Questions about the README

[3raxton]

Hey there,

Thanks for taking the time to build and share this. I found your link from my Medium article, and I'd like to share it there. However, I'm curious if you could share more about how the project works on the README to ensure that people coming to your repo understand it.

Does a new bot need to be created for this to work? So far, I understand that it does but I want to ensure that's correct. Would you elaborate on this so people can get a better understanding of the project?

Thanks!

[3raxton]

Following up. Would also like to know how one gets the chat ID for a group?

[vkedwardli]

Hi, sorry for the incomplete tutorial. The current steps are just meant for programmers now.

But yes you are correct, one must first create their own bot, then you can get the bot API Key.

For the chatID, the easiest way I guess would be using the @getidsbot (but usually programmer would rely on the API returned data)

Currently it is still very non layman friendly, since I just spent an hour to develop this without any further consideration.

[vkedwardli]

Updated the README a bit I'm not sure how normal people know how to run a nodejs app, but making a GUI app seems a bit overkilling for this utility.

[3raxton]

All good, I've spoken to a few friends who are devs, and they've helped me understand it a bit more. I agree, a GUI would be overkill; nonetheless, I'd still love to direct those who are more familiar with nodejs and the requirements to this script.

One thing I would like to address before directing people this way is the lack of security through end to end encryption via Telegram group chats. My article is focused on providing solutions that keep chats secure when exporting to and saving them.

That being said, I've taken a deeper look into the security of group chats on Telegram and have found that group chats and messages sent there are unencrypted. I'm curious if there is a way to import messages without using a bot as it would not only be more secure for users, but would also keep their chats secure.

Again, it's just a project put together quickly but I'm curious if you have any thoughts on this. Thanks again for taking the time to put this together and sharing the info with me!

[vkedwardli]

IMHO, E2E Encryption is not a necessary for public groups, the purpose for importing chat history is to provide the easiest method for all members accessing the full transcript, without waiting everyone to join first and then start the importing process.

group chats and messages sent there are unencrypted

Not E2E encrypted, but still server <-> client encrypted. One may argue it is not useful, but E2E is not useful also when law enforcement has access to your devices, for example the devices of 12 detainees of Hong Kong & 55 District Councillors/Legislators/Lawyers were sent to China in order to crack all the messages, so far the Android devices are already compromised.

The only safe way is E2E Encryption + Disappearing message, using E2E encryption solely and blindly rely on this feature is even more dangerous since it provides a false sense of security, but in fact there is no big difference than server-client encryption from what we see in the recent cases from Hong Kong.

Using Telegram is always choosing Feature over Security, user can enjoy cloud based storage, e.g. end users can switch from Android to iPhone with a snap, while it is not possible for WhatsApp nor Signal.

After all it is a trust issue, even if Signal is open source, you cannot verify if you are using the open sourced version unless you compile it yourself, and you can never verify if the server is running the open sourced version. While it is exactly the same as Telegram, you can always run you own client with their server.

As long as Telegram is putting their encryption key in different legal entities, several court orders from different jurisdictions are required to obtain the decrypted data, so the security is really adequate for our public discord like usage, and we can enjoy all the premium features without service downtime like what happened to Signal.

if there is a way to import messages without using a bot as it would not only be more secure for users, but would also keep their chats secure

Ofcoz, you can take a look at the TLImporter, which does not use bot and rely on two users' authentication directly (So the history can be sent from the actual user!)