News: 0173387775

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Telegram's Peer-to-Peer Login System is a Risky Way To Save $5 a Month

(Tuesday March 26, 2024 @12:54PM (msmash) from the very-bad,-no-good,-terrible dept.)


Telegram is offering a new way to earn a premium subscription free of charge: all you have to do is volunteer your phone number to [1]relay one-time passwords (OTP) to other users . This, in fact, sounds like an awful idea -- particularly for a messaging service based around privacy. From a report:

> X user @AssembleDebug spotted details about the new program on the English-language version of a popular Russian-language Telegram information channel. Sure enough, there's a section in Telegram's terms of service outlining the new "Peer-to-Peer Login" or P2PL program, which is currently only offered on Android and in certain (unspecified) locations. By opting in to the program, you agree to let Telegram use your phone number to send up to 150 texts with OTPs to other users logging in to their accounts. Every month your number is used to send a minimum number of OTPs, you'll get a gift code for a one-month premium subscription. Boy does this sound like a bad idea, starting with the main issue: your phone number is seen by the recipient every time it's used to send an OTP.



[1] https://www.theverge.com/2024/3/25/24111818/telegram-peer-to-peer-login-otp-two-factor-volunteer


Clever Cost Savings (Score:3)

by Ksevio ( 865461 )

Since sending these SMS messages is one of the largest costs for these services, this is a pretty clever cost savings.

Downside for user would spammers could use it to harvest active phone numbers, though frankly it's not that hard to get a list of active phone numbers these days without needing to slowly register more and more telegram accounts which would each need a new number.

Re: (Score:2)

by war4peace ( 1628283 )

> without needing to slowly register

Slowly?

Awful? More like catastrophic (Score:2)

by Viol8 ( 599362 )

If you give their app permission to send SMSs and someone hacks it or its got some special For Vlads Eyes Only code squirrelled away in it your phone is owned and you are utterly screwed. I can't imagine the kind of imbecile that would say yes to this.

Re: (Score:2)

by Ksevio ( 865461 )

Those sound extremely implausible events. You're suggesting that someone might hack telegram, have it send a 6 digit code and somehow sending this SMS will "own" your phone. Of all the things to worry about with this, your phone being hacked by it is not one of them.

Re: (Score:2)

by Viol8 ( 599362 )

Congrats on not understanding what I meant. Never mind, carry on...

Re: (Score:2)

by war4peace ( 1628283 )

Must be someone's inability to convey information...

and when telegram sms get flagged as spam by cell (Score:2)

by Joe_Dragon ( 2206452 )

and when telegram sms get flagged as spam by cell carriers for coming from many differnt numbers for something that should be on an short code or an small list of fixed full numbers?

Re: (Score:2)

by AleRunner ( 4556245 )

> and when telegram sms get flagged as spam by cell carriers for coming from many differnt numbers for something that should be on an short code or an small list of fixed full numbers?

(for the hard of attention span, the question was "what if the numbers get flagged as spam")

Then telegram gets the ability to cut off random parts of the numbering plan from SMS making internet messaging services more valuable and necessary. QED.

stop code rules? (Score:2)

by Joe_Dragon ( 2206452 )

Now if the number you get this from does not take an stop command that is bad and what if you don't even have an telegram account to remove your number from?

XMPP (Score:2)

by Baloo Uriza ( 1582831 )

Can we just collectively switch back to Jabber already? Telegram, Discord and Slack are clearly downgrades.

Someone other spammers uses it? (Score:2)

by Eunomion ( 8640039 )

Five crisp American dollars. But then how will Blad afford his bodka ?

Privacy? (Score:3)

by Artem S. Tashkinov ( 764309 )

Aside from encrypted p2p chats most people don't even know exist, Telegram is not about privacy, it's quite the opposite: your entire messaging history is stored unencrypted on Telegram's own servers, available to anyone with enough power or credentials.

Re: Riddle me this (Score:2)

by d4fseeker ( 1896770 )

Same reason whatsapp is more popular than signal even despite using the same. Protocols. Market reach and positioning. Signal markets itself for tech enthusiasts with all the crypto talk

Re: (Score:2)

by Opportunist ( 166417 )

Same reason MS is more popular than Linux, McAfee is more popular than ... well, every other (and better) AV tool and so many others where the inferior product is more popular than a superior one: They spend their money on marketing rather than creating a good product, and that's what sells.

How often I found where I should be going only by setting out for somewhere
else.
-- R. Buckminster Fuller