Internet privacy and security course
About translation
Previous Next

Chapter 75

De-anonymization of users of messengers using P2P-connection

Imagine a messenger with text messaging with voice chatting (something like Telegram). You have invested hundreds of thousands of dollars, developed client and server parts, a modern website, and now enter the market with your own decision and willingness to invest more hundred thousands of dollars in advertising.

You rented servers in data centers located in different parts of the world (even if you decide to start modestly, you will definitely need servers in Europe, Asia, and America), and hired staff who regularly need to pay salaries.

And here you have launched it, being in the market, where you will have a difficult competition with other messengers, including WhatsApp, Viber, Signal, Skype, and Telegram.

How do users choose means for business and personal communications? In my opinion, there are four basic criteria: prevalence, safety, convenience, and quality. Let's talk about quality.

  Suppose that Ivan from Novosibirsk and Sergey from Ufa use your messenger. Ivan writes a message to Sergey, and it comes in the form of encrypted data from Novosibirsk to the data center of Europe or Asia and then from there to Ufa to Sergey.

The message flies almost half of the globe, and maybe more, if we assume that Sergey's application works through a proxy server in the United States. The speed of delivery will depend not only on the distance between the interlocutors, but also on the network load, but this is hardly noticeable when sending text messages.

But now Ivan and Sergey decide to talk using voice where the speed and quality of data delivery already seriously affect the quality of communication. In this case, they simply will not be able to talk well, as the sound will be interrupted, and will arrive with a delay. Whom do you think Sergey and Ivan will blame? Distance? Their misunderstanding of the architecture of the messenger? No, they will blame your messenger and go to a competitor.

You think what to do, and come to the conclusion that the most correct decision is to exclude your servers, and even better all the proxies specified in the application, if only you had the opportunity.

Knowing the IP addresses of the interlocutors, there is no difficulty in connecting them directly, excluding your server, this is called a P2P connection. Everything brilliant is simple. Now the data does not travel the world, but passes only a little more than 2000 km (by the simplest estimates, Ufa - Amsterdam - Novosibirsk is more than 9500 km).

But with proxying tools it is more difficult. If the proxy server registered in the application can be removed during the connection between the interlocutors, having previously checked whether the application can connect without it, then you will not remove the correctly configured VPN. For you to understand: if the chain has a proxy server in New York, the distance Ufa - New York - Novosibirsk will be approximately 18,000 km.

I write approximate figures, based on geographical distances and data of search results, in practice, the distances can be much more than the stated ones. I have not analyzed where the Internet cables are and what distance they make up.

So, the quality of communication improves, and Sergey and Ivan become satisfied users of your messenger.

But Ivan has ill-wishers who want to get his IP-address, knowing only the contact in the messenger. They make a call to Ivan, your messenger, of course, tries to connect the interlocutors directly. The malefactors will check which IP address the messenger is trying to make a call to, this will be Ivan’s IP address.

You, as the owner of the messenger, are aware of this problem, and you have two ways. The first one is to ignore the problem, as Skype did for a long time. As a result, the popularity of the so-called Skype resolvers - sites or software, which allowed to find the IP address of the owner by login, and some of them even could find the history of IP addresses used.

Software offered on the black market could regularly monitor victim status and their IP address. Yes, there was protection from Skype resolvers, for example, it was possible to allow calls to be made only to contacts or to set HTTPS protocol in the proxy settings, host, port 40031, but by default there was nothing in the settings.

It is much sadder that the problem affected Telegram, when after the appearance of calls the desktop application did not have the settings to protect against a P2P connection. The problem was quickly fixed, but for a while all users of the desktop version of Telegram were exposed to this threat.

The creator of Telegram Pavel Durov, commenting on the vulnerability, referred to the fact that it affected only 0.01% of all calls, and also indicated that competitors like WhatsApp and Viber are leaking IP addresses in one hundred percent of cases.

That is why, unlike WhatsApp or Viber, Telegram has always provided its users with the ability to disconnect P2P calls and transfer them through the Telegram server. Moreover, in most countries we have disabled P2P by default.
Pavel Durov

The second way is to protect users, for example, by disabling P2P by default or leaving it only for contacts.

Protection against de-anonymization through P2P connections

In the case of Telegram, for protection, you must make sure that P2P calls are disabled in the settings or at least are left only for contacts (Settings> Privacy> Voice calls).


A bit of social engineering

In the way described below, I helped to get the IP address of one fraud with Telegram. Unfortunately, this did not help the victim, since the fraudster was from another country, but the story can be a good food for you to think about.

We went out to the fraudster as another victim, posing as a young girl, and, having entered into trust, asked us to tell us in a voice about his service. Moreover, having previously connected a girlfriend, we sent him an audio with a female voice, there were many compliments, many emoticons - and he followed the bait.

But the connection discontinued every time I tried to connect, and then the girl sent this message: “You probably have not turned on the P2P in call settings, so we cannot communicate, turn on in the settings”.

You will not believe it, but he turned on and shared his IP address with us. Probably, this will not work with a real hacker, but various scammers and drug dealers can be identified in this way.