Implement "secret chats" in Webogram

[thomasfr]

At the moment secret chats are completly missing. It would be great if one could create new secret chats with all options (self destruct timer, etc) and security features known from the official telegram mobile clients

[FacundoAcevedo]

I do no think that using WhatsApp is better than using Telegram, even if the say that all is encrypted. Because it's privative and closed source. Btw for calling you can use Ring.

In my opinion Telegram used encryption as marketing to get users, right now they have a lot of users, so it's not a priority. We are getting stickers, and other cool features that make us happy but not secure.

[purplesrl]

@FacundoAcevedo

the problem is not with Telegram itself, but with the developer of telegram desktop, he is against this feature for some reason, many people have tried to persuade him to implement it, he said it is low priority.

@JaredPotter

you can use telegram-cli for this, or cutegram

[stek29]

he is against this feature

Wat? Any proof? Secret chats would be extremely hard to implement, and they're not top priority because IMO telegram tries to satisfy housewives more than geeks like you.

[purplesrl]

@stek29

you can search for yourself for the issues that were opened and can see his replies, arguing it is not an important feature or a priority

about the housewives, well telegram was intended to be different, i guess they realized there are more housewives than geeks

also, secret chats are already present in telegram-cli, cutegram, so maybe hard but not impossible to implement

a final argument would be that the client is incomplete without that feature, its a core feature of the protocol, it is not like OTR, some fancy plugin for geeks as you say

[purplesrl]

@zhukov

In secret chats we have to store all the history on client side, because server deletes it after it's downloaded by client.

I am sorry but I do not understand this logic. Isn't this the whole purpose of the secret chat? For messages to be deleted after they are viewed by the other side?

[stek29]

@paulmillr

its a core feature of the protocol

No, it's just an addition to it, a second part. See https://core.telegram.org/api/end-to-end.

some fancy plugin for geeks as you say

I don't think that security is "some fancy plugin for geeks". But it looks like telegram thinks so.

you can search for yourself for the issues that were opened and can see his replies, arguing it is not an important feature or a priority

Which does not mean that Dev is against that feature.

[stek29]

@paulmillr Zhukov says that messages are deleted from server when client gets them. So there is no way to retrieve message history from server. App has to store whole history locally.

Here you can see:

All messages acknowledged as delivered by the client, as well as any messages older than 7 days, may (and will) be deleted from the server.

[purplesrl]

@stek29 the whole point of secret chats is to keep NO HISTORY

[stek29]

@purplesrl The whole point of secret chats is end to end encryption. Deleting the messages isn't crucial part. I personally NEVER EVER delete messages, especially files.

[purplesrl]

@stek29

it seems you have opinions about everything, you seem to know also exactly what the developers had in mind when they designed Telegram, secret chats, and what decisions they took and why, so no use continuing this.

Cheers :)

[elKaZe]

The most interesting thing of Telegram, I though, is that gives cryptography to the masses. But if it's not a priority, nor a goal, I will give a chance to LibreSignal

PD: Libresignal is dead :P, XMPP?

[Ryuno-Ki]

@elKaZe Keep an eye on OMEMO.

[diazbastian]

@elKaZe and @Ryuno-Ki is relevant to mention other protocols in this thread? Please focus in this problem.

[stek29]

@purplesrl actually you were the first who started claiming that he knows "whole point of secret chats" without any proofs. (So you shared your opinion and called it Telegram's opinion).

@elKaZe @Ryuno-Ki what about Tox?

[purplesrl]

@stek29

Probably you misunderstood my comments, is English your first language?

[stek29]

@purplesrl No 🙃

[TJC]

Perhaps I can offer another way to resolve the argument?

Aim for feature parity with the mobile client

Since the mobile client supports encryption, timed-delete messages, etc, then the desktop client must too.

The desktop apps for Signal and WhatsApp manage it, so if there's some technical hurdle, perhaps you can look at the code for Signal and see how they do it?

[chrismc]

Is there any objection to using localstorage to resolve the history issue? I'd like to take a crack at this. It looks like it was shot down earlier for not being supported by firefox, but it seems like they've added it since.. @zhukov

[Ryuno-Ki]

Keep in mind, that localStorage has some size restrictions

[chrismc]

Whoops, sorry, I've been out of town. I may have actually been thinking of IndexedDB, which also has a storage cap, but modern browsers will happily remove it with the user's permission. The browser itself would display a correctly localized dialog once the cap is reached. It's designed for larger datasets like the kind I think you'd expect to see in webogram. Thoughts?

On Sat, Feb 25, 2017 at 2:59 PM, André Jaenisch notifications@github.com wrote:

Keep in mind, that localStorage has some size restrictions

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/zhukov/webogram/issues/126#issuecomment-282512007, or mute the thread https://github.com/notifications/unsubscribe-auth/AFudoeJvlaob3vqT3tlOKSCV7n31mEzUks5rgJZBgaJpZM4BnJuJ .

[aurium]

It's designed for larger datasets like the kind I think you'd expect to see in webogram. Thoughts?

As the client is where secret chats are stored, i believe you are right. It also may allow to search in chat history without load all chat in memory.

[cr7pt0]

It would be great to have this feature. So one benefit of using localstorage is for the Chrome and Firefox extension you should be able to have the data sync between multiple browsers. Here are the details for Chrome - https://developer.chrome.com/extensions/storage and for Firefox - https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/sync I really hope this feature is given a high priority its definitely possible and would be be a great addition.