net4people / bbs

Forum for discussing Internet censorship circumvention
3.47k stars 82 forks source link

Telegram connection in Canada is getting disrupted #389

Open immartian opened 2 months ago

immartian commented 2 months ago

Some users in Canada, have told me they started to be disconnected from Telegram whether it's on broadband or mobile services. Given the current event(https://here.news/story/c5264194?ver=0.14 ), the situation may be more bizzare although it's not a time to judge whether Telegram is a secure service or not. Not sure if it's the requirement from the government, or just by internet services.

Screenshot 2024-08-26 09 21 39

corpix commented 2 months ago

@Superming997 looks like there is a malware in the zip file https://www.virustotal.com/gui/file/546c34c2782216278a8273d3c9d3a954a980c7c2c7be220914aefe446fe94fd8

immartian commented 2 months ago

password: changeme In the installer menu, select "gcc."

A spammer or he's hacked.

wkrp commented 2 months ago

OONI has a Telegram test. Here are the worldwide results or just Canada. I don't see anything unusual yet, at least with what this test measures.

immartian commented 2 months ago

I have asked one of them run a OONI-cli up and got this result:

   26.92% telegram: measure https://web.telegram.org/: ok 
   28.85% telegram: measure http://149.154.167.51/: ok 
   30.77% telegram: measure http://149.154.167.51:443/: ok 
   32.69% telegram: measure http://149.154.175.50/: generic_timeout_error 
   34.62% telegram: measure http://149.154.175.50:443/: generic_timeout_error 
   36.54% telegram: measure http://149.154.167.91/: ok 
   38.46% telegram: measure http://149.154.167.91:443/: ok 
   40.38% telegram: measure http://149.154.175.100/: generic_timeout_error 
   42.31% telegram: measure http://149.154.175.100:443/: generic_timeout_error 
   44.23% telegram: measure http://95.161.76.100/: ok 
   46.15% telegram: measure http://149.154.171.5/: generic_timeout_error 
   48.08% telegram: measure http://95.161.76.100:443/: ok 
   50.00% telegram: measure http://149.154.171.5:443/: generic_timeout_error

which also appears at: https://explorer.ooni.org/m/20240826153150.590882_CA_telegram_34e09b3aa5d88390. Reading preliminary, it's not a smooth one, but somehow, OONI seems only count the visibility of web/mobile UI, rather than the other following requests, which matches what users have seen: the web.telegram.org is visible but the further connections are disrupted. The web app keeps showing "Connecting..." so to speak.

wkrp commented 2 months ago

OONI seems only count the visibility of web/mobile UI, rather than the other following requests, which matches what users have seen: the web.telegram.org is visible but the further connections are disrupted.

According to the Telegram test specification, the access points are considered blocked only if all addresses on the list are blocked.

If all TCP connections on ports 80 and 443 to Telegram’s access point IPs fail we consider Telegram to be blocked. The key telegram_tcp_blocking is used to indicate if we believe telegram to be blocked at the TCP level.

If at least an HTTP request returns back a response, we consider Telegram to be working as intended. The key telegram_http_blocking is used to indicate if we believe telegram DCs are blocked at the HTTP level.

I thought maybe the test's list of endpoints is out of date and includes live hosts that aren't actually being used, or something like that. This seems to be the latest kBuiltInDcs in desktop Telegram (note the repeated 2—a bug?):

https://github.com/telegramdesktop/tdesktop/blob/520de600a0ee4edaf0a8047ba6fb0371a7e3d939/Telegram/SourceFiles/mtproto/mtproto_dc_options.cpp#L31-L38

const BuiltInDc kBuiltInDcs[] = {
    { 1, "149.154.175.50" , 443 },
    { 2, "149.154.167.51" , 443 },
    { 2, "95.161.76.100"  , 443 },
    { 3, "149.154.175.100", 443 },
    { 4, "149.154.167.91" , 443 },
    { 5, "149.154.171.5"  , 443 },
};

And this, I think, is the list in the OONI nettest, which matches:

https://github.com/ooni/probe-cli/blob/112452a3c6c76843e21ac347f449068840df78f9/internal/experiment/telegram/telegram.go#L89-L97

// DatacenterIPAddrs contains the list of Telegram data centers IP addresses to measure.
var DatacenterIPAddrs = []string{
    "149.154.175.50",
    "149.154.167.51",
    "149.154.175.100",
    "149.154.167.91",
    "149.154.171.5",
    "95.161.76.100",
}

I posted a link to this thread in #ooni IRC, but I'm not sure if the IRC→Slack bridge works. If you have Slack you could let them know at https://ooni.org/about/#contact.

immartian commented 2 months ago

update: AS11814 can reach Telegram's servers now:

Connection to 149.154.175.50:80 was successful.
Connection to 149.154.175.50:443 was successful.
Connection to 149.154.167.51:80 was successful.
Connection to 149.154.167.51:443 was successful.
Connection to 149.154.167.99:443 was successful.
Connection to 149.154.175.100:80 was successful.
Connection to 149.154.175.100:443 was successful.
Connection to 149.154.167.91:80 was successful.
Connection to 149.154.167.91:443 was successful.
Connection to 149.154.171.5:80 was successful.
Connection to 95.161.76.100:80 was successful.
Connection to 149.154.171.5:443 was successful.
Connection to 95.161.76.100:443 was successful.

via a report submitted from the same reporter as yesterday: https://explorer.ooni.org/m/20240827140617.686775_CA_telegram_deb8df8ebfec4304

Not sure it's a choke temporarily or some adjustments made in the aftermath.