Open marcovelon opened 2 years ago
I am now getting issues with my modifications in lib_tl.
I fixed the issues with lib_tl, I am now having issues with functions whose signature or container class have changed.
It's well-known that Telegram has over-complicated encryption that even experts can't understand β they can't understand it.
From Google lookup: https://people.unipmn.it/sguazt/pubs/Anglano-2017-Telegram.pdf https://courses.csail.mit.edu/6.857/2017/project/19.pdf
@dmxt I do not know about how understandable it is to audit it, but I achieved implementing it into a client with no previous cryptographic background. so implementing it quite easy.
@marcovelon Would you mind to answer my question about the state of the funds? Thank you.
@sergiotarxz If you don't mind me asking, currently how far are you from completing the third part
@sergiotarxz
Currently my Ethereum address contains 1 ETH and 3000 USDC to be distributed according to the previously mentioned scheme.
In my recent post I've made an exception and decided that "Re-keying (PFS) and media sharing in Secret Chats" can be postponed if you only finish the UI for secret chats, therefore you will receive 1 ETH right after releasing a code with a working UI for secret chats.
Note that 3000$ is a separate bonus payment that wasn't planned inititally, therefore it will be paid after having a compilable branch of tdesktop
with fully functional secret chats that can replicate a whole functionality of a mobile client. This will be paid after a 3rd part is complete, code optimized and preferentially a PR submitted to the official repo (this is up to you, however I remember you were willing to do that according to your early messages).
@GoldenQueen52
It can be done here https://etherscan.io/verifiedSignatures by clicking "Verify Signature" and selecting the "Verify & publish" option.
That's the point , I have no idea what to write on verify signature. I have tried so many times.
@GoldenQueen52
For address put: 0xd19ee4a49b9214c4c22694bb01f225baf35f6efc
For message put: marcovelon
For signature hash put: 0xd1320d64a40d86876f14512dabfbe0d9407d02fbad370a5a519f6499fb9a9b8c5e2c7d3aca1377e2d15db72a94694e67980ff4371f29ed3b28d785f2164b8a781c
How's it looking folks? For some reason this thread was impossible for me to find on Google, and also quite difficult in github search. The squashing of this just seemed so deliberate so far, which really makes one wonder about the cryptography implementations. Since I don't have enough time to analyze it; I cannot complain.
I wonder if we achieved a single link from any of the official secret chat tdesktop threads to this thread. Or maybe someone can get it up on HackerNews.
@dm17: How's it looking folks? For some reason this thread was impossible for me to find on Google, and also quite difficult in github search. The squashing of this just seemed so deliberate so far, which really makes one wonder about the cryptography implementations. Since I don't have enough time to analyze it; I cannot complain.
I wonder if we achieved a single link from any of the official secret chat tdesktop threads to this thread. Or maybe someone can get it up on HackerNews.
This issue needs a dedicated website to gain more visibility, similar to websites created for vulnerabilities such as https://heartbleed.com https://www.hertzbleed.com https://downfall.page
It seems @sergiotarxz suddenly left the project. Last thing I heard from him was an email where he asked whether the funds are still available, to which I replied with a proof of funding reserves.
I have personally stopped using Telegram already and now use SimpleX Chat.
The Telegram company and its founder do everything to follow commercial interests only, leaving behind freedom of speech and privacy. Pavel Durov himself doesn't understand nor knows what Net Neutrality is, so expect him to comply and bow behind the Chat Control 2.0 regulations in the near future. There is no point (at least for me) to continue wasting time and efforts to improve the platform that is obviously not interested in defending privacy of their users. Moreover, the platform itself is absolutely insecure and relying on Secret Chats is pointless, since your peer could use a proprietary Telegram build with all the law enforcement compliance backdoors implemented in it which will still reveal your chats to the company.
I still will payout the funds remaining on the funding wallet for this project in case someone decides to finish @sergiotarxz's code. I can also coordinate the project in case there is a minimal interest from the community.
Thanks @marcovelon - great suggestion. I'm recommending secretchats.info for $4. Then maybe throw Wix on it? Who wants to own it?
Hi, I am sorry for getting back so late, when I said I was going to return to the secret chats development I was taking into account funds from a Telegram user (He offered 4_000β¬ and finally retracted) who finally retired them so I was not capable to take the project and had to take other projects instead.
I estimate in 2 months the time required to complete the third phase and 8_000β¬ what is reasonable to ask for such time for a self employed developer in my country, the first two phases were a really good offer when I was starting as self-employed because I could both complete them fast and win my first money, but I cannot say the same about the third phase.
I am sorry for the inconvenience and the lack of communication, it was not my intention to disappear and I even thought in doing the project underpaid for my expectations, I am just busy and when I found the bounty to be less than I thought I focused in another project instead.
If someone wants to take the challenge to do the third phase for the funds available I will happily help them to fix the merge conflicts so they can start programming using the latest master of TDesktop, I cannot currently take the third phase but I think it is the less I can do.
https://github.com/UnigramDev/Unigram supports secret chats on Windows. You can also mirror your android device to your Windows PC via https://github.com/Genymobile/scrcpy and do secret chats that way without having to install a Telegram client on Windows.
There are lots of ways to do telegram secret chats, but it's unlikely to ever come to the official desktop client.
Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening :laughing:
Just wanted to add my voice to the petition. I understand the limitation of secret chats being specific to each machine and that is perfectly fine. Having multiple secret chats for a given friend depending on which device they are on, and them needing to do the same for me, is a simple concept and I absolutely prefer that to anything being stored on the server - even if it is encrypted. It's exactly what you would expect from such a thing.
Please stop penalizing users because you fear some vocal minority of brainlets. This is exactly the reason so much of the internet, apps, browsers and OSs and everything else continues to turn to garbage.
FYI, the official Telegram forked tdesktop
, launched a new project tdx
.
The description of that repository says it's based on tdlib
not MTProtocol
, but looks still work in progress.
Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed.
https://github.com/UnigramDev/Unigram supports secret chats on Windows.
This is great news for Windows users, but I believe most of people who participated in this petition and looking for this feature are Linux users. Also, a project that doesn't aim to provide cross-platform compatibility indicates nothing else but their team members having quite low standards.
I'm recommending secretchats.info for $4. Then maybe throw Wix on it? Who wants to own it?
Good. Also something like telegram.fail or telegramdesktop.fail can be effective in terms of SEO boosting.
Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening π
Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed.
There is conspiracy.
Given the level of hate addressed to this initiative and me personally coming from various Telegram developers in their official Telegram development chat, I have no minimum doubt left there is a huge conflict of interest.
The company behind the official Telegram client is acting cowardly and pathetic in regards to this issue, putting actual efforts to dim all this information and what happens here from spreading.
@sergiotarxz
Thank you very much for coming back and updating us! I was contacted by some company that randomly funds open source projects and they told me they're interested in providing additional funding of 5000$ so the total will be estimating at ~11000$ to finish the whole thing. They should make a transfer within next days.
No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra. I have destroyed all Microsoft Store garbage from my system. I wait official QT C++ version with Secret Chats.
No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra
I linked to Unigram on GitHub. You can download it and install it from there. You don't need Microsoft store.
If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more.
There is conspiracy.
Indeed, this is the kind of behavior that gives credence to the idea that they want it to be difficult to have an E2EE implementation that is too easy to inspect. "FOSS Linux apps give enthusiasts too much freedom and power to investigate a crypto implementation and therefore must be be guarded against." - doesn't sound that far fetched...
https://github.com/UnigramDev/Unigram supports secret chats on Windows.
This is great news for Windows users, but I believe most of people who participated in this petition and looking for this feature are Linux users. Also, a project that doesn't aim to provide cross-platform compatibility indicates nothing else but their team members having quite low standards.
I'm recommending secretchats.info for $4. Then maybe throw Wix on it? Who wants to own it?
Good. Also something like telegram.fail or telegramdesktop.fail can be effective in terms of SEO boosting.
Enough doesn't make sense about this whole thing that I'm ready to theorize that some kind of conspiracy prevents it from happening π
Strange is that TDX branch is stalling on development, wonder why when people wait secret chats especially when wars are increasing and robustness is needed.
There is conspiracy.
Given the level of hate addressed to this initiative and me personally coming from various Telegram developers in their official Telegram development chat, I have no minimum doubt left there is a huge conflict of interest.
The company behind the official Telegram client is acting cowardly and pathetic in regards to this issue, putting actual efforts to dim all this information and what happens here from spreading.
@sergiotarxz
Thank you very much for coming back and updating us! I was contacted by some company that randomly funds open source projects and they told me they're interested in providing additional funding of 5000$ so the total will be estimating at ~11000$ to finish the whole thing. They should make a transfer within next days.
That are big news!!
I would be pleased to give it a try with that funding.
I hope it materializes, please keep me updated.
No unigram for me sadly, would love to see C++ version of Unigram and storeless version as extra
I linked to Unigram on GitHub. You can download it and install it from there. You don't need Microsoft store.
If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more.
For memory safety if no skill to write safe C++ there is Rust that creates binary that speed is comparable to C++. As for download i am really blind or where is classic .exe version? like i said I have ripped out every bit of store core systems from my Windows. No Microsoft bloat ever for me, ever and usually those .NET apps are more sluggish from my experience than fine crafted C++ apps.
If you have something against C# or .NET, you probably just need to do more research. C++ isn't really appropriate for developing end-user GUI apps (no memory safety, no garbage collection, etc), and is more for systems programming or games for the last decade or more.
That can be said about C, but it is unfair to say this about C++ since it has the features to program in a memory safe way such as shared pointers, with C++ you no longer allocate memory by yourself.
I've managed to get additional funding of 10000 USD from some entity who wish to remain anonymous till the task is complete.
The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)
Check here: https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc
@sergiotarxz if you are fine with it then we would be glad if you can finish this. With or without an official PR - up to you.
@marcovelon I am working on it again, wish me luck.
I had to create a new virtual sim with the last reward since I lost access to one you provided to me.
After all night I achieved to merge upstream changes into my own code, but I am still fixing segmentation faults.
Probably the code could benefit from a refactor to adapt to the way tdesktop is currently doing things. I will give priority to it to work and in the end I will try to leave the code as beautiful as I can.
@sergiotarxz
How would this specific fork would work in the future. Would it require constant cherry picking or something after upstream commits? I have no experience with large codebases at all. If you can ELI5 this, I'd really appreciate it :)
@otuva It will require pulling the upstream changes, fix the merge conflicts and adapt the code every time we want to update.
I can tell you it is a very hard work, this is what I am trying right now.
I can say that I achieved to restore the functionality of my original branch with current telegram branches and I can get to attempt implementing the UI, I have not commited nothing yet.
@marcovelon I am open to suggestions about what I should attempt first.
Any updates @sergiotarxz ? Many are curious, I'm sure :)
Hi @dm17 I was not able to be full time dedicated to this until now but I did some progress in UI. I think pretty soon I will start to advance faster since I was able to finish a work for a client and I can be full time dedicated from now on.
Hello everyone I have been following this issue and saw the recommendation for creating a website for it it took me some time to find the issues and the information on this matter I have made tdesktop.fail help spread the word to bring this into attention thank you
This issue is a continuation of https://github.com/telegramdesktop/tdesktop/issues/871 and https://github.com/telegramdesktop/tdesktop/issues/16835 and is dedicated to the code bounty campaign related to lack of implementation of a Secret Chat feature (end-to-end encryption in private messages) in Telegram Desktop.
The objective is to implement the Secret Chats feature into this Telegram client: https://github.com/telegramdesktop/tdesktop
It is possible to do it with 3 different ways (but not limited to):
Migrating tdesktop to TDLib/Including TDLib to Telegram Desktop and using its Secret Chat API partlycomment from @lukejohnsonrpThis code bounty doesn't limit the programmer to any specific way of implementation, as soon as the final result will make possible to use Secret Chats on the open source Telegram Desktop (tdesktop) client on Linux and Windows in the exactly same way as it's done in mobile clients.
UPDATE 04/2022 / Funds distribution scheme:
There will be 3 payouts based on completion of the following stages:
Estabilishing Secret Chats via DH key exchange (ability to send and accept Secret Chat requests)[COMPLETE] in https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012dAbility to send and receive encrypted messages in estabilished Secret Chats[COMPLETE] in https://github.com/sergiotarxz/tdesktop/commit/41fcaa85159941b306eda754fd69c026aafc012dThe developer(s) will receive 1 ETH for completing one of the stages from the list above, totalling 3 ETH for all stages. The source code should be available and compilable.
The adjacent functionality such as deleting and configuring Secret Chat options can be done during any phase of the work progress described in the list above, however it must be done before or with 3/3.
I have created a verified signature for my Ethereum address containing the funds for this issue: https://etherscan.io/verifySig/4431 (https://etherscan.io/address/0xd19ee4a49b9214c4c22694bb01f225baf35f6efc)
Any voluntary donations are welcome. You can send them to the address above.
My email for communication is marcovelon@protonmail.com
CURRENT PROJECT FUNDING:
The overall funding now is 13000 USDC and 1.18 ETH (~3929 USD)