is not the same as calling for them to be banned. This is not at all difficult to grasp for anyone who comes into such conversation in earnest.

What I wrote about in the blogpost is a particular set of the issues related to LLMs, in the context of a deluge of hype trying to convince us somehow LLMs can break passwords (they can’t), exploit vulnerabilities (they can’t) and autonomously orchestrate cyber-attacks (again, they can’t).

LLMs add a shit-ton of attack surface due to their complexity, and will end up being a larger security problem than any of the fear-hyped scenarios above. Honestly not sure what’s so controversial here?

And look, if you don’t like my writing, just stop reading it. It’s really super-easy. There’s plenty of other stuff to read online, you can even use an LLM to generate something you’d like better.

Where, pray tell, was there even a mention of “banning” anything?

So I suppose I’m trying to understand what the differences are in how these two types of technology compromise cyber security.

Again, it does not make sense to me to make that kind of comparison.

Ooof, difficult. Triceratops, I think.

Ouch!

Is the stance here that AI is more dangerous than those because of its black box nature, it’s poor guardrails, the fact that it’s a developing technology, or it’s unfettered access?

All of the above I guess. Although I am not keen on making a comparison to these previous things. I have previously written about how IoT/“Smart” devices are a massive security issue, for example. This is not a competition, the point is not whether or not these tools are worse by some degree from some other problematic technologies, the point is that the AI hype would have you believe they are some end-all demiurgs when the real threat is coming from inside the house.

Also, do you think that the “popularity” of Google Gemini is because people were already indoctrinated into the Assistant ecosystem before it became Gemini, and Google already had a stranglehold on the search market so the integration of Gemini into those services isn’t seen as dangerous because people are already reliant and Google is a known brand rather than a new “startup”.

I don’t know about Gemini’s actual popularity. What I do know is that it is being shoved down people’s throats in every possible way.

My feeling is that a lot of people would prefer to use their tools and devices the way they had before this crap came down the pipeline but they simply don’t know how to turn it off reliably (partially because Google makes it really hard to do so), and so Google gets to make bullish claims on line-going-up as far as “people using Gemini” are concerned.

To me it’s a form of automation. I will not use it as I see no use of it in my workflows. I am also keenly aware of the trap of thinking it improves one’s effectiveness when it often very much does the opposite. Not to mention environmental costs etc.

If somebody wants to use these tools for that, whatever, have at it. But it’s pretty difficult to claim one’s an ethical hacker if one uses tools that have serious ethical issues. And genAI has plenty of those. So that’s what I’d bear in mind.

I am not opposed to machine learning as a technology. I use Firefox’s built-in translation as a way to access information online I otherwise would not be able to access, and I think it’s great that small, local model can provide this kind of functionality.

I am opposed to marketing terms like “AI” – “AI” is a marketing term, there are now toothbrushes with “AI” – and I am opposed to religious pseudo-sciencey bullshit like AGI (here’s Marc Andreessen talking about how “AGI is a search for God”).

I also see very little use for LLMs. This has been pointed out before, by researchers who got fired for doing so from Google: smaller, more tailored models are going to be better suited for specific tasks than ever-bigger humongous behemoths. The only reason Big Tech is desperately pushing for huge models is because these cannot be run locally, which means they can monopolize them. Firefox’s translation models show what we could have if we went in a different direction.

I cannot wait for the bubble to burst so that we can start getting the actually interesting tools out of ML-adjacent technologies, instead of the insufferable investor-targeted hype we are getting today. Just as we started getting actually interesting Internet stuff once the Internet bubble popped.

Author here, AMA.

Other companies are not biting on it.

Sure, makes sense! Thank you for the feedback. 😀

Hi, author here. Thanks for the good word.

Yes, Welch popularized the model of shareholder primacy, I should perhaps link to that in the text.

But the point I am making goes further: it’s not just shareholder primacy, because that could still be compatible with just making a good product and service and focusing on that.

What I am saying is: shareholder primacy has now lead to another, kinda new thing, which is basically making the hype the actual main product the company sells. And tech companies diving into that bubble in lockstep. Every large tech company today is selling AI to shareholders, regardless of what a regular person can buy from that company – graphics cards, office productivity suite, operating systems, or smartphones. The “regular” product or service is just a vehicle for AI hype, an empty vessel to be filled with whatever grabs investor attention.

In other words: yes, shareholder primacy is a key underlying thing for it, but there was shareholder primacy without treating the hype itself as the product.

Nice!

This is way more different thing than claiming and proving that Telegram is somehow FSB honeypot.

I did not claim nor attempt to prove that “Telegram is somehow FSB honeypot”. I did claim and I believe I showed that it is indistinguishable from an FSB honeypot. If you’re nit-picking, at least nit-pick the correct claims, instead of some straw-man version of what I wrote that happens to be easier to attack. 😼

Yes, OCCRP received funding from USAID. They put that information very clearly on their own website. Here’s a crazy thought: investigative journalism needs to be funded somehow, and USAID was one of the ways this could be done. If you have a better idea of how to fund investigative journalism, there is a lot of media outlets that would love to hear from you!

The way OCCRP was/is funded does not say anything about the veracity of their reporting. Or that of IStories, which was done independently of OCCRP (that’s an important bit that most people miss).

What does speak to the veracity of reporting is the fact that over a decade and a half of reporting on stuff like this OCCRP has been sued by oligarchs multiple times in the most oligarch-friendly jurisdiction out there, UK (specifically, London), and have not lost a single time. Will Telegram sue OCCRP or IStories? Perhaps. Will they win? I seriously doubt it.

If they do sue, the discovery will be hilarious. IStories folks are going to get access to all sorts of great documents, I’m sure. Can’t wait for these to get published!

Speaking of documents, I like how you quote two random claims made in that OCCRP version of IStories article, and just decide to ignore the bit where Vedeneev claims, in actual court documents, that yes he has access to Telegram infrastructure. And how there are documents showing he owns GNM. And how there are documents showing he also signed documents on behalf of Telegram (hilariously, a document exists that he signed both on behalf of GNM and of Telegram). And how he co-owns or co-owned companies which are also co-owned by people directly connected to the FSB. And a bunch of other stuff.

But that doesn’t fit your “US shill” hot take, so why mention any of that right? 😄

You might also want to read the Russian version of IStories story, for hard documentary evidence of Durov’s connections to FSB:
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

On a personal note, it is so much joy to see all the hand-wavy pushback in this thread. Clearly the story hit a pain point somewhere. The funny thing is that if similar but much less substantiated claims were made about Signal here, there would be a frenzy of dunking on it as an “imperialist tool of surveillance”. 🤡

Ooh, that’s a good question!

I am going to say Sperm Whales, if only because of how amazing they look while… sleeping vertically:
https://www.nationalgeographic.com/photography/article/sperm-whales-nap-sleeping-photography-spd

Hi, author here. First of all, in that piece I don’t happen to recommend using any specific piece of software. I mention Signal and WhatsApp for comparison, as tools that are considered similar, and yet avoid making the same weird protocol choices.

Secondly, if you have any proof that any specific communication tool is used to “spy” on people, I am sure I am not the only person who would love to hear about it. That’s the only way we can keep each other safe online. Surely you wouldn’t be making unsubstantiated claims and just imply stuff like that without any proof, would you?

And finally, I’ve spent a good chunk of time and expertise on analyzing Telegram’s protocol before I made my claims. I provided receipts. I provided code. I explained in detail my testing set-up. You can yourself go and verify my results.

Instead, you claim it’s “propaganda”, while mischaracterizing what I say in that post. Classy!

Thank you, that’s really great to hear!

AMA is AMA

What have I done.

What lead you to dive into examining Telegram?

I do information security work, and I used to work closely with investigative journalists hailing from Russia, Kazachstan, Ukraine, and other places in that general area. Telegram is massively popular there. Because of this Telegram has been on my radar for a very long time as a serious security threat – not just because its protocol and management are suspect, there are plenty of other IMs like that, but also because of how many people I worked with had used it.

I’ve written about Telegram before, on amore general level (linked in the blog post), so when IStories reached out to me for comment on this it was a good inspiration to dive deeper.

How would you use it if abandoning it is not an option, safety-wise, on android? Like, opening it in browser instead, killing app from the background, or using some app\tool? Not using it for anything sensitive is obvious.

I would not use it. I refuse to accept that abandoning it is not an option. There are plenty of options. It’s always a decision one can make.

Please remember that even if hypothetically you could use it in a way that protects you from the spying – something I am very, very doubtful of! – the mere fact you are using it sucks other people into using it. You personally become one more reason for someone to start using or keep using Telegram. You personally become one more “user” of Telegram, justifying another media organization or NGO to set up or maintain a presence there – which in turn pulls in even more users into the dragnet.

In other words, your decision to use Telegram anyway, even though you know what the issues are, becomes one of the many things that make other people feel that “abandoning is not an option”. I refuse to be a part of that. The only thing I can recommend is to stop using it.

What are other potential worms is in there you may think of? Recently, Yandex and Meta analytics tools got caught in sending browsing data to phone’s localhost - where their locally installed apps caught it and sent back home. If the FSB conection is that deep, there is no end to what they’d want to mine from users.

I think this hits the nail on the head: If the FSB conection is that deep, there is no end to what they’d want to mine from users.

I don’t want to speculate. The possibilities are vast. But I will say what I said in the blogpost: Telegram is indistinguishable from an FSB honeypot.

I don’t trust Telegram the company, I don’t trust Telegram the software, I don’t trust MTProto. I certainly do not trust Pavel Durov. I don’t think we need to speculate on what more could possibly be hiding there, what is already known about Telegram should really be enough to stop using it.

Heh, thanks. AMA I guess.