Implement "secret chats" in Webogram #126

Open
thomasfr opened this Issue Mar 5, 2014 · 72 comments

Comments

Projects
None yet
@thomasfr

thomasfr commented Mar 5, 2014

At the moment secret chats are completly missing. It would be great if one could create new secret chats with all options (self destruct timer, etc) and security features known from the official telegram mobile clients

@GameScripting

This comment has been minimized.

Show comment
Hide comment
@GameScripting

GameScripting Mar 6, 2014

+1, start with encryption, implement other features later as end-to-end encryption is what makes telegram cool ;)

+1, start with encryption, implement other features later as end-to-end encryption is what makes telegram cool ;)

@thomasfr

This comment has been minimized.

Show comment
Hide comment
@thomasfr

thomasfr Mar 6, 2014

yep you are right @GameScripting . I really miss this feature on my laptop...

thomasfr commented Mar 6, 2014

yep you are right @GameScripting . I really miss this feature on my laptop...

@zhukov

This comment has been minimized.

Show comment
Hide comment
@zhukov

zhukov Mar 7, 2014

Owner

To tell the truth, Webogram is currently very far away from this feature. It doesn't use any sql storage which is required by secret chats. So this feature may be implemented in future, but it's not that easy.

Owner

zhukov commented Mar 7, 2014

To tell the truth, Webogram is currently very far away from this feature. It doesn't use any sql storage which is required by secret chats. So this feature may be implemented in future, but it's not that easy.

@thomasfr

This comment has been minimized.

Show comment
Hide comment
@thomasfr

thomasfr Mar 7, 2014

How can we help? IMHO a good starting point would be to extract the mtproto implementation to a seperate repository. This way the protocol api could be independently developed. see this #124

thomasfr commented Mar 7, 2014

How can we help? IMHO a good starting point would be to extract the mtproto implementation to a seperate repository. This way the protocol api could be independently developed. see this #124

@zhukov

This comment has been minimized.

Show comment
Hide comment
@zhukov

zhukov Mar 7, 2014

Owner

@thomasfr I don't understand how this is connected to secret chats. The mtproto.js library is completed and I don't see any things that can be significantly improved in it right now. So what's the point?

Owner

zhukov commented Mar 7, 2014

@thomasfr I don't understand how this is connected to secret chats. The mtproto.js library is completed and I don't see any things that can be significantly improved in it right now. So what's the point?

@GameScripting

This comment has been minimized.

Show comment
Hide comment
@GameScripting

GameScripting Mar 7, 2014

@zhukov I haven't looked deeply into telegrams API, but it seems like one just has to use the secret messages api and thats it (https://core.telegram.org/methods#working-with-secret-chats)
Why is a SQL like storage required? How does it differ from the normal non-encrypted api exept that you have to encrypt the messages? :)

@zhukov I haven't looked deeply into telegrams API, but it seems like one just has to use the secret messages api and thats it (https://core.telegram.org/methods#working-with-secret-chats)
Why is a SQL like storage required? How does it differ from the normal non-encrypted api exept that you have to encrypt the messages? :)

@zhukov

This comment has been minimized.

Show comment
Hide comment
@zhukov

zhukov Mar 7, 2014

Owner

In secret chats we have to store all the history on client side, because server deletes it after it's downloaded by client.

Owner

zhukov commented Mar 7, 2014

In secret chats we have to store all the history on client side, because server deletes it after it's downloaded by client.

@thomasfr

This comment has been minimized.

Show comment
Hide comment
@thomasfr

thomasfr Mar 8, 2014

@zhukov sorry, i thought it has to be implemented yet in the mtproto itself. But anyway, making an seperate library from mtproto, would be still an improvement imo.

thomasfr commented Mar 8, 2014

@zhukov sorry, i thought it has to be implemented yet in the mtproto itself. But anyway, making an seperate library from mtproto, would be still an improvement imo.

@staltz

This comment has been minimized.

Show comment
Hide comment
@staltz

staltz Mar 23, 2014

Contributor

This should be a priority, because it's a core feature of Telegram. "Taking back our right to privacy". I can imagine that it's a lot work, though.

Contributor

staltz commented Mar 23, 2014

This should be a priority, because it's a core feature of Telegram. "Taking back our right to privacy". I can imagine that it's a lot work, though.

@jumoog

This comment has been minimized.

Show comment
Hide comment
@jumoog

jumoog Mar 26, 2014

store everything in sql seems not good read:
https://developers.google.com/chrome-developer-tools/docs/resource-panel

you can access sql db from developer tools 👎

You cant hide your key since we use javascript

jumoog commented Mar 26, 2014

store everything in sql seems not good read:
https://developers.google.com/chrome-developer-tools/docs/resource-panel

you can access sql db from developer tools 👎

You cant hide your key since we use javascript

@stefan-niedermann

This comment has been minimized.

Show comment
Hide comment
@stefan-niedermann

stefan-niedermann Mar 26, 2014

is it important to hide it? I think it's your machine, your browser, so it is okay, if you view your keys and chat-data.
Thought the problem was to implement the encryption, not storing the messages?

is it important to hide it? I think it's your machine, your browser, so it is okay, if you view your keys and chat-data.
Thought the problem was to implement the encryption, not storing the messages?

@jumoog

This comment has been minimized.

Show comment
Hide comment
@jumoog

jumoog Mar 26, 2014

it is ..because connection is not safe anymore ??

@ pc its not protected

@ android the data folder is special protected and can only read by system, root, or app itself

jumoog commented Mar 26, 2014

it is ..because connection is not safe anymore ??

@ pc its not protected

@ android the data folder is special protected and can only read by system, root, or app itself

@stefan-niedermann

This comment has been minimized.

Show comment
Hide comment
@stefan-niedermann

stefan-niedermann Mar 27, 2014

@ android the data folder is special protected and can only read by system, root, or app itself

many people are root at their own system. this is the way it should be, so i can read my data on my android device, and i should be able to read the data on my notebook. i don't see this is important.

@ android the data folder is special protected and can only read by system, root, or app itself

many people are root at their own system. this is the way it should be, so i can read my data on my android device, and i should be able to read the data on my notebook. i don't see this is important.

@staltz

This comment has been minimized.

Show comment
Hide comment
@staltz

staltz Mar 27, 2014

Contributor

@stefan-niedermann , who said people only access webogram from their own computer and browser? And even so, what about malware? If encrypted conversations are to be implemented, let's at least do it right. There's no point in making fake secret chats.

Contributor

staltz commented Mar 27, 2014

@stefan-niedermann , who said people only access webogram from their own computer and browser? And even so, what about malware? If encrypted conversations are to be implemented, let's at least do it right. There's no point in making fake secret chats.

@jumoog

This comment has been minimized.

Show comment
Hide comment
@jumoog

jumoog Mar 27, 2014

we can use web sql but firefox cant handle it 👎

jumoog commented Mar 27, 2014

we can use web sql but firefox cant handle it 👎

@GameScripting

This comment has been minimized.

Show comment
Hide comment
@GameScripting

GameScripting Mar 27, 2014

How is the identity/session id of the user stored? Isn't those information also security critical?

How is the identity/session id of the user stored? Isn't those information also security critical?

@jumoog

This comment has been minimized.

Show comment
Hide comment
@jumoog

jumoog Mar 27, 2014

you can read the messages sure but thats all

my idea was a native keystorage written in NaCl

jumoog commented Mar 27, 2014

you can read the messages sure but thats all

my idea was a native keystorage written in NaCl

@GameScripting

This comment has been minimized.

Show comment
Hide comment
@GameScripting

GameScripting Mar 27, 2014

I guess we only have two options here:

  1. Don't encrypt anything and store it at localstorage/indexeddb/websql
  2. Have the user enter a password every time she opens webogram and use the password to decrypt the secret stuff

Personally I'd say that we don't need that level of protection here, if one can read the browsers data (escape from the browser sandbox) one could also read the data on the phone (escape the app sandbox)

I guess we only have two options here:

  1. Don't encrypt anything and store it at localstorage/indexeddb/websql
  2. Have the user enter a password every time she opens webogram and use the password to decrypt the secret stuff

Personally I'd say that we don't need that level of protection here, if one can read the browsers data (escape from the browser sandbox) one could also read the data on the phone (escape the app sandbox)

@jumoog

This comment has been minimized.

Show comment
Hide comment
@jumoog

jumoog Mar 27, 2014

firefox dont support websql

jumoog commented Mar 27, 2014

firefox dont support websql

@nukeador

This comment has been minimized.

Show comment
Hide comment
@nukeador

nukeador Mar 27, 2014

Contributor

websql is NOT a standard.

IndexDb is the way to go:

http://caniuse.com/#search=indexdb

Contributor

nukeador commented Mar 27, 2014

websql is NOT a standard.

IndexDb is the way to go:

http://caniuse.com/#search=indexdb

@jumoog

This comment has been minimized.

Show comment
Hide comment
@jumoog

jumoog Mar 27, 2014

same problem safari dont supports it. we can use https://github.com/axemclion/IndexedDBShim
"you can use a single offline storage API across browsers (Opera, Safari, Firefox, Chrome and IE10) and even mobile devices (Phonegap on iOS and Android)."

jumoog commented Mar 27, 2014

same problem safari dont supports it. we can use https://github.com/axemclion/IndexedDBShim
"you can use a single offline storage API across browsers (Opera, Safari, Firefox, Chrome and IE10) and even mobile devices (Phonegap on iOS and Android)."

@Dinduks

This comment has been minimized.

Show comment
Hide comment
@Dinduks

Dinduks Apr 21, 2014

This should be a priority, because it's a core feature of Telegram. "Taking back our right to privacy". I can imagine that it's a lot work, though.

👍

Dinduks commented Apr 21, 2014

This should be a priority, because it's a core feature of Telegram. "Taking back our right to privacy". I can imagine that it's a lot work, though.

👍

@rafaelmr2

This comment has been minimized.

Show comment
Hide comment
@rafaelmr2

rafaelmr2 Jun 27, 2014

@zhukov And now with IndexDB support this functionality is closer?

@zhukov And now with IndexDB support this functionality is closer?

@Yajo

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Jan 26, 2015

I would really like to use secret chats since only end-to-end encryption fulfills the promise of "taking back our right to privacy". Unfortunately, as a Firefox OS user, I can't use any other client that supports this feature, as suggested in #652.

@zhukov What are the performance related issues you mention in #652 and might they be mitigated by using the WebCrypto API?

I would really like to use secret chats since only end-to-end encryption fulfills the promise of "taking back our right to privacy". Unfortunately, as a Firefox OS user, I can't use any other client that supports this feature, as suggested in #652.

@zhukov What are the performance related issues you mention in #652 and might they be mitigated by using the WebCrypto API?

@nukeador

This comment has been minimized.

Show comment
Hide comment
@nukeador

nukeador Jan 26, 2015

Contributor

I don't know if this could also help while WebCrypto is implemented in all browsers:

https://github.com/vibornoff/asmcrypto.js

Contributor

nukeador commented Jan 26, 2015

I don't know if this could also help while WebCrypto is implemented in all browsers:

https://github.com/vibornoff/asmcrypto.js

@zaxebo1

This comment has been minimized.

Show comment
Hide comment
@zaxebo1

zaxebo1 Feb 4, 2015

@zhukov
with reference to https://html5test.com/compare/feature/storage-indexedDB.basic.html

VERY IMPORTANTLY (for SQL storage in browsers):
indexedDB is now supported in Chrome version 26+ (current version is 39) , Firefox version 17+ (current version is 35), Internet explorer 10+ ( current version is 11), Opera version 18+(current version is 26), Safari version 8.0 (current version is 8.0)

also refer: http://www.w3.org/TR/IndexedDB/
Hence, indexedDB is "Official" recommendation by W3c since 8 january 2015 - for SQL storage in webbrowser .

HENCE, if indexedDB (Sql storage) is now supported in all the browsers(chrome,firefox,IE,Opera,Safari), then obviously it can be implemented such that -> "webogram can sniff that if indexedDB supported version of browser version is there, then only it will support secretchat."

zaxebo1 commented Feb 4, 2015

@zhukov
with reference to https://html5test.com/compare/feature/storage-indexedDB.basic.html

VERY IMPORTANTLY (for SQL storage in browsers):
indexedDB is now supported in Chrome version 26+ (current version is 39) , Firefox version 17+ (current version is 35), Internet explorer 10+ ( current version is 11), Opera version 18+(current version is 26), Safari version 8.0 (current version is 8.0)

also refer: http://www.w3.org/TR/IndexedDB/
Hence, indexedDB is "Official" recommendation by W3c since 8 january 2015 - for SQL storage in webbrowser .

HENCE, if indexedDB (Sql storage) is now supported in all the browsers(chrome,firefox,IE,Opera,Safari), then obviously it can be implemented such that -> "webogram can sniff that if indexedDB supported version of browser version is there, then only it will support secretchat."

@zaxebo1

This comment has been minimized.

Show comment
Hide comment
@zaxebo1

zaxebo1 Feb 4, 2015

@zhukov
Even if (say) secret chats can be held only on different client device "without any syncing between secret chat sessions devices", still with that limitation the secretchat will be great feature to have . Just show that limitation of"no syncing" as warning in-red-color above the secret chat window.
Even then with this limitation too, Everybody is just dying to have this feature in webogram.

Also, When native OSX version client can have this feature, then why not webogram?

IMHO, this is the topmost requested feature in around my all known users group. If this secret chat functionality in webogram too comes , then Telegram popularity will beat Whatsapp,Snapchat in "very very short time". This should be prioritized above any other feature request, in my humble opinion. It will be very easy for "us" to push/evangelize/dictate usage of telegram to a large number of users due to webogram secret chat support.
The entire humanity of millions and billions will thank you a lot, just for this "one single feature-request" implementation. Trust me. Please, make it number 1 priority, when indexedDB is here in every browser.

zaxebo1 commented Feb 4, 2015

@zhukov
Even if (say) secret chats can be held only on different client device "without any syncing between secret chat sessions devices", still with that limitation the secretchat will be great feature to have . Just show that limitation of"no syncing" as warning in-red-color above the secret chat window.
Even then with this limitation too, Everybody is just dying to have this feature in webogram.

Also, When native OSX version client can have this feature, then why not webogram?

IMHO, this is the topmost requested feature in around my all known users group. If this secret chat functionality in webogram too comes , then Telegram popularity will beat Whatsapp,Snapchat in "very very short time". This should be prioritized above any other feature request, in my humble opinion. It will be very easy for "us" to push/evangelize/dictate usage of telegram to a large number of users due to webogram secret chat support.
The entire humanity of millions and billions will thank you a lot, just for this "one single feature-request" implementation. Trust me. Please, make it number 1 priority, when indexedDB is here in every browser.

@zhukov

This comment has been minimized.

Show comment
Hide comment
@zhukov

zhukov Feb 4, 2015

Owner

I was really disappointed with IndexedDB support in Safari right now. It's much slower than in any other browser. So I supported caching Telegram files for Safari and then disabled it by useragent sniffing. It's pretty raw for now, IMHO.

As for the overall question I've already expressed my opinion in some other thread:

For now I don't have any plans to implement this feature. I like secret chats as it is right now -- on mobile device, which is private in most cases. Desktop is usually shared, especially its browser, so I don't like implementing Secret Chats in Webogram. Apart from this one, there are a lot of other important problems which we need to solve. Most of them are related to performance.

Owner

zhukov commented Feb 4, 2015

I was really disappointed with IndexedDB support in Safari right now. It's much slower than in any other browser. So I supported caching Telegram files for Safari and then disabled it by useragent sniffing. It's pretty raw for now, IMHO.

As for the overall question I've already expressed my opinion in some other thread:

For now I don't have any plans to implement this feature. I like secret chats as it is right now -- on mobile device, which is private in most cases. Desktop is usually shared, especially its browser, so I don't like implementing Secret Chats in Webogram. Apart from this one, there are a lot of other important problems which we need to solve. Most of them are related to performance.

@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Feb 23, 2015

As a stopgap, would it be possible and easier to implement self destructing messages without the crypto? So that at least I can make sure the messages created on FxOS are removed from Telegram's servers at some point. Or is this something that MTProto does not support (can't find it while glancing over the docs)?

As a stopgap, would it be possible and easier to implement self destructing messages without the crypto? So that at least I can make sure the messages created on FxOS are removed from Telegram's servers at some point. Or is this something that MTProto does not support (can't find it while glancing over the docs)?

@zhukov

This comment has been minimized.

Show comment
Hide comment
@zhukov

zhukov Feb 25, 2015

Owner

@timkuijsten I'm afraid, no. Self-destructing messages is a feature, which is available for Secret Chats only. But you can delete cloud chats manually in Webogram.

Owner

zhukov commented Feb 25, 2015

@timkuijsten I'm afraid, no. Self-destructing messages is a feature, which is available for Secret Chats only. But you can delete cloud chats manually in Webogram.

@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Feb 25, 2015

But you can delete cloud chats manually in Webogram.

@zhukov but in order to get the chats from the servers you have to ask every participating party to do the same which is a bit cumbersome imho.

But you can delete cloud chats manually in Webogram.

@zhukov but in order to get the chats from the servers you have to ask every participating party to do the same which is a bit cumbersome imho.

@wp9015362

This comment has been minimized.

Show comment
Hide comment
@wp9015362

wp9015362 Mar 3, 2015

Hello,

I was about to use Webogram and expected it to support secret chats.

But then I noticed that it currently does not support secret chats.

That is extremely unfortunate.

Please add support for secret chats to Webogram and please make it a number one priority.

This is really needed IMHO (and apparently others seems to agree).

Could you please make it happen?

It would be much appreciated.

Regards

Hello,

I was about to use Webogram and expected it to support secret chats.

But then I noticed that it currently does not support secret chats.

That is extremely unfortunate.

Please add support for secret chats to Webogram and please make it a number one priority.

This is really needed IMHO (and apparently others seems to agree).

Could you please make it happen?

It would be much appreciated.

Regards

@BreadMaker

This comment has been minimized.

Show comment
Hide comment
@BreadMaker

BreadMaker Aug 4, 2015

A little more than one year have passed, any updates on this?

A little more than one year have passed, any updates on this?

@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Aug 4, 2015

Even if this were implemented, the fact that with Telegram keys are session bound and not person bound makes it a real hassle to use in practice. You have to verify the key each time you start a new conversation with someone, instead of just once for a particular user account. This makes that the TG secret chat feature is really cool for the TG marketing department, but not so much for real practical security.

Even if this were implemented, the fact that with Telegram keys are session bound and not person bound makes it a real hassle to use in practice. You have to verify the key each time you start a new conversation with someone, instead of just once for a particular user account. This makes that the TG secret chat feature is really cool for the TG marketing department, but not so much for real practical security.

@hebrew878

This comment has been minimized.

Show comment
Hide comment
@hebrew878

hebrew878 Aug 4, 2015

this will never happen.

On 05/08/2015, Felipe Peñailillo notifications@github.com wrote:

A little more than one year have passed, any updates on this?


Reply to this email directly or view it on GitHub:
#126 (comment)

this will never happen.

On 05/08/2015, Felipe Peñailillo notifications@github.com wrote:

A little more than one year have passed, any updates on this?


Reply to this email directly or view it on GitHub:
#126 (comment)

@zaxebo1

This comment has been minimized.

Show comment
Hide comment
@zaxebo1

zaxebo1 Aug 5, 2015

@timkuijsten : whatever be the logic, but that does not explain that "telegram official client for Mac Desktop" supports encrypted chat, then why does the "officlal Generic Desktop client " does not support it. Why linux and Windows using persons only are the people who have been "officially" kept away from this?

If we go by your justification , then secret chat facility on 'Mac OSX official telegram client' should also not have been implemented !

zaxebo1 commented Aug 5, 2015

@timkuijsten : whatever be the logic, but that does not explain that "telegram official client for Mac Desktop" supports encrypted chat, then why does the "officlal Generic Desktop client " does not support it. Why linux and Windows using persons only are the people who have been "officially" kept away from this?

If we go by your justification , then secret chat facility on 'Mac OSX official telegram client' should also not have been implemented !

@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Aug 5, 2015

If we go by your justification , then secret chat facility on 'Mac OSX official telegram client' should also not have been implemented !

It's just that since I'm really using the secret chat (via the OS X Desktop client indeed), I realized that it's not as good as I thought it was. And this has nothing to do with a particular client, but with the protocol itself. Every time I start a new secret chat with my friends they frown upon me why I'm doing that, even without out of bound key verification. And this is something that needs to be done for every new session which happens once in a while, not once per friend.

I think if they didn't give it a special name and didn't use the word secret and renamed the normal chat to something like "public chat", a lot of the frowning would go away. If then the protocol designers would abstract away the session keys and make users only interact with long lasting person bound keys, we would have some practically usable secure communication.

If we go by your justification , then secret chat facility on 'Mac OSX official telegram client' should also not have been implemented !

It's just that since I'm really using the secret chat (via the OS X Desktop client indeed), I realized that it's not as good as I thought it was. And this has nothing to do with a particular client, but with the protocol itself. Every time I start a new secret chat with my friends they frown upon me why I'm doing that, even without out of bound key verification. And this is something that needs to be done for every new session which happens once in a while, not once per friend.

I think if they didn't give it a special name and didn't use the word secret and renamed the normal chat to something like "public chat", a lot of the frowning would go away. If then the protocol designers would abstract away the session keys and make users only interact with long lasting person bound keys, we would have some practically usable secure communication.

@TJC

This comment has been minimized.

Show comment
Hide comment
@TJC

TJC Aug 6, 2015

I continue to be very disappointed that there's no end-to-end encrypted chat available for most clients. (Sounds like mobile and OSX only support it?)

If I just wanted a regular chat client, I would have stuck to an established system like Jabber, or hell, even facebook messenger or google's hangouts.

TJC commented Aug 6, 2015

I continue to be very disappointed that there's no end-to-end encrypted chat available for most clients. (Sounds like mobile and OSX only support it?)

If I just wanted a regular chat client, I would have stuck to an established system like Jabber, or hell, even facebook messenger or google's hangouts.

@TJC

This comment has been minimized.

Show comment
Hide comment
@TJC

TJC Aug 6, 2015

Tim -- while I can understand your frustration with the new session keys, I think it's probably an important security feature. By creating a new session key each time, it means that your older chats will not be revealed even if someone gets hold of your current session key for a future chat. Maybe your friends can just be a bit less judgemental?

TJC commented Aug 6, 2015

Tim -- while I can understand your frustration with the new session keys, I think it's probably an important security feature. By creating a new session key each time, it means that your older chats will not be revealed even if someone gets hold of your current session key for a future chat. Maybe your friends can just be a bit less judgemental?

@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Aug 6, 2015

I think it's probably an important security feature.

@TJC long lasting user bound keys can have this feature as well if something like forward secrecy is used. Then you still have per session keys and the advantages you describe, except you don't have to bother the users with it every time.

I think it's probably an important security feature.

@TJC long lasting user bound keys can have this feature as well if something like forward secrecy is used. Then you still have per session keys and the advantages you describe, except you don't have to bother the users with it every time.

@timkuijsten

This comment has been minimized.

Show comment
Hide comment
@timkuijsten

timkuijsten Aug 8, 2015

ps. just stumbled upon the following statement from Matthew Green, a respected cryptography researcher:

** Telegram is missing from this list because their protocol doesn't handle long term keys at all. Every single connection must be validated in person using a graphical key fingerprint, which is, quite frankly, terrible.

http://blog.cryptographyengineering.com/2015/04/how-do-we-build-encryption-backdors.html

ps. just stumbled upon the following statement from Matthew Green, a respected cryptography researcher:

** Telegram is missing from this list because their protocol doesn't handle long term keys at all. Every single connection must be validated in person using a graphical key fingerprint, which is, quite frankly, terrible.

http://blog.cryptographyengineering.com/2015/04/how-do-we-build-encryption-backdors.html

@AchoArnold

This comment has been minimized.

Show comment
Hide comment
@AchoArnold

AchoArnold Sep 5, 2015

@hebrew878 Thanks for the very helpful comment 😉

@hebrew878 Thanks for the very helpful comment 😉

@programizer

This comment has been minimized.

Show comment
Hide comment
@programizer

programizer Oct 2, 2015

Would it be possible/a simplification to implement secret without history for now? So one reads only the last message and sql isn't needed?

Would it be possible/a simplification to implement secret without history for now? So one reads only the last message and sql isn't needed?

@FacundoAcevedo

This comment has been minimized.

Show comment
Hide comment

+1 !!

@hkrahi

This comment has been minimized.

Show comment
Hide comment

hkrahi commented Mar 5, 2016

G

@mangas

This comment has been minimized.

Show comment
Hide comment
@mangas

mangas Jun 26, 2016

+1 for a simplified/no history secret chat implementation

mangas commented Jun 26, 2016

+1 for a simplified/no history secret chat implementation

@haevalencia

This comment has been minimized.

Show comment
Hide comment
@haevalencia

haevalencia Aug 10, 2016

As other similar services -especially Wire in my opinion- Secret Chat feature should be available in webogram. The E2E encryption is a key feature in Telegram. Any update?

As other similar services -especially Wire in my opinion- Secret Chat feature should be available in webogram. The E2E encryption is a key feature in Telegram. Any update?

@JaredPotter

This comment has been minimized.

Show comment
Hide comment
@JaredPotter

JaredPotter Aug 11, 2016

A friend of mine convinced me to switch from WhatsApp to Telegram but as soon as I found out that the web/desktop clients do not support secret chats, I went right back to WhatsApp. Plus Telegram does not have voice calling support with no intention to add it.

A friend of mine convinced me to switch from WhatsApp to Telegram but as soon as I found out that the web/desktop clients do not support secret chats, I went right back to WhatsApp. Plus Telegram does not have voice calling support with no intention to add it.

@FacundoAcevedo

This comment has been minimized.

Show comment
Hide comment
@FacundoAcevedo

FacundoAcevedo Sep 17, 2016

I do no think that using WhatsApp is better than using Telegram, even if the say that all is encrypted. Because it's privative and closed source. Btw for calling you can use Ring.

In my opinion Telegram used encryption as marketing to get users, right now they have a lot of users, so it's not a priority. We are getting stickers, and other cool features that make us happy but not secure.

FacundoAcevedo commented Sep 17, 2016

I do no think that using WhatsApp is better than using Telegram, even if the say that all is encrypted. Because it's privative and closed source. Btw for calling you can use Ring.

In my opinion Telegram used encryption as marketing to get users, right now they have a lot of users, so it's not a priority. We are getting stickers, and other cool features that make us happy but not secure.

@purplesrl

This comment has been minimized.

Show comment
Hide comment
@purplesrl

purplesrl Oct 17, 2016

@FacundoAcevedo

the problem is not with Telegram itself, but with the developer of telegram desktop, he is against this feature for some reason, many people have tried to persuade him to implement it, he said it is low priority.

@JaredPotter

you can use telegram-cli for this, or cutegram

@FacundoAcevedo

the problem is not with Telegram itself, but with the developer of telegram desktop, he is against this feature for some reason, many people have tried to persuade him to implement it, he said it is low priority.

@JaredPotter

you can use telegram-cli for this, or cutegram

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Oct 17, 2016

Collaborator

he is against this feature

Wat? Any proof?
Secret chats would be extremely hard to implement, and they're not top priority because IMO telegram tries to satisfy housewives more than geeks like you.

Collaborator

stek29 commented Oct 17, 2016

he is against this feature

Wat? Any proof?
Secret chats would be extremely hard to implement, and they're not top priority because IMO telegram tries to satisfy housewives more than geeks like you.

@purplesrl

This comment has been minimized.

Show comment
Hide comment
@purplesrl

purplesrl Oct 17, 2016

@stek29

you can search for yourself for the issues that were opened and can see his replies, arguing it is not an important feature or a priority

about the housewives, well telegram was intended to be different, i guess they realized there are more housewives than geeks

also, secret chats are already present in telegram-cli, cutegram, so maybe hard but not impossible to implement

a final argument would be that the client is incomplete without that feature, its a core feature of the protocol, it is not like OTR, some fancy plugin for geeks as you say

purplesrl commented Oct 17, 2016

@stek29

you can search for yourself for the issues that were opened and can see his replies, arguing it is not an important feature or a priority

about the housewives, well telegram was intended to be different, i guess they realized there are more housewives than geeks

also, secret chats are already present in telegram-cli, cutegram, so maybe hard but not impossible to implement

a final argument would be that the client is incomplete without that feature, its a core feature of the protocol, it is not like OTR, some fancy plugin for geeks as you say

@purplesrl

This comment has been minimized.

Show comment
Hide comment
@purplesrl

purplesrl Oct 17, 2016

@zhukov

In secret chats we have to store all the history on client side, because server deletes it after it's downloaded by client.

I am sorry but I do not understand this logic. Isn't this the whole purpose of the secret chat? For messages to be deleted after they are viewed by the other side?

@zhukov

In secret chats we have to store all the history on client side, because server deletes it after it's downloaded by client.

I am sorry but I do not understand this logic. Isn't this the whole purpose of the secret chat? For messages to be deleted after they are viewed by the other side?

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Oct 17, 2016

Collaborator

@paulmillr

its a core feature of the protocol

No, it's just an addition to it, a second part. See https://core.telegram.org/api/end-to-end.

some fancy plugin for geeks as you say

I don't think that security is "some fancy plugin for geeks". But it looks like telegram thinks so.

you can search for yourself for the issues that were opened and can see his replies, arguing it is not an important feature or a priority

Which does not mean that Dev is against that feature.

Collaborator

stek29 commented Oct 17, 2016

@paulmillr

its a core feature of the protocol

No, it's just an addition to it, a second part. See https://core.telegram.org/api/end-to-end.

some fancy plugin for geeks as you say

I don't think that security is "some fancy plugin for geeks". But it looks like telegram thinks so.

you can search for yourself for the issues that were opened and can see his replies, arguing it is not an important feature or a priority

Which does not mean that Dev is against that feature.

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Oct 17, 2016

Collaborator

@paulmillr Zhukov says that messages are deleted from server when client gets them.
So there is no way to retrieve message history from server.
App has to store whole history locally.

Here you can see:

All messages acknowledged as delivered by the client, as well as any messages older than 7 days, may (and will) be deleted from the server.

Collaborator

stek29 commented Oct 17, 2016

@paulmillr Zhukov says that messages are deleted from server when client gets them.
So there is no way to retrieve message history from server.
App has to store whole history locally.

Here you can see:

All messages acknowledged as delivered by the client, as well as any messages older than 7 days, may (and will) be deleted from the server.

@purplesrl

This comment has been minimized.

Show comment
Hide comment
@purplesrl

purplesrl Oct 17, 2016

@stek29
the whole point of secret chats is to keep NO HISTORY

purplesrl commented Oct 17, 2016

@stek29
the whole point of secret chats is to keep NO HISTORY

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Oct 17, 2016

Collaborator

@purplesrl The whole point of secret chats is end to end encryption.
Deleting the messages isn't crucial part. I personally NEVER EVER delete messages, especially files.

Collaborator

stek29 commented Oct 17, 2016

@purplesrl The whole point of secret chats is end to end encryption.
Deleting the messages isn't crucial part. I personally NEVER EVER delete messages, especially files.

@purplesrl

This comment has been minimized.

Show comment
Hide comment
@purplesrl

purplesrl Oct 17, 2016

@stek29

it seems you have opinions about everything, you seem to know also exactly what the developers had in mind when they designed Telegram, secret chats, and what decisions they took and why, so no use continuing this.

Cheers :)

@stek29

it seems you have opinions about everything, you seem to know also exactly what the developers had in mind when they designed Telegram, secret chats, and what decisions they took and why, so no use continuing this.

Cheers :)

@elKaZe

This comment has been minimized.

Show comment
Hide comment
@elKaZe

elKaZe Oct 17, 2016

The most interesting thing of Telegram, I though, is that gives cryptography to the masses. But if it's not a priority, nor a goal, I will give a chance to LibreSignal

PD: Libresignal is dead :P, XMPP?

elKaZe commented Oct 17, 2016

The most interesting thing of Telegram, I though, is that gives cryptography to the masses. But if it's not a priority, nor a goal, I will give a chance to LibreSignal

PD: Libresignal is dead :P, XMPP?

@Ryuno-Ki

This comment has been minimized.

Show comment
Hide comment
@Ryuno-Ki

Ryuno-Ki Oct 17, 2016

Contributor

@elKaZe Keep an eye on OMEMO.

Contributor

Ryuno-Ki commented Oct 17, 2016

@elKaZe Keep an eye on OMEMO.

@diazbastian

This comment has been minimized.

Show comment
Hide comment
@diazbastian

diazbastian Oct 18, 2016

@elKaZe and @Ryuno-Ki is relevant to mention other protocols in this thread? Please focus in this problem.

@elKaZe and @Ryuno-Ki is relevant to mention other protocols in this thread? Please focus in this problem.

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Oct 19, 2016

Collaborator

@purplesrl actually you were the first who started claiming that he knows "whole point of secret chats" without any proofs. (So you shared your opinion and called it Telegram's opinion).

@elKaZe @Ryuno-Ki what about Tox?

Collaborator

stek29 commented Oct 19, 2016

@purplesrl actually you were the first who started claiming that he knows "whole point of secret chats" without any proofs. (So you shared your opinion and called it Telegram's opinion).

@elKaZe @Ryuno-Ki what about Tox?

@purplesrl

This comment has been minimized.

Show comment
Hide comment
@purplesrl

purplesrl Oct 19, 2016

@stek29

Probably you misunderstood my comments, is English your first language?

@stek29

Probably you misunderstood my comments, is English your first language?

@stek29

This comment has been minimized.

Show comment
Hide comment
@stek29

stek29 Oct 19, 2016

Collaborator

@purplesrl No 🙃

Collaborator

stek29 commented Oct 19, 2016

@purplesrl No 🙃

@TJC

This comment has been minimized.

Show comment
Hide comment
@TJC

TJC Oct 19, 2016

Perhaps I can offer another way to resolve the argument?

Aim for feature parity with the mobile client

Since the mobile client supports encryption, timed-delete messages, etc, then the desktop client must too.

The desktop apps for Signal and WhatsApp manage it, so if there's some technical hurdle, perhaps you can look at the code for Signal and see how they do it?

TJC commented Oct 19, 2016

Perhaps I can offer another way to resolve the argument?

Aim for feature parity with the mobile client

Since the mobile client supports encryption, timed-delete messages, etc, then the desktop client must too.

The desktop apps for Signal and WhatsApp manage it, so if there's some technical hurdle, perhaps you can look at the code for Signal and see how they do it?

@chrismc92

This comment has been minimized.

Show comment
Hide comment
@chrismc92

chrismc92 Jan 27, 2017

Is there any objection to using localstorage to resolve the history issue? I'd like to take a crack at this. It looks like it was shot down earlier for not being supported by firefox, but it seems like they've added it since.. @zhukov

chrismc92 commented Jan 27, 2017

Is there any objection to using localstorage to resolve the history issue? I'd like to take a crack at this. It looks like it was shot down earlier for not being supported by firefox, but it seems like they've added it since.. @zhukov

@Ryuno-Ki

This comment has been minimized.

Show comment
Hide comment
@Ryuno-Ki

Ryuno-Ki Feb 25, 2017

Contributor

Keep in mind, that localStorage has some size restrictions

Contributor

Ryuno-Ki commented Feb 25, 2017

Keep in mind, that localStorage has some size restrictions

@chrismc92

This comment has been minimized.

Show comment
Hide comment
@chrismc92

chrismc92 Mar 1, 2017

@aurium

This comment has been minimized.

Show comment
Hide comment
@aurium

aurium Jun 8, 2017

It's designed for larger datasets like the kind I think you'd expect to see in webogram. Thoughts?

As the client is where secret chats are stored, i believe you are right. It also may allow to search in chat history without load all chat in memory.

aurium commented Jun 8, 2017

It's designed for larger datasets like the kind I think you'd expect to see in webogram. Thoughts?

As the client is where secret chats are stored, i believe you are right. It also may allow to search in chat history without load all chat in memory.

@cr7pt0

This comment has been minimized.

Show comment
Hide comment
@cr7pt0

cr7pt0 Jan 12, 2018

It would be great to have this feature. So one benefit of using localstorage is for the Chrome and Firefox extension you should be able to have the data sync between multiple browsers. Here are the details for Chrome - https://developer.chrome.com/extensions/storage and for Firefox - https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/sync
I really hope this feature is given a high priority its definitely possible and would be be a great addition.

cr7pt0 commented Jan 12, 2018

It would be great to have this feature. So one benefit of using localstorage is for the Chrome and Firefox extension you should be able to have the data sync between multiple browsers. Here are the details for Chrome - https://developer.chrome.com/extensions/storage and for Firefox - https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/sync
I really hope this feature is given a high priority its definitely possible and would be be a great addition.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment