[Feature Request] Secret Chats in Telegram Desktop

marcovelon commented 2 years ago

This issue is a continuation of https://github.com/telegramdesktop/tdesktop/issues/871 and https://github.com/telegramdesktop/tdesktop/issues/16835 and is dedicated to the code bounty campaign related to lack of implementation of a Secret Chat feature (end-to-end encryption in private messages) in Telegram Desktop.

The objective is to implement the Secret Chats feature into this Telegram client: https://github.com/telegramdesktop/tdesktop

It is possible to do it with 3 different ways (but not limited to):

~~Migrating tdesktop to TDLib~~ / ~~Including TDLib to Telegram Desktop and using its Secret Chat API partly~~ comment from @lukejohnsonrp
Extracting the Secret Chats code from TDLib or telegram-api (https://github.com/vysheng/tg / https://github.com/vysheng/tgl) and reimplementing it into tdesktop
Reimplementing it from scratch based on the official public specification available here https://core.telegram.org/api/end-to-end and https://core.telegram.org/schema/end-to-end
Only protocol handlers need to be implemented, because all the cryptographic functions are already present in the Telegram Desktop (source)

This code bounty doesn't limit the programmer to any specific way of implementation, as soon as the final result will make possible to use Secret Chats on the open source Telegram Desktop (tdesktop) client on Linux and Windows in the exactly same way as it's done in mobile clients.

UPDATE 04/2022 / Funds distribution scheme:

There will be 3 payouts based on completion of the following stages:

[1/3] ~~Estabilishing Secret Chats via DH key exchange (ability to send and accept Secret Chat requests)~~ [COMPLETE] in https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012d
[2/3] ~~Ability to send and receive encrypted messages in estabilished Secret Chats~~ [COMPLETE] in https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012d
[3/3] Re-keying (PFS) and media sharing in Secret Chats

The developer(s) will receive 1 ETH for completing one of the stages from the list above, totalling 3 ETH for all stages. The source code should be available and compilable.

The adjacent functionality such as deleting and configuring Secret Chat options can be done during any phase of the work progress described in the list above, however it must be done before or with 3/3.

I have created a verified signature for my Ethereum address containing the funds for this issue: https://etherscan.io/verifySig/4431 (https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc)

Any voluntary donations are welcome. You can send them to the address above.

My email for communication is marcovelon@protonmail.com

CURRENT PROJECT FUNDING:

The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)

sergiotarxz commented 1 year ago

I am now getting issues with my modifications in lib_tl.

sergiotarxz commented 1 year ago

I fixed the issues with lib_tl, I am now having issues with functions whose signature or container class have changed.

dmxt commented 1 year ago

It's well-known that Telegram has over-complicated encryption that even experts can't understand — they can't understand it.

From Google lookup: https://people.unipmn.it/sguazt/pubs/Anglano-2017-Telegram.pdf https://courses.csail.mit.edu/6.857/2017/project/19.pdf

sergiotarxz commented 1 year ago

@dmxt I do not know about how understandable it is to audit it, but I achieved implementing it into a client with no previous cryptographic background. so implementing it quite easy.

sergiotarxz commented 1 year ago

@marcovelon Would you mind to answer my question about the state of the funds? Thank you.

otuva commented 1 year ago

@sergiotarxz If you don't mind me asking, currently how far are you from completing the third part

marcovelon commented 1 year ago

@sergiotarxz

Currently my Ethereum address contains 1 ETH and 3000 USDC to be distributed according to the previously mentioned scheme.

In my recent post I've made an exception and decided that "Re-keying (PFS) and media sharing in Secret Chats" can be postponed if you only finish the UI for secret chats, therefore you will receive 1 ETH right after releasing a code with a working UI for secret chats.

Note that 3000$ is a separate bonus payment that wasn't planned inititally, therefore it will be paid after having a compilable branch of tdesktop with fully functional secret chats that can replicate a whole functionality of a mobile client. This will be paid after a 3rd part is complete, code optimized and preferentially a PR submitted to the official repo (this is up to you, however I remember you were willing to do that according to your early messages).

@GoldenQueen52

It can be done here https://etherscan.io/verifiedSignatures by clicking "Verify Signature" and selecting the "Verify & publish" option.

GoldenQueen52 commented 1 year ago

That's the point , I have no idea what to write on verify signature. I have tried so many times.

arch-btw commented 1 year ago

@GoldenQueen52

For address put: 0xd19ee4a49b9214c4c22694bb01f225baf35f6efc For message put: marcovelon For signature hash put: 0xd1320d64a40d86876f14512dabfbe0d9407d02fbad370a5a519f6499fb9a9b8c5e2c7d3aca1377e2d15db72a94694e67980ff4371f29ed3b28d785f2164b8a781c

dm17 commented 1 year ago

How's it looking folks? For some reason this thread was impossible for me to find on Google, and also quite difficult in github search. The squashing of this just seemed so deliberate so far, which really makes one wonder about the cryptography implementations. Since I don't have enough time to analyze it; I cannot complain.

I wonder if we achieved a single link from any of the official secret chat tdesktop threads to this thread. Or maybe someone can get it up on HackerNews.

marcovelon commented 8 months ago

@dm17: How's it looking folks? For some reason this thread was impossible for me to find on Google, and also quite difficult in github search. The squashing of this just seemed so deliberate so far, which really makes one wonder about the cryptography implementations. Since I don't have enough time to analyze it; I cannot complain.

I wonder if we achieved a single link from any of the official secret chat tdesktop threads to this thread. Or maybe someone can get it up on HackerNews.

This issue needs a dedicated website to gain more visibility, similar to websites created for vulnerabilities such as https://heartbleed.com https://www.hertzbleed.com https://downfall.page

It seems @sergiotarxz suddenly left the project. Last thing I heard from him was an email where he asked whether the funds are still available, to which I replied with a proof of funding reserves.

I have personally stopped using Telegram already and now use SimpleX Chat.

The Telegram company and its founder do everything to follow commercial interests only, leaving behind freedom of speech and privacy. Pavel Durov himself doesn't understand nor knows what Net Neutrality is, so expect him to comply and bow behind the Chat Control 2.0 regulations in the near future. There is no point (at least for me) to continue wasting time and efforts to improve the platform that is obviously not interested in defending privacy of their users. Moreover, the platform itself is absolutely insecure and relying on Secret Chats is pointless, since your peer could use a proprietary Telegram build with all the law enforcement compliance backdoors implemented in it which will still reveal your chats to the company.

I still will payout the funds remaining on the funding wallet for this project in case someone decides to finish @sergiotarxz's code. I can also coordinate the project in case there is a minimal interest from the community.

dm17 commented 8 months ago

Thanks @marcovelon - great suggestion. I'm recommending secretchats.info for $4. Then maybe throw Wix on it? Who wants to own it?

sergiotarxz commented 8 months ago

Hi, I am sorry for getting back so late, when I said I was going to return to the secret chats development I was taking into account funds from a Telegram user (He offered 4_000€ and finally retracted) who finally retired them so I was not capable to take the project and had to take other projects instead.

I estimate in 2 months the time required to complete the third phase and 8_000€ what is reasonable to ask for such time for a self employed developer in my country, the first two phases were a really good offer when I was starting as self-employed because I could both complete them fast and win my first money, but I cannot say the same about the third phase.

I am sorry for the inconvenience and the lack of communication, it was not my intention to disappear and I even thought in doing the project underpaid for my expectations, I am just busy and when I found the bounty to be less than I thought I focused in another project instead.

sergiotarxz commented 8 months ago

If someone wants to take the challenge to do the third phase for the funds available I will happily help them to fix the merge conflicts so they can start programming using the latest master of TDesktop, I cannot currently take the third phase but I think it is the less I can do.

ScottRFrost commented 8 months ago

https://github.com/UnigramDev/Unigram supports secret chats on Windows. You can also mirror your android device to your Windows PC via https://github.com/Genymobile/scrcpy and do secret chats that way without having to install a Telegram client on Windows.

There are lots of ways to do telegram secret chats, but it's unlikely to ever come to the official desktop client.

dm17 commented 8 months ago

Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening :laughing:

fattywompus commented 7 months ago

Just wanted to add my voice to the petition. I understand the limitation of secret chats being specific to each machine and that is perfectly fine. Having multiple secret chats for a given friend depending on which device they are on, and them needing to do the same for me, is a simple concept and I absolutely prefer that to anything being stored on the server - even if it is encrypted. It's exactly what you would expect from such a thing.

Please stop penalizing users because you fear some vocal minority of brainlets. This is exactly the reason so much of the internet, apps, browsers and OSs and everything else continues to turn to garbage.

SpriteOvO commented 6 months ago

FYI, the official Telegram forked tdesktop, launched a new project tdx.

The description of that repository says it's based on tdlib not MTProtocol, but looks still work in progress.

fcore117 commented 5 months ago

Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed.

marcovelon commented 4 months ago

https://github.com/UnigramDev/Unigram supports secret chats on Windows.

This is great news for Windows users, but I believe most of people who participated in this petition and looking for this feature are Linux users. Also, a project that doesn't aim to provide cross-platform compatibility indicates nothing else but their team members having quite low standards.

I'm recommending secretchats.info for $4. Then maybe throw Wix on it? Who wants to own it?

Good. Also something like telegram.fail or telegramdesktop.fail can be effective in terms of SEO boosting.

Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening 😆

Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed.

There is conspiracy.

Given the level of hate addressed to this initiative and me personally coming from various Telegram developers in their official Telegram development chat, I have no minimum doubt left there is a huge conflict of interest.

The company behind the official Telegram client is acting cowardly and pathetic in regards to this issue, putting actual efforts to dim all this information and what happens here from spreading.

@sergiotarxz

Thank you very much for coming back and updating us! I was contacted by some company that randomly funds open source projects and they told me they're interested in providing additional funding of 5000$ so the total will be estimating at ~11000$ to finish the whole thing. They should make a transfer within next days.

fcore117 commented 4 months ago

No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra. I have destroyed all Microsoft Store garbage from my system. I wait official QT C++ version with Secret Chats.

ScottRFrost commented 4 months ago

No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra

I linked to Unigram on GitHub. You can download it and install it from there. You don't need Microsoft store.

If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more.

dm17 commented 4 months ago

There is conspiracy.

Indeed, this is the kind of behavior that gives credence to the idea that they want it to be difficult to have an E2EE implementation that is too easy to inspect. "FOSS Linux apps give enthusiasts too much freedom and power to investigate a crypto implementation and therefore must be be guarded against." - doesn't sound that far fetched...

sergiotarxz commented 4 months ago

https://github.com/UnigramDev/Unigram supports secret chats on Windows.

This is great news for Windows users, but I believe most of people who participated in this petition and looking for this feature are Linux users. Also, a project that doesn't aim to provide cross-platform compatibility indicates nothing else but their team members having quite low standards.

I'm recommending secretchats.info for $4. Then maybe throw Wix on it? Who wants to own it?

Good. Also something like telegram.fail or telegramdesktop.fail can be effective in terms of SEO boosting.

Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening 😆

Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed.

There is conspiracy.

Given the level of hate addressed to this initiative and me personally coming from various Telegram developers in their official Telegram development chat, I have no minimum doubt left there is a huge conflict of interest.

The company behind the official Telegram client is acting cowardly and pathetic in regards to this issue, putting actual efforts to dim all this information and what happens here from spreading.

@sergiotarxz

Thank you very much for coming back and updating us! I was contacted by some company that randomly funds open source projects and they told me they're interested in providing additional funding of 5000$ so the total will be estimating at ~11000$ to finish the whole thing. They should make a transfer within next days.

That are big news!!

I would be pleased to give it a try with that funding.

I hope it materializes, please keep me updated.

fcore117 commented 4 months ago

No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra

I linked to Unigram on GitHub. You can download it and install it from there. You don't need Microsoft store.

If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more.

For memory safety if no skill to write safe C++ there is Rust that creates binary that speed is comparable to C++. As for download i am really blind or where is classic .exe version? like i said I have ripped out every bit of store core systems from my Windows. No Microsoft bloat ever for me, ever and usually those .NET apps are more sluggish from my experience than fine crafted C++ apps.

sergiotarxz commented 4 months ago

If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more.

That can be said about C, but it is unfair to say this about C++ since it has the features to program in a memory safe way such as shared pointers, with C++ you no longer allocate memory by yourself.

marcovelon commented 3 months ago

I've managed to get additional funding of 10000 USD from some entity who wish to remain anonymous till the task is complete.

The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)

Screenshot_2024-04-03_20-09-53

Check here: https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc

@sergiotarxz if you are fine with it then we would be glad if you can finish this. With or without an official PR - up to you.