GPG encrypted backups on telegram https://prevete.ml/articles/pgpgram.html
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
pgpgram
screenshots
LICENSE
README.md
setup.py

README.md

PGPgram

Python 3.x Support License: GPL v3+

PGPgram example usage

PGPgram is a GPG encrypted backup/restore tool written in python using TDLib. It locally encrypts your files with GnuPG, before they get sent to telegram cloud.

Motivation

I've come to hate telegram. At the beginning, they were like "we're gonna open source everything after some time, we care about privacy", then

  • they've never released the source of the server (over 5 years have passed),

  • they didn't improve secret chats algorithm so that it could be the default way of sending messages without lacking features (going instead with a curious, to say the least apology of unecrypted remote storage, despite aknowledging the existence of credential recovery schemes secure at least as their authentication;

  • they didn't ported secret chats to desktop;

  • they competed unfairly in respect to other opensource IM projects, locking in users with over the top short to last features made possible by their huge dollar backing (Durov), like not specified storage quota size (heck, what do you think you are, Gmail in 2004?).

  • their positions is not so much clear; regarding copyright infringements they put theirselves in a gray area; having strong opinions on the matter I am concerned that there exist loopholes in their statements.

So now telegram boasts itself as a privacy champion in the instant messaging space, although previous points tell us quite the opposite. Also, their press material is always very careful with words, so that their statements can easily lead uninformed users to think that their service is secure: they don't mention that's as true as when you say that Skype is secure, not as when you say that GNUpg is secure and you should know why.

So why did I write PGPgram?

I wrote it as proof-of-concept to show that it could be easy to have (whatever) encryption implemented by default on telegram. Not that counts anyway, because telegram API terms of services indirectly prohibit use of encryption over its servers:

it is forbidden to force users of other telegram clients to download your app to view CERTAIN messages and content sent using your app,

which is indeed what an encrypted by default version of telegram would do, even by keeping retrocompatibility.

It should be noted notice that PGPgram does not violate that rule, since the contents it produce are not meant to be shared with other telegram users.

At the time of writing it would be just a matter of time to convert PGPgram to a full fledged telegram client, using other encryption schemes that preserve message sharing among devices, forward secrecy or secret group chats and bots.

Installation

PGPgram is available through the Python Package Index (PyPI). Pip is pre-installed if python >= 3.4 has been downloaded from python.org; if you're using a GNU/Linux distribution, you can find how to install it on this page.

After setting up pip, you can install PGPgram by simply typing in your terminal

# pip3 install pgpgram

Usage

PGPgram install a command line utility with the same name, pgpgram, that can be used to backup, restore, search and list files. You can invoke command line help with pgpgram --help and get command options with

pgpgram <command> --help

PGPgram search

The application requires split, cat, dd, sha256sum and gpg to be present on your system, so maybe macOS users will need to make some aliases. At the moment file deletion is not handled because I reached time limit for unpaid development.

About

This program is licensed under GNU General Public License v3 or later by Pellegrino Prevete.
TDLib is licensed under the terms of the Boost Software License.
If you find this program useful, consider offering me a beer, a new computer or a part time remote job to help me pay the bills.