-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Secret Chats in Telegram Desktop #2
Comments
The campaign has been funded with 2.2 ETH which is equivalent to 0.15 BTC (turned out it's impossible to fund campaigns with BTC on Gitcoin). The proof of funds is available in the invoice attached to the campaign available at https://gitcoin.co/issue/marcovelon/tdesktop/2/100026398 UPDATE 04/2022: the campaign has been withdrawn from Gitcoin because their platform is totally broken. The funds distribution will be performed manually by me after completion of steps written in the first post. The current funding is 3 ETH and doesn't limit this only to 1 coder. |
I just want to thank you on your efforts to implement secret/encrypted chats into telegram desktop. This feature has been missing since 2015, and has been asked for regularly by the community since. Yet the developers express no interest and close any issue, referring back to a post from 2015. I wish you and the community well and hope this functionality is implemented. |
Update: currently working on adding in the logic for the secret chat, GUI is almost finished. Sometime in the next week or 2 I will be uploading my local commits to my account so the code will be available. Mods who see this, let me know if the inactivity issue has been solved, I forget we have to post regular WIP on here. |
Thank you so much for working on this @basedcookie. When it's done maybe you can post a crypto address to donate to (BTC, XMR or LTC for example), because I can't for the life of me figure out how gitcoin works. |
Since the bounty has been abandoned by basedcookie (no updates for more than 2 months), it is now open for a new applicant. If you are interested to code this feature, you can enroll here: https://gitcoin.co/issue/marcovelon/tdesktop/2/100026398 |
I had started working on this project, and will soon be posting the updates. |
Sad to see them @basedcookie leave. But good to see there is still interest in this project and hopefully this feature will be implemented. |
@OMTDesign Yeah, as now I am working on this project it will very soon be completed, I have expertise in cryptographic algorithms and hence it will be not a very difficult task for me |
@dhruvjain1122 which approach are you taking? Migration to TDLib? |
@arch-btw can't speak for them, but back when I was working on this I was trying to implement the feature directly into the existing code, personally that proved to be a little challenging and time consuming. If I were to work on it again I would take the approach of migrating to TDLib |
Alright, I think many of you will agree with the fact we have reached some point of absurd never seen before in FOSS community and it feels like Telegram purposely instructs their open source relations team to avoid this topic with an utmost effort. I am not sure what exactly is causing a nearly zero interest in this issue, however my suspections are that it's either one of those:
I understand that most regular users recklessly follow their misleading arguments because Durov positions himself as man of knowledge in programming, while he is not, and everything he has done so far was outsourcing programmers, not even mentioning how his brother Nikolai Durov coded everything for Pavel during startups and never continued to help him because of marketing oriented ideology of Pavel (I know this from Nikolay himself from the personal conversation with him some years ago). Just look at this:
See how many times this guy used the wording "no one", supposing that "no one will do it" and even if someone will, he won't merge it. I know that this guy has triggered skepticism from many experienced and knowledgeable people in this topic who instead of trying to prove him wrong, decided to not waste their time and just to leave Telegram. Some people even tried, but Durov often refute such stuff with well-marketed sophistry that results to work on his major part of the audience, since most of them don't have any knowledge in infosec and prefer believing what he says just because they trust him. Another reason behind all this hesitance on this issue could be that they are afraid of letting too much users to have conversations out of their control, ensuring that they can provide users communications logs to the law enforcement when asked, since their normal "cloud" chats permit to do that easily. Actually, the increased amount of censorship in their platform lately indicates that it could be true. Anyway, I am stopping to try finding only 1 coder for this task via non-efficient platforms such as Gitcoin (whose most important features stopped working completely and devs don't have any ETA to fix their stuff) because I think it's better if more people worked on this issue as supposed to be in the open source community. If you know how we can organize this better, please let's discuss it. p.s. @basedcookie thanks for the feedback, and while I understand that this task may have looked challenging to you and this is normal even if your coding level is good - simply because encryption is rarely employed in C/C++ coding tasks, but I still believe it's a relatively easy task for programmers who have specific experience with coding encryption algorithms on C/C++. I also think that the lack of interest for this issue by people with experience in this field is caused by Telegram's shady policies on E2EE encryption, described by me earlier. |
@marcovelon - good eye! |
There are still many variables that can make phones less secure, for example users themselves, the OS being used, proprietary hardware with same hidden surprises similar to ME/PSP and so on. For example, one laptop with soldered RAM running coreboot and Debian is already more secure than most mobile devices running stock Android or iOS vulnerable to Pegasus, while one mobile phone running security-hardened AOSP with F-Droid apps only can be more secure than most desktops running Windows 10, but in any case this is already a completely another subject. The main point is, Telegram's team have invented all this really weird argumentation as an excuse for not implementing Secure Chats on tdesktop, and that makes this whole story comical. And note how they don't even mention mobile device vs desktop platforms security, they just say that 'X is less personal than Y', which is already very vague and pointless, whatever it means. |
They'll never grant you that anything can be as secure as mobile - because as I described it cannot. This is because they have a different definition of security than you or I. Their definition is: how securely can eavesdropping be executed? Smartphone security systems are far more ideal for that. |
They are not in a position to "grant" that to anyone while their project still has some open source community support. They would have to go fully proprietary for enforcing such views you described. Currently, they already are facing reputational losses due to more and more incoming gag orders they have to attend, thus neglecting the open source community will make them uncompetitive. Honestly, I am quite happy with truly secure platforms like Matrix, xmpp with OMEMO or Briar. The only reason why I personally have to deal with Telegram is some significant amount of contacts that find it hard or impractical (for them) to use anything more secure, and I have to be glad that they at least don't force me to use Whatsapp or other proprietary chatting clients, so I can make encrypted chat with them using a phone. Well, I admit that reading some channels is nice too, but it's manageable to live without them by substituting them with a personal collection of quality RSS feeds. Anyway, let's give it a last chance trying finding coders for this issue, otherwise it seems that secure chats on tdesktop are never going to happen. |
@marcovelon I've looked at the effort to add TDLIB to tdesktop. A huge amount of the tdesktop codebase is making QWidgets look good. As a Qt developer, I've stopped burning time on that long ago. Instead of shoehorning TDLIB into tdesktop, I think a fresh application should be written around the TDLIB library. I looked at Cutegram and in many ways its just way too much Qml to run smoothly and error free. Qml should be used to describe the UX and everything else (business logic and lower) should be raw performant C++. Both avenues of using mtproto or generating a qml api from the schema (cutegram) seem less likely for long term success than just using TDLIB ( a choice that might not have been available at the start of these other projects). Anyhow if there is enough interest I'd be willing to start a new project for a modern telegram desktop client.
I think a solid 4-6 months to reach 1.0 (working full time). Maybe a crowdfunding campaign? Or we could start it and just let people show up naturally and contribute over the next couple months/years. Anyone wanting to chat more about funding or collaborating on a project can find me on Device Chain discord. |
If you wrote it from scratch, then why make it telegram-specific anyway rather than a Pidgin-like app that supports Telegram? Anyway, I refuse to believe the easiest way to get secret chats working on tdesktop for linux is rewriting it from scratch. |
I think scope is the big reason for not supporting every different messaging protocol, design something that does telegram really well first.... Maybe you're right and it is easier. But I just spent nearly 2 hours tracing through the tdesktop codebase and I'm dizzy. The code itself is fine but there is a lot of QWidget specific issues all throughout and I don't feel that's a good use of a developers time as QWidgets are always going to requires tons of work to build modern UX. Also because from my understanding the project must simultaneously change its underlying logic to use TDLIB (not just for secret chat but to migrate the other Telegram features as well) you end up with a LOT of changes. Sometimes when changing that much code on a project this big and old, it is simply a nightmare to test regressions alone. A new clean slate prevents many of those problems and replaces them with the requirement to do some things over. Id rather participate in a fresh effort with a reduced codebase size... That is just my two cents, I could be wrong. |
Strange to think you can redo Telegram and do better than its creators, considering it is a world-class UX (yes I realize you're not redesigning the UX but even replicating a UX entirely is difficult, no?). Furthermore, Telegram X redid it from scratch with a much larger support/funding and still hasn't accomplished all of the features of the original - and hasn't gotten as many users. Doesn't that put the rewrite into perspective? |
The design and look of the application isn't being debated... but I've rewritten entire QWidget projects in qml in a fraction of the time and with better results. Google around the many projects that have done this over the last 5 years. It's like I would have to explain the logic and advantages of higher level languages. If the attitude is such that a new effort is discouraged and mentioning of it will make people triggered and cranky, that's fine. Im looking for fun projects to work on not to change people's attitudes about software. Best of luck! |
Not cranky at all; just wondering how you would see my questions... Figured hard questions would be useful gates for starting such a large undertaking... Especially the last one about this merely being a client<->client feature we are missing (and clients are FOSS). Not only are you free to do as you please, but myself and others in this thread would like to see you attempt it. |
It's a big undertaking. I can't imagine it happening with a single individual alone. I would be interested in joining an effort or team. But I think many have moved on from telegram. Even the developer of cutegram seems to have moved on for "Oxygen". And I'm personally more interested in the technology of the matrix protocol myself. The single reason I would consider doing a Telegram client is because as far as I can tell there is not a Qt6 TDLib client yet. I see someone asked about linking issues on the Qt forums late last year but it could have been someone from this thread attempting to link it into tdesktop. In theory I could help build the first modern Qt6 Telegram desktop client using the "modern" Telegram TD library with all its bells and whistles. But I'd have to really be into Telegram to do that. |
@Tpimp thank you for manifesting interest in this. Your proposal on starting a new Telegram client sounds interesting, but since this issue here is centered only around one specific feature, as also noted by @dm17, it seems like the current funding and organization here won't be sufficient for a scale of your proposal. Meanwhile, I am considering delisting Migrating tdesktop to TDLib from possible solutions present in this issue, because:
To make it pragmatic, we just need to implement a few client-side cryptographic methods fully specified by the official documentation. This requires minimum UI coding and most of its work is implementing the core functionality. What can be done with TDLib in the current situation is trying to include it in telegramdesktop/tdesktop and adding Secret Chats with calls to its API, essentially for DH key exchange and encrypting/decrypting text and media. |
I have dedicated a few hours to dig into particular libraries that provide support for E2EE chats in Telegram to determine complexity of this implementation and concluded that its difficulty referred by the official devs is being exaggerated. This report will provide a better perspective of what needs to be done here. vysheng/tglReviewing https://github.com/majn/telegram-purple code in order to discover how secret chats are implemented with Creating secret chatsRequesting secret chats
Accepting secret chats
Sending secret chat messages
Receiving secret chat messages
The whole implementation is quite minimalistic and straightforward. Reading its code gives full understanding of how secret chats work. For both encryption and decryption the Currently it may crash on incoming encrypted messages, but it's not because it can't decrypt them. It looks like something related to mtproto protocol upgrades, but reviewing it wasn't within a scope of my objectives. majn/telegram-purple#567 tdlib / C++Reviewing tdlib-purple code in order to discover how secret chats are implemented with
Creating secret chatsRequesting secret chats
Accepting secret chats
State updates during key exchange
Sending secret chat messages
Notice how Receiving secret chat messages
Telegram Desktop / C++A quick review of the cryptographic functions already existing in Telegram Desktop demonstrates the presence of all the functions required for secret chats implementation. Since cloud chats use exactly same cryptographic methods used for secret chats, the necessary cryptographic implementation is already present in Telegram Desktop and can be found in the following source code files:
For example, these AES IGE functions wrap the original deprecated openssl
They are absolute equivalents for wrappers All the functionality related to DH key exchange is also present in Telegram Desktop, because mtproto use it for transport layer security and cloud chats. Hence, what should be done to implement secret chats in Telegram Desktop is adding protocol-specific headers, routines and event binds related to secret chats, using cryptographic functions already present in Telegram Desktop. Speaking of UI implementation:
And of course there is absolutely no need to migrate Telegram Desktop to TDLib in order to implement secret chats. Unfortunately not myself a C++ coder, otherwise it would have been done, because it's really just a week of work for an average C++ coder. |
Thank you for confirming my and others point of view regarding this. I believe your research will help to facilitate the implementation. |
That's the point , I have no idea what to write on verify signature. I have tried so many times. |
For address put: |
How's it looking folks? I wonder if we achieved a single link from any of the official secret chat tdesktop threads to this thread. Or maybe someone can get it up on HackerNews. |
This issue needs a dedicated website to gain more visibility, similar to websites created for vulnerabilities such as https://heartbleed.com https://www.hertzbleed.com https://downfall.page It seems @sergiotarxz suddenly left the project. Last thing I heard from him was an email where he asked whether the funds are still available, to which I replied with a proof of funding reserves. I have personally stopped using Telegram already and now use SimpleX Chat. The Telegram company and its founder do everything to follow commercial interests only, leaving behind freedom of speech and privacy. Pavel Durov himself doesn't understand nor knows what Net Neutrality is, so expect him to comply and bow behind the Chat Control 2.0 regulations in the near future. There is no point (at least for me) to continue wasting time and efforts to improve the platform that is obviously not interested in defending privacy of their users. I still will payout the funds remaining on the funding wallet for this project in case someone decides to finish @sergiotarxz's code. I can also coordinate the project in case there is a minimal interest from the community. |
Thanks @marcovelon - great suggestion. |
Hi, I am sorry for getting back so late, when I said I was going to return to the secret chats development I was taking into account funds from a Telegram user (He offered 4_000€ and finally retracted) who finally retired them so I was not capable to take the project and had to take other projects instead. I estimate in 2 months the time required to complete the third phase and 8_000€ what is reasonable to ask for such time for a self employed developer in my country, the first two phases were a really good offer when I was starting as self-employed because I could both complete them fast and win my first money, but I cannot say the same about the third phase. I am sorry for the inconvenience and the lack of communication, it was not my intention to disappear and I even thought in doing the project underpaid for my expectations, I am just busy and when I found the bounty to be less than I thought I focused in another project instead. |
If someone wants to take the challenge to do the third phase for the funds available I will happily help them to fix the merge conflicts so they can start programming using the latest master of TDesktop, I cannot currently take the third phase but I think it is the less I can do. |
https://github.com/UnigramDev/Unigram supports secret chats on Windows. You can also mirror your android device to your Windows PC via https://github.com/Genymobile/scrcpy and do secret chats that way without having to install a Telegram client on Windows. There are lots of ways to do telegram secret chats, but it's unlikely to ever come to the official desktop client. |
Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening 😆 |
Just wanted to add my voice to the petition. I understand the limitation of secret chats being specific to each machine and that is perfectly fine. Having multiple secret chats for a given friend depending on which device they are on, and them needing to do the same for me, is a simple concept and I absolutely prefer that to anything being stored on the server - even if it is encrypted. It's exactly what you would expect from such a thing. Please stop penalizing users because you fear some vocal minority of brainlets. This is exactly the reason so much of the internet, apps, browsers and OSs and everything else continues to turn to garbage. |
FYI, the official Telegram forked The description of that repository says it's based on |
Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed. |
This is great news for Windows users, but I believe most of people who participated in this petition and looking for this feature are Linux users. Also, a project that doesn't aim to provide cross-platform compatibility indicates nothing else but their team members having quite low standards.
Good. Also something like telegram.fail or telegramdesktop.fail can be effective in terms of SEO boosting.
There is conspiracy. Given the level of hate addressed to this initiative and me personally coming from various Telegram developers in their official Telegram development chat, I have no minimum doubt left there is a huge conflict of interest. The company behind the official Telegram client is acting cowardly and pathetic in regards to this issue, putting actual efforts to dim all this information and what happens here from spreading. Thank you very much for coming back and updating us! I was contacted by some company that randomly funds open source projects and they told me they're interested in providing additional funding of 5000$ so the total will be estimating at ~11000$ to finish the whole thing. They should make a transfer within next days. |
No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra. I have destroyed all Microsoft Store garbage from my system. I wait official QT C++ version with Secret Chats. |
I linked to Unigram on GitHub. You can download it and install it from there. You don't need Microsoft store. If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more. |
Indeed, this is the kind of behavior that gives credence to the idea that they want it to be difficult to have an E2EE implementation that is too easy to inspect. "FOSS Linux apps give enthusiasts too much freedom and power to investigate a crypto implementation and therefore must be be guarded against." - doesn't sound that far fetched... |
That are big news!! I would be pleased to give it a try with that funding. I hope it materializes, please keep me updated. |
For memory safety if no skill to write safe C++ there is Rust that creates binary that speed is comparable to C++. As for download i am really blind or where is classic .exe version? like i said I have ripped out every bit of store core systems from my Windows. No Microsoft bloat ever for me, ever and usually those .NET apps are more sluggish from my experience than fine crafted C++ apps. |
That can be said about C, but it is unfair to say this about C++ since it has the features to program in a memory safe way such as shared pointers, with C++ you no longer allocate memory by yourself. |
I've managed to get additional funding of 10000 USD from some entity who wish to remain anonymous till the task is complete. The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD) Check here: https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc @sergiotarxz if you are fine with it then we would be glad if you can finish this. With or without an official PR - up to you. |
@marcovelon I am working on it again, wish me luck. |
I had to create a new virtual sim with the last reward since I lost access to one you provided to me. |
After all night I achieved to merge upstream changes into my own code, but I am still fixing segmentation faults. |
Probably the code could benefit from a refactor to adapt to the way tdesktop is currently doing things. I will give priority to it to work and in the end I will try to leave the code as beautiful as I can. |
How would this specific fork would work in the future. Would it require constant cherry picking or something after upstream commits? I have no experience with large codebases at all. If you can ELI5 this, I'd really appreciate it :) |
@otuva It will require pulling the upstream changes, fix the merge conflicts and adapt the code every time we want to update. I can tell you it is a very hard work, this is what I am trying right now. |
I can say that I achieved to restore the functionality of my original branch with current telegram branches and I can get to attempt implementing the UI, I have not commited nothing yet. @marcovelon I am open to suggestions about what I should attempt first. |
Any updates @sergiotarxz ? Many are curious, I'm sure :) |
Hi @dm17 I was not able to be full time dedicated to this until now but I did some progress in UI. I think pretty soon I will start to advance faster since I was able to finish a work for a client and I can be full time dedicated from now on. |
Hello everyone |
This issue is a continuation of telegramdesktop#871 and telegramdesktop#16835 and is dedicated to the code bounty campaign related to lack of implementation of a Secret Chat feature (end-to-end encryption in private messages) in Telegram Desktop.
The objective is to implement the Secret Chats feature into this Telegram client: https://github.com/telegramdesktop/tdesktop
It is possible to do it with 3 different ways (but not limited to):
Migrating tdesktop to TDLib/Including TDLib to Telegram Desktop and using its Secret Chat API partlycomment from @lukejohnsonrpThis code bounty doesn't limit the programmer to any specific way of implementation, as soon as the final result will make possible to use Secret Chats on the open source Telegram Desktop (tdesktop) client on Linux and Windows in the exactly same way as it's done in mobile clients.
UPDATE 04/2022 / Funds distribution scheme:
There will be 3 payouts based on completion of the following stages:
Estabilishing Secret Chats via DH key exchange (ability to send and accept Secret Chat requests)[COMPLETE] in sergiotarxz@41fcaa8Ability to send and receive encrypted messages in estabilished Secret Chats[COMPLETE] in sergiotarxz@41fcaa8The developer(s) will receive 1 ETH for completing one of the stages from the list above, totalling 3 ETH for all stages. The source code should be available and compilable.
The adjacent functionality such as deleting and configuring Secret Chat options can be done during any phase of the work progress described in the list above, however it must be done before or with 3/3.
I have created a verified signature for my Ethereum address containing the funds for this issue: https://etherscan.io/verifySig/4431 (https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc)
Any voluntary donations are welcome. You can send them to the address above.
My email for communication is marcovelon@protonmail.com
CURRENT PROJECT FUNDING:
The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)
The text was updated successfully, but these errors were encountered: