Hacker News new | comments | ask | show | jobs | submit login

That is correct, Telegram does upload names and numbers — naturally, after receiving permission to do so. (see also: http://telegram.org/privacy)

Apart from identifying Telegram users among the user's friends, this also enables us to use proper names in notifications on the iPhone, as well as facilitates moving between devices.

But you have highlighted an important issue. Our android developer relied on the system prompts when it comes to uploading contacts, which is definitely not enough for the issue at hand. We will add another prompt in the coming version. (As well as update the GitHub code to the current generation soon, it's been becoming a little stale.)




naturally, after receiving permission to do so.

This is not quite true. I never gave anyone (especially not the users of WhatsApp or Telegram) permission to upload my personal information to any cloud services. You can not actually imply that permission from all contacts merely by asking the user.

this also enables us to use proper names in notifications on the iPhone

I do not know enough about the iOS internals, but my naive assumption would be that after receiving a push notification, you can run code locally (like get the contact name from a local database), not merely get the notification displayed by the OS.

We will add another prompt in the coming version.

This is an improvement, but unfortunately does not tackle the first issue I mentioned, with implying consent from the actual contacts.


> This is not quite true. I never gave anyone (especially not the users of WhatsApp or Telegram) permission to upload my personal information to any cloud services. You can not actually imply that permission from all contacts merely by asking the user.

Thank you, that was exactly my first thought.

In general, since we all are represented in other peoples' contact lists, it's worth considering what those other people are going to do with our data.

And it's not just the people you correspond with directly. I have a lot of people in my Thunderbird and email provider lists who I have no idea who they are, because someone in a chain of someones sent out a broadcast email with their address and my address.

Which means that if I were the sort of person to "upload my contacts!" I would have exposed people two or more hops away from me to whatever "service" I'd just submitted to.

Uploading your contacts may become the net equivalent of farting in public; it's rude.


They're actually correct about the notification use case - the server has to generate the message text that is displayed, and no application code can be run unless the user taps the notification and launches your app.


"I never gave anyone (especially not the users of WhatsApp or Telegram) permission to upload my personal information to any cloud services."

On Android you do by granting rights to access your contacts and give full network permissions. So you never know what a program will do with your contacts and a network connection.


But in the real world,your contacts never told you "feel free to upload my name and all my phone numbers wherever you want, so we can be linked by some cloud service to improve their click-through rates". An app that uploads your contacts is violating the privacy of your friends, even if it asks you about it.


> That is correct, Telegram does upload names and numbers

Ugh, this is such douchebag behavior for something that purports to be a "secure" app. Stop it immediately, please.


Just read the rights dialog instead of clicking "ok" and deny that right. Problem solved!


How can I deny one right from the rights dialog in Android?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: