[Feature Request] Secret Chats in Telegram Desktop #2
Comments
|
The campaign has been funded with 2.2 ETH which is equivalent to 0.15 BTC (turned out it's impossible to fund campaigns with BTC on Gitcoin). The proof of funds is available in the invoice attached to the campaign available at https://gitcoin.co/issue/marcovelon/tdesktop/2/100026398 UPDATE 04/2022: the campaign has been withdrawn from Gitcoin because their platform is totally broken. The funds distribution will be performed manually by me after completion of steps written in the first post. The current funding is 3 ETH and doesn't limit this only to 1 coder. |
|
I just want to thank you on your efforts to implement secret/encrypted chats into telegram desktop. This feature has been missing since 2015, and has been asked for regularly by the community since. Yet the developers express no interest and close any issue, referring back to a post from 2015. I wish you and the community well and hope this functionality is implemented. |
|
Update: currently working on adding in the logic for the secret chat, GUI is almost finished. Sometime in the next week or 2 I will be uploading my local commits to my account so the code will be available. Mods who see this, let me know if the inactivity issue has been solved, I forget we have to post regular WIP on here. |
|
Thank you so much for working on this @basedcookie. When it's done maybe you can post a crypto address to donate to (BTC, XMR or LTC for example), because I can't for the life of me figure out how gitcoin works. |
|
Since the bounty has been abandoned by basedcookie (no updates for more than 2 months), it is now open for a new applicant. If you are interested to code this feature, you can enroll here: https://gitcoin.co/issue/marcovelon/tdesktop/2/100026398 |
|
I had started working on this project, and will soon be posting the updates. |
|
Sad to see them @basedcookie leave. But good to see there is still interest in this project and hopefully this feature will be implemented. |
|
@OMTDesign Yeah, as now I am working on this project it will very soon be completed, I have expertise in cryptographic algorithms and hence it will be not a very difficult task for me |
|
@dhruvjain1122 which approach are you taking? Migration to TDLib? |
|
@arch-btw can't speak for them, but back when I was working on this I was trying to implement the feature directly into the existing code, personally that proved to be a little challenging and time consuming. If I were to work on it again I would take the approach of migrating to TDLib |
|
Alright, I think many of you will agree with the fact we have reached some point of absurd never seen before in FOSS community and it feels like Telegram purposely instructs their open source relations team to avoid this topic with an utmost effort. I am not sure what exactly is causing a nearly zero interest in this issue, however my suspections are that it's either one of those:
I understand that most regular users recklessly follow their misleading arguments because Durov positions himself as man of knowledge in programming, while he is not, and everything he has done so far was outsourcing programmers, not even mentioning how his brother Nikolai Durov coded everything for Pavel during startups and never continued to help him because of marketing oriented ideology of Pavel (I know this from Nikolay himself from the personal conversation with him some years ago). Just look at this:
See how many times this guy used the wording "no one", supposing that "no one will do it" and even if someone will, he won't merge it. I know that this guy has triggered skepticism from many experienced and knowledgeable people in this topic who instead of trying to prove him wrong, decided to not waste their time and just to leave Telegram. Some people even tried, but Durov often refute such stuff with well-marketed sophistry that results to work on his major part of the audience, since most of them don't have any knowledge in infosec and prefer believing what he says just because they trust him. Another reason behind all this hesitance on this issue could be that they are afraid of letting too much users to have conversations out of their control, ensuring that they can provide users communications logs to the law enforcement when asked, since their normal "cloud" chats permit to do that easily. Actually, the increased amount of censorship in their platform lately indicates that it could be true. Anyway, I am stopping to try finding only 1 coder for this task via non-efficient platforms such as Gitcoin (whose most important features stopped working completely and devs don't have any ETA to fix their stuff) because I think it's better if more people worked on this issue as supposed to be in the open source community. If you know how we can organize this better, please let's discuss it. p.s. @basedcookie thanks for the feedback, and while I understand that this task may have looked challenging to you and this is normal even if your coding level is good - simply because encryption is rarely employed in C/C++ coding tasks, but I still believe it's a relatively easy task for programmers who have specific experience with coding encryption algorithms on C/C++. I also think that the lack of interest for this issue by people with experience in this field is caused by Telegram's shady policies on E2EE encryption, described by me earlier. |
|
@marcovelon - good eye! |
|
There are still many variables that can make phones less secure, for example users themselves, the OS being used, proprietary hardware with same hidden surprises similar to ME/PSP and so on. For example, one laptop with soldered RAM running coreboot and Debian is already more secure than most mobile devices running stock Android or iOS vulnerable to Pegasus, while one mobile phone running security-hardened AOSP with F-Droid apps only can be more secure than most desktops running Windows 10, but in any case this is already a completely another subject. The main point is, Telegram's team have invented all this really weird argumentation as an excuse for not implementing Secure Chats on tdesktop, and that makes this whole story comical. And note how they don't even mention mobile device vs desktop platforms security, they just say that 'X is less personal than Y', which is already very vague and pointless, whatever it means. |
They'll never grant you that anything can be as secure as mobile - because as I described it cannot. This is because they have a different definition of security than you or I. Their definition is: how securely can eavesdropping be executed? Smartphone security systems are far more ideal for that. |
|
They are not in a position to "grant" that to anyone while their project still has some open source community support. They would have to go fully proprietary for enforcing such views you described. Currently, they already are facing reputational losses due to more and more incoming gag orders they have to attend, thus neglecting the open source community will make them uncompetitive. Honestly, I am quite happy with truly secure platforms like Matrix, xmpp with OMEMO or Briar. The only reason why I personally have to deal with Telegram is some significant amount of contacts that find it hard or impractical (for them) to use anything more secure, and I have to be glad that they at least don't force me to use Whatsapp or other proprietary chatting clients, so I can make encrypted chat with them using a phone. Well, I admit that reading some channels is nice too, but it's manageable to live without them by substituting them with a personal collection of quality RSS feeds. Anyway, let's give it a last chance trying finding coders for this issue, otherwise it seems that secure chats on tdesktop are never going to happen. |
|
@marcovelon I've looked at the effort to add TDLIB to tdesktop. A huge amount of the tdesktop codebase is making QWidgets look good. As a Qt developer, I've stopped burning time on that long ago. Instead of shoehorning TDLIB into tdesktop, I think a fresh application should be written around the TDLIB library. I looked at Cutegram and in many ways its just way too much Qml to run smoothly and error free. Qml should be used to describe the UX and everything else (business logic and lower) should be raw performant C++. Both avenues of using mtproto or generating a qml api from the schema (cutegram) seem less likely for long term success than just using TDLIB ( a choice that might not have been available at the start of these other projects). Anyhow if there is enough interest I'd be willing to start a new project for a modern telegram desktop client.
I think a solid 4-6 months to reach 1.0 (working full time). Maybe a crowdfunding campaign? Or we could start it and just let people show up naturally and contribute over the next couple months/years. Anyone wanting to chat more about funding or collaborating on a project can find me on Device Chain discord. |
If you wrote it from scratch, then why make it telegram-specific anyway rather than a Pidgin-like app that supports Telegram? Anyway, I refuse to believe the easiest way to get secret chats working on tdesktop for linux is rewriting it from scratch. |
|
I think scope is the big reason for not supporting every different messaging protocol, design something that does telegram really well first.... Maybe you're right and it is easier. But I just spent nearly 2 hours tracing through the tdesktop codebase and I'm dizzy. The code itself is fine but there is a lot of QWidget specific issues all throughout and I don't feel that's a good use of a developers time as QWidgets are always going to requires tons of work to build modern UX. Also because from my understanding the project must simultaneously change its underlying logic to use TDLIB (not just for secret chat but to migrate the other Telegram features as well) you end up with a LOT of changes. Sometimes when changing that much code on a project this big and old, it is simply a nightmare to test regressions alone. A new clean slate prevents many of those problems and replaces them with the requirement to do some things over. Id rather participate in a fresh effort with a reduced codebase size... That is just my two cents, I could be wrong. |
|
Strange to think you can redo Telegram and do better than its creators, considering it is a world-class UX (yes I realize you're not redesigning the UX but even replicating a UX entirely is difficult, no?). Furthermore, Telegram X redid it from scratch with a much larger support/funding and still hasn't accomplished all of the features of the original - and hasn't gotten as many users. Doesn't that put the rewrite into perspective? |
|
The design and look of the application isn't being debated... but I've rewritten entire QWidget projects in qml in a fraction of the time and with better results. Google around the many projects that have done this over the last 5 years. It's like I would have to explain the logic and advantages of higher level languages. If the attitude is such that a new effort is discouraged and mentioning of it will make people triggered and cranky, that's fine. Im looking for fun projects to work on not to change people's attitudes about software. Best of luck! |
|
Not cranky at all; just wondering how you would see my questions... Figured hard questions would be useful gates for starting such a large undertaking... Especially the last one about this merely being a client<->client feature we are missing (and clients are FOSS). Not only are you free to do as you please, but myself and others in this thread would like to see you attempt it. |
|
It's a big undertaking. I can't imagine it happening with a single individual alone. I would be interested in joining an effort or team. But I think many have moved on from telegram. Even the developer of cutegram seems to have moved on for "Oxygen". And I'm personally more interested in the technology of the matrix protocol myself. The single reason I would consider doing a Telegram client is because as far as I can tell there is not a Qt6 TDLib client yet. I see someone asked about linking issues on the Qt forums late last year but it could have been someone from this thread attempting to link it into tdesktop. In theory I could help build the first modern Qt6 Telegram desktop client using the "modern" Telegram TD library with all its bells and whistles. But I'd have to really be into Telegram to do that. |
|
@Tpimp thank you for manifesting interest in this. Your proposal on starting a new Telegram client sounds interesting, but since this issue here is centered only around one specific feature, as also noted by @dm17, it seems like the current funding and organization here won't be sufficient for a scale of your proposal. Meanwhile, I am considering delisting Migrating tdesktop to TDLib from possible solutions present in this issue, because:
To make it pragmatic, we just need to implement a few client-side cryptographic methods fully specified by the official documentation. This requires minimum UI coding and most of its work is implementing the core functionality. What can be done with TDLib in the current situation is trying to include it in telegramdesktop/tdesktop and adding Secret Chats with calls to its API, essentially for DH key exchange and encrypting/decrypting text and media. |
|
I have dedicated a few hours to dig into particular libraries that provide support for E2EE chats in Telegram to determine complexity of this implementation and concluded that its difficulty referred by the official devs is being exaggerated. This report will provide a better perspective of what needs to be done here. vysheng/tglReviewing https://github.com/majn/telegram-purple code in order to discover how secret chats are implemented with Creating secret chatsRequesting secret chatsAccepting secret chatsSending secret chat messagesReceiving secret chat messagesThe whole implementation is quite minimalistic and straightforward. Reading its code gives full understanding of how secret chats work. For both encryption and decryption the Currently it may crash on incoming encrypted messages, but it's not because it can't decrypt them. It looks like something related to mtproto protocol upgrades, but reviewing it wasn't within a scope of my objectives. majn/telegram-purple#567 tdlib / C++Reviewing tdlib-purple code in order to discover how secret chats are implemented with
Creating secret chatsRequesting secret chatsAccepting secret chatsState updates during key exchangeSending secret chat messagesNotice how Receiving secret chat messages
Telegram Desktop / C++A quick review of the cryptographic functions already existing in Telegram Desktop demonstrates the presence of all the functions required for secret chats implementation. Since cloud chats use exactly same cryptographic methods used for secret chats, the necessary cryptographic implementation is already present in Telegram Desktop and can be found in the following source code files:
For example, these AES IGE functions wrap the original deprecated openssl
They are absolute equivalents for wrappers All the functionality related to DH key exchange is also present in Telegram Desktop, because mtproto use it for transport layer security and cloud chats. Hence, what should be done to implement secret chats in Telegram Desktop is adding protocol-specific headers, routines and event binds related to secret chats, using cryptographic functions already present in Telegram Desktop. Speaking of UI implementation:
And of course there is absolutely no need to migrate Telegram Desktop to TDLib in order to implement secret chats. Unfortunately not myself a C++ coder, otherwise it would have been done, because it's really just a week of work for an average C++ coder. |
|
Thank you for confirming my and others point of view regarding this. I believe your research will help to facilitate the implementation. |
@spidy0x0 I did it, yesterday, I hope he is doing well. |
|
I have halted working on tdesktop until @marcovelon tell us something, just to do not risk myself to continue working potentially for nothing. Sorry to you all. |
|
Still no answer from @marcovelon |
|
@sergiotarxz this bounty is supposed to be paid after the code is published, thus I will only be able to perform payouts after proper code publishing. I am not checking this thread often as I got rid of Telegram nor more interested in it since I am a proud SimpleX Chat user by now (as well as all my peers), but the bounty is still there and will be paid to you once the code is published. |
|
@marcovelon I will publish this night, I just wanted to confirm there is someone to pay me when I do. |
For sure |
|
I have submited the code to github, but I am testing the deployment to see if it is in a functional state with all the recursive submodules. (This comes with only main UI functionality of sending and receiving secret messages, it lacks message persistence and advanced UI for secret chats including sending media, markdown and other things) |
|
Update: Some issue happened with the lib_tl submodule, it should be fixed now, I am waiting for it to end compiling and I will share instructions with you to compile by yourself when I am sure everything is ok with the publishing. |
|
I have found some warnings in the compilation, I will fix them after the compilation ends, I check everything is ok and I send you instructions to compile. |
|
Everything was not ok, I am fixing it, sorry. |
|
I think it is fixed, to compile you will need to do the following: Make a clean recursive clone of my repo:
Change directory into that repository:
cat <<'EOF' > compile.sh
docker run --rm -it \
-v "$PWD:/usr/src/tdesktop" \
tdesktop:centos_env \
/usr/src/tdesktop/Telegram/build/docker/centos_env/build.sh \
-D TDESKTOP_API_ID=[Replace with your key id get it in https://my.telegram.org/] \
-D TDESKTOP_API_HASH=[Replace with your key hash get it in https://my.telegram.org/]
EOFRun it with:
The possibility exist that your computer is not capable to compile telegram desktop with the default settings and it causes your computer to crash, in this case you can do a few things:
The resulting build will be stored in one of these directories |
|
Shoot any doubts, bugs or defects into me, thank you. |
|
@marcovelon and everybody interested. Have you already tried it? |
|
|
Sorry, I forgot a step. |
@marcovelon I'm not sure what your threat model is, but SimpleX chat uses the same likely compromised encryption used by Signal and Facebook Messenger. Signal was heavily funded by the US government during its inception and has ties to the US intelligence community. I'd consider anything you write there (as well as Signal or Facebook Messenger, of course) to be compromised by any state actors. |
while preparing the linux environment
|
|
It happened to me too, it appears the freedesktop git is having issues, I achieved to do it just waiting and retrying. (Sorry for not having a better solution) Do not worry for retrying since your current progress is saved by docker. |
|
I can always send you my build docker image that is correctly created already. |
yeah, that would be great |
|
Run this to import my docker image:
And to run compile.sh. |
damn its 28GB ? |
|
I am trying to make a slim version without history. |
|
@spidy0x0 Nope, that's the real weight, history did not play a role in that. :( |
|
Still waiting @marcovelon answer before developing further. |
|
Marco told me he was going to review the development during the last week, but finally he probably could not. |
|
I was able to compile and verify latest Sergio's work. I find the meta that would fit into a description of "functional UI implementation for secret chats" only half done without them being stored persistently. Having to initiate a new secret chat every app relaunch isn't very convenient. I don't think there is much to code to implement a configuration that would store metadata information for each chat, given that (a) tdesktop already has internal APIs for persistence configuration that can be perfectly used and (b) that we are on desktop platform meaning there is no need to focus too much on additional security (i.e. encrypted config strings with some persistent account-related key/hash/whatever might be more than enough, in case TG doesn't do it already for its internal config storage). Considering that, I expect Sergio to be able to make it briefly. Given that we are at 13000$ of total funding for UI previously mentioned by me (without considering the bonus of ~1 ETH for the minor finishing like PFS), I think it's fair to send 8000$ to Sergio now and other 5000$ once we got some basic persistence of chats without losing them every relaunch. Please type your objections below, in case any. |
|
Congrats @sergiotarxz 🎉 And also easily installable builds/releases (.deb) etc |
|
I do not know about possible internal already implemented ways to persist chats, I think there are not such means. I was planning simply to implement a sqlite database with the needed data, there are things that make it more difficult such as the need to correctly restore the order in the list of conversations which I think is going to be hell on earth. I have to inform you that there are still pending features such as implementing auto deletion, sending media, re keying and correctly reading and writing markdown which I think you may have forgotten, so next phase is not only implementing persistence. I can give priority to that so you can start playing with the development with something you can really use for the daily life, but there is more things to do. Also I will have to merge latest developments from tdesktop before starting to work which is always painful, unrewarding and time consuming, last time almost made me to quit. But it is very important to do that because not doing so means my development has more probability to become obsolete if telegram makes breaking changes with old versions. My recommendation for resolution order is:
|
|
Sent 8000 USDC in https://etherscan.io/tx/0xaa4313996e7e94e0978b92a02bb589a4d0b42f8411f55b6c459023f257b3b392 to the address Sergio sent me via email.
Sounds good! I think you could make a MR after all that in any case. There is a whole team of active contributors in upstream (both paid and non-paid) actively working on making sure Telegram Premium features work in the FOSS program, so I am pretty sure some of them could help to polish this code here later. After all, according to their main spokesmen in the past issue IDs referenced here, this feature was long-awaited by all of them and the only obstacle that prevented them from implementing it was Secret Chat cryptographic functionality and autonegotiation itself, which is now implemented and they have not to worry about it anymore. |
and others
This issue is a continuation of telegramdesktop#871 and telegramdesktop#16835 and is dedicated to the code bounty campaign related to lack of implementation of a Secret Chat feature (end-to-end encryption in private messages) in Telegram Desktop.
The objective is to implement the Secret Chats feature into this Telegram client: https://github.com/telegramdesktop/tdesktop
It is possible to do it with 3 different ways (but not limited to):
Migrating tdesktop to TDLib/Including TDLib to Telegram Desktop and using its Secret Chat API partlycomment from @lukejohnsonrpThis code bounty doesn't limit the programmer to any specific way of implementation, as soon as the final result will make possible to use Secret Chats on the open source Telegram Desktop (tdesktop) client on Linux and Windows in the exactly same way as it's done in mobile clients.
UPDATE 04/2022 / Funds distribution scheme:
There will be 3 payouts based on completion of the following stages:
Estabilishing Secret Chats via DH key exchange (ability to send and accept Secret Chat requests)[COMPLETE] in sergiotarxz@41fcaa8Ability to send and receive encrypted messages in estabilished Secret Chats[COMPLETE] in sergiotarxz@41fcaa8The developer(s) will receive 1 ETH for completing one of the stages from the list above, totalling 3 ETH for all stages. The source code should be available and compilable.
The adjacent functionality such as deleting and configuring Secret Chat options can be done during any phase of the work progress described in the list above, however it must be done before or with 3/3.
I have created a verified signature for my Ethereum address containing the funds for this issue: https://etherscan.io/verifySig/4431 (https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc)
Any voluntary donations are welcome. You can send them to the address above.
My email for communication is [email protected]
CURRENT PROJECT FUNDING:
The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)
The text was updated successfully, but these errors were encountered: