Tangentially on Telegram bots, one of the things I dislike with privacy on Telegram is that the user ID (an internal Telegram generated number, not to be confused with your chosen username) given to bots is static. It's not an ID per bot and there's no way to change the ID without deleting your Telegram account and creating it again later (I'm not sure if it changes then either). Bots can also see and save your name (as entered on the profile) on Telegram. This makes it easier for bots (or bot swarms) to track users on Telegram. (AFAIK, Telegram bots don't get the phone number of the user; it'd be terrible if they did).
Welp, there is a lot of discussion around these claims.
But we are also on Telegram, mostly because I'm using their API for our Home-Assistant instance to deliver status updates (left the bathroom window open for too long, weather-forecast on the morning and evening for the next 3 days). I like it.
I'm using a ready-made sensor for this. It's the same system I'm using for temperature and humidty measurement. It's proprietary , but someone reverse engineered it , so I can send the data via MQTT to home-assistent. I then wrote an automation using Node-RED. It get's triggered when the window opens. After an initial timeout of five minutes, it will compare the inside temperature and humidity with the outside temperature and humidty, and decide if it should wait another five minutes or fire off a notification. If you close the window before, it will stop everything and reset itself.
Kind of odd that I trust Durov more than Zuckerberg, but here we are.
> It has many features other platforms lack, is reasonably privacy-friendly
>> reasonably privacy-friendly
> Telegram still has no E2E encryption by default
Not leaking your personal data, identity or telephone number, and with whom you communicate is often more important.
With significantly worse UX.
> still has no E2E encryption by default
This doesn't make it not reasonably secure in my mind. While the TG people will be able to access your messages, they can also process them, making stuff like large groups even possible (imagine the distribution hell otherwise).
I do tend to think that there's not much of a down side to E2E for private chats though, since you can still share private keys between devices to enable sync.
> So it's worth nothing if no one use it.
Telegram is way more than secret chats.
So your standard for “reasonably secure” communications is Facebook Messenger?
It's not perfect, nothing is. But it makes better compromises than others.
i'd rather have a foundation of properly functioning, award winning cryptography than "features" designed for people who haven't thought through their threat model sufficiently.
castles made of sand melt into the sea eventually
Signal also makes trade offs in order to het crypto to the masses.
Again, crypto is either broken or not. Telegram crypto is not broken. It's fine. Not everyone might like it, but that does not matter. I don't know story about CIA (although I wouldn't be surprised to find out that Signal is honeypot), so can't comment about that.
Security is not a yes/no thing. It is equal to the price to break it. If the cryptography is well-tested for decades, the price is much higher. This is not true for Telegram. It does not matter how good its creators are.
There is another unique identifier that's stored in the local contact list: email addresses.
Use either email address or a phone number as an identifier, and you've no longer built a offensively privacy-violating service but have exactly the same distributed property.
If you only have access to one phone number and not giving it out is critical, then Signal might not be the right choice for you. But you won’t find a more secure channel that collects less metadata anywhere else.
There's no property of the latter that makes them a better choice than the former, but the existing ecosystem makes a disposable or role email address a much easier thing to obtain, and in general leaking an email address a far-less-damaging privacy violation than leaking a phone number, which can so easily be used to harass and directly track you.
In many parts of the world, disposable mobile numbers are very definitely not a practical thing. The correct starting point here is to use either an email or a telephone number as an external ID. It's still not perfect, but at least it's not a complete disaster any more.
Alas they've been 'working on it' for a very long time now, and are likely to fail because of this painfully slow progress.
Perhaps if they'd pissed around less with trivia like cryptographically secure stickers, they might have increased their chances of becoming a useful product before they end up surrendering the space to an inferior product which gains too much market share to overcome before they're even properly off the starting blocks.
I criticise Signal here because I like the design and hate their botched execution, not because I dislike the protocol. On the contrary, I dearly want something that competent to succeed, but fear we're rapidly losing the chance of that happening because they have launched a privacy-disaster product and most of the potential market will have seen that, dismissed it and forgotten about it before they pull their finger out and fix it.
Seriously, that's how I feel whenever someone asks me for my WhatsApp number (no, I don't use WhatsApp, and there's nothing called a WhatsApp number) or asks me about Facebook Messenger. Great UX, fast and new features added at a pace that puts other chat platforms to shame.
[I won't talk about the security aspect in this comment, since it has been rehashed many times here]
Oh? I thought it was Qt. I don't want to seem like I'm complaining for nothing as it's definitely much better than, say, Slack client, but I still feel like the Windows client is a bit "out of place". Like the task bar context menu looks different from all the other menus for other apps in there, with rounded corners etc.
This is a harmfully misleading notion that we shouldn't be spreading.
Without explicitly invoking "secret chats" which are not even available on desktop telegram is no different from skype and fb messenger and is categorically less secure than whatsapp.
There is still no e2e encryption on GNU/Linux desktop, even as an option.
The same can be said of Signal or any other chat application distributed through Google Play. How do you know the binary corresponds to the source? Good luck getting reproducible builds on Android or iOS. If you want to be sure your chat app is secure, you need to review and compile the code every time. And, of course, you need the knowledge and skills of a good cryptographer to determine hidden backdoors in the algorithms.
Whatsapp is reasonably secure, as long as you don't upload your unencrypted chats to Google Drive (the backup functionality). Telegram, with E2E enabled, hasn't been proven insecure enough despite its weird custom crypto scheme. However, WhatsApp brings E2E to group chats where Telegram needs manual configuration in private chats to do so. If we want to bring E2E to the masses, WhatsApp is the best option for now.
I'm hoping Matrix will change this or Telegram will implement proper crypto, but until then, WhatsApp is probably the best option we have.
These layers are used in addition to any encryption done on the transport layer.
In 2020, r/mail/chat/g
Telegram is such a great messenger to integrate with. It is basically just "import telegram" and you're almost done. I built the Telegram integration for Histre in just a weekend: https://histre.com/blog/take-notes-with-telegram/ This lets you take notes on Telegram either directly or via share intent, so that you can save links etc from your phone without installing another app. I think I also watched a movie and went for a hike that weekend, so it's not like it was an intense weekend of furious typing.
I wish other messengers made it as easy. I'd love to integrate with Signal, and probably will do so soon, as a good number of my users are on Signal. But the number of steps listed just makes it easy to put it off for later.
If you haven't integrated Telegram with your app yet, I'd suggest you look into it. You'd be surprised how easy it is.
I think the sane and simple API approach is going to make Telegram eat all other messengers. But I'm a programmer, so maybe I just want that to be true ;)
You can bring your own domain, so broad block-list based blocking like that doesn't work. Plus, you're not locked in to the service. It's your domain - when you want to use something other than Kopi - you just change your MX record.
I would like to take a look on it.
You can use something like this.
I was thinking about building a tool with opposite functionality - Getting chat messages delivered on email.
Reason - To switch to a full-linux based phone, as clients for those platforms aren't available. I rarely use chat message so, intuitiveness is not the concern. But when I do get a message, I would like it to be delivered via an encrypted email service.
Little thought went into this - Parsing messages from web app of the respective chat apps on a SBC.
(The more common use case might be 'contact us' forms, for example, where you want to accept something as an email, but the address isn't user-facing so doesn't need a domain.)
My Outlook app kept getting closed by android and I kept missing emails. So I created a disposable etlgr email to get bank notifications. Created a rule in Outlook.com to send balance notifications anytime money enters or leaves my account.
Also a few times when discussing with clients, sent the email title to the bot.
A few months back, there was one "a page a day" book reading service that came on hacker news. Created an email just for it.
Another to receive manga notifications.
Etlgr recently became a subscription service and that was the end.
MY OTHER USES FOR TELEGRAM
RSS feed reader for sites. Also created a private channel for my friends that posts 100% free udemy courses. It's been completely hands off for over a year now.
Why Telegram Rocks
My telegram account is accessible from 4 different devices - Two phones and two laptops (6 client apps).
Could switch off the phone with the number registered to telegram and I'll still be able to chat. With WhatsApp this is impossible.
I could lose my sim card, both phones and one laptop. But if I still have access to one client, I can login on fresh devices.
This is because once you're registered, telegram sends the OTP to the installed clients instead of SMS.
One awesome stuff they do is that after a successful logon on a new device, the notification is broadcast to all logged in client apps. Deleting the notification in one device will not remove it in others.
Making it harder for account takeovers to happen stealthily.
Also newly logged in clients cannot terminate older sessions.
The ability to edit already sent text in telegram is awesome. Make a mistake? Correct it.
Telegram does not leave a "deleted" stamp when you delete a message unlike WhatsApp.
In telegram you can delete everything in your chats from the other person's device.
WhatsApp allows you to delete your chats from the other person's phone. Telegram tops that by allowing you to delete the other person's words from their own phone!
Without this, quoted chats will have empty placeholders alerting the other party.
FILE SIZE Limit
Up to 1.5GB per file
web: open browser -> find website in bookmarks -> copy email -> do whatever you need to do with it -> switch back to the website to check for emails
bot: open telegram -> find bot in chat history -> tell it to generate a new address -> copy it -> do whatever you need to do with it -> switch back to the app to check for emails
The only case I could think of a bot being useful is for semi-permanent email. ie. using the same email address for weeks/months, rather than one time only.
No reply yet.
There are a lot of reasons for that. like
- no revenue
- made by beginners with no scalability in mind so it simply cant handle the traffic if a bot gets popular
- lose of interest in developing if it doesn't "blow up" soon
- every good idea is instantly copied especially if the code is public there will be clones all over the place.
- no official way to promote your bot. Most large groups will directly ban you if you tell em about the bot you made. Some even have bots to auto-ban if you name another bot. Everything is considered advertising/spam very toxic behavior in a lot groups. As with everything free on the internet there are the 0.1% who create and all other consume and give back nothing.
Source: I'm on Telegram since nearly day one. I run roughly a dozen completely free to use bots since many years. Some of them with thousands of daily users.
How does this bot differ from this existing one?