Skip to content

tallero/PGPgram

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PGPgram

Python 3.x Support License: AGPL v3+

PGPgram example usage

PGPgram is a GPG encrypted backup/restore tool written in python using TDLib. It locally encrypts your files with GnuPG, before they get sent to telegram cloud.

Since version 0.2 it also backups youtube videos, playlist and whole channels.

Version 0.4 packages a pre-built windows binary.

Motivation

I've come to hate telegram. At the beginning, they were like "we're gonna open source everything after some time, we care about privacy", then

  • they've never released the source of the server (over 5 years have passed),

  • they didn't improve secret chats algorithm so that it could be the default way of sending messages without lacking features (going instead with a curious, to say the least) apology of unecrypted remote storage, despite aknowledging the existence of credential recovery schemes secure at least as their authentication;

  • they didn't ported secret chats to desktop;

  • they competed unfairly in respect to other opensource IM projects, locking in users with over the top short to last features made possible by their huge dollar backing (Durov), like not specified storage quota size (heck, what do you think you are, Gmail in 2004?).

  • their positions is not so much clear; regarding copyright infringements they put theirselves in a gray area; having strong opinions on the matter I am concerned that there exist loopholes in their statements.

So now telegram boasts itself as a privacy champion in the instant messaging space, although previous points tell us quite the opposite. Also, their press material is always very careful with words, so that their statements can easily lead uninformed users to think that their service is secure: they don't mention that's as true as when you say that Skype is secure, not as when you say that GNUpg is secure and you should know why.

So why did I write PGPgram?

I wrote it as proof-of-concept to show that it could be easy to have (whatever) encryption implemented by default on telegram. Not that counts anyway, because telegram API terms of services indirectly prohibit use of encryption over its servers:

it is forbidden to force users of other telegram clients to download your app to view CERTAIN messages and content sent using your app,

which is indeed what an encrypted by default version of telegram would do, even by keeping retrocompatibility.

It should be noted notice that PGPgram does not violate that rule, since the contents it produce are not meant to be shared with other telegram users.

At the time of writing it would be just a matter of time to convert PGPgram to a full fledged telegram client, using other encryption schemes that preserve message sharing among devices, forward secrecy or secret group chats and bots.

Installation

PGPgram is available through the Python Package Index (PyPI). Pip is pre-installed if python >= 3.4 has been downloaded from python.org; if you're using a GNU/Linux distribution, you can find how to install it on this page.

After setting up pip, you can install PGPgram by simply typing in your terminal

# pip3 install pgpgram

Archlinux

The packages pgpgram and pgpgram-git have been published on AUR.

MinGW (Windows)

The package pgpgram has been published on MinGW AUR.

Usage

PGPgram install a command line utility with the same name, pgpgram, that can be used to backup, restore, and list files. You can invoke command line help with pgpgram --help and get command options with

pgpgram <command> --help

PGPgram search

The application requires split, cat, dd, sha256sum and gpg to be present on your system, so maybe macOS users will need to make some aliases. At the moment file deletion is not handled because I reached time limit for unpaid development.

Backing up the backup

To backup your encrypted file list just put a copy of files.db (located in ~/.config/pgpgram) somewhere safe. If you need to import files from an existing PGPgram installation to another, you can use the import command over files.db.

About

This program is licensed under GNU Affero General Public License v3 or later by Pellegrino Prevete.
TDLib is licensed under the terms of the Boost Software License.
If you find this program useful, consider offering me a beer, a new computer or a part time remote job to help me pay the bills.