Tdesktop: Secret chat

You're not the only one who would like to see this feature. As at the time I was posting this reply, there were 15 open issues asking for this.

Unfortunately though the developer does not intend to implement this in the near future.

Cutegram has this feature ) So you can use it )
BTW, it also has Telegram theme ;)

Come to dark side =)

Cutegram crashes a lot XD i tried to use it to avoid images preview but crashed every few minutes.

@Aokromes, thanx for information. We will do our best to reduce crashing.

It seems like the best shot at this would be to fork tdesktop and implement secret-chats there. The main developer doesn't seem to care for Telegram's ability to "Encrypt" and "Destroy" messages (taken from their main website, under the "What can you do with Telegram?" header).
Sadly, I'm not a good enough programmer to do this (I can only hope this inspires someone).

The excuse given in other issues (which were closed) makes no sense; first, if one uses Telegram in both a mobile phone and a tablet (just an example) there will _already_ be different secret chats in different devices and second, if one thinks people might get confused by seeing different secret chats in different devices, one would solve that problem by educating people on the reasons for such a behaviour, not by removing such a vital feature from _some_ clients.

Until then, I guess I'll stick with cutegram, which, despite its flaws, seems to better reflect the whole concept of Telegram than Telegram's own official client.

I hope closing all these other issues means that this feature is being implemented.

Telegram's most emphasized feature is security, it even could be said that it's main guideline of it's philosophy. So what is exactly TD's deal then — is it to create an inherently insecure implementation of Telegram?

Adding +1. My first and unqualified enhancement preference for Telegram Desktop (Ubuntu) is Secret Chats. Whether or not these are (1) device specific secret chats, (2) potentially group secret chats, or (3) potentially confusing, is of secondary importance. Thanks for all hard work!

+1 ... Please start a bounty program if there are not enough funds to develop this. I like Telegram and I would like it even more if there were Secret Chats in the desktop clients. Regards

There is no justification for leaving out one of the most important features of Telegram of an official Telegram client. +1

:+1:

to be honest this is one of the featuers thst brought me to telegram thanks for the hard work guys!

We need to keep the Telegram apps all on the same page in regards to features. There's no excuse really for having a fragmented feature set here.

Well, I think this is vital feature that spouses to be in all platforms especially on Telegram desktop

Without e2e encryption you guys are just an instant messenger, there's a ton of those already in existence. I installed the client for the sole reason that your advertising led me to believe there was e2e encryption, and there isn't. I won't use your service until that changes.

@leshow Well, for me personally neither one of "tons of those" is good enough compared to Telegram (that was the reason I've started this desktop client app in the first place).

Uniting cloud sync for messages and attachment across all mobile, tablet and desktop devices, very fast and reliable mobile apps, file sharing up to 1.5GB (for a single file), group conversations for up to 200 members, message history search (from the cloud — for all ever sent messages right after sign in on any device). All those features together are not in any other (known to me, maybe) "just instant messenger". Your right not to use it, of course.

@telegramdesktop your main page suggests you can have "private conversations". Correct me if I'm wrong, but with the backend not open sourced, and e2e encryption not implemented, there is no way to verify that "private conversations" really are private? And while I can see you have a bounty for security flaws. Not being able to see the source means we're just sort of taking your word for it that things really are secure.

How complicated would a port from the (Java based) Android app be?

It's faster to port the feature from https://github.com/Aseman-Land/Cutegram

@Aokromes, +100!

Hang on, so the justification for not having the secret chats in the desktop client is that they were designed for mobile connections and processing hardware? Doesn't this mean that they would work _even better_ in a desktop client? And regarding the syncing functionality, that _already happens now_ with the mobile clients - so unless there's something I'm egregiously overlooking, the desktop client is currently simply strictly inferior ?

@telegramdesktop While it's true that Telegram is probably better than any other IM app out there, encrypted and self-destructing messages are one of the key "selling" points, at least according to the official website. So however you justify it, omitting secret chats means going against that philosophy. +1 for me as well.

@Brawl345, sorry, but...

@DaFri-Nochiterov No, I want to get e-mails on this issue, not on things like "+1"... Your picture is total bullshit

@Brawl345 Unless the developer has a better way to see support for a feature +1's and "me too" replies are the best way to get visibility on this issue.

We should really make this chat secret...
Am 06.11.2015 22:37 schrieb "Fernando Barillas" [email protected]:

@Brawl345 https://github.com/Brawl345 Unless the developer has a better
way to see support for a feature +1's and "me too" replies are the best way
to get visibility on this issue.

—
Reply to this email directly or view it on GitHub
https://github.com/telegramdesktop/tdesktop/issues/871#issuecomment-154549094
.

Telegram, you had one job: bring secret chats to people.
Desktop client, dont give us some random excuses. Are you going to let us have secret chats on desktop or not? If not, we are going to leave telegram. Because I can use other IM without taking the pain to convert the others to use it.

This is the only feature i miss right now and the only issue i've had with telegram so far. A status update and higher priority on this one would be nice. :+1:

Is the only BIG feature that isn't yet :+1:

+1 Telegram's most advertised feature is it being secret. Many people use it on desktop. So tell me, why the hell does the desktop version not have the secret chat option? It should really be implemented ASAP

@rorycornell, secret chats not works on any OS

Note that for a lot of us there's a major difference in usability between the desktop and the mobile versions: on the desktop I can type my usual 100+ WPM on a proper keyboard; on my Android phone and tablets I'm significantly slower using the on-screen keyboard. Thus, being able to do secure chats on the desktop client would be a big win for me.

Regarding confusion about a secret chat being on only a single device, that's common to other chat applications as well. For example, Line, which has a significantly more naive user base, manages to deal with the same restriction for its end-to-end encryption feature, which they call "Letter Sealing".

With the latest update, to the smartphone apps regarding secret chats, what's the status on the desktop app? Will it follow soon?

@AngeloG Not soon, sorry.

Oh my god, just quit spamming on this issue >_<
inb4 someone suggest "just unsubscribe" - no

My two cents: (+1)

My reasons for needing secret chats in the desktop version are not related to that is the most promoted feature of the service or just because it's cool.

Telegram service is very good and I use it a lot at work, is so good that my colleagues and my company decided to use internally. The cloud-based chats are sufficient in most cases. The secret chats are widely used to transfer confidential information or talk to strategic customers.

It would be very convenient and practical not depend on the smartphone / tablet for these cases. Directly use the PC of the company and keep the secret chats that place would greatly improve the user experience.

Secret Chats are a great improvement in security and not all companies have one smarphone for work. Whether for low battery, not having the smartphone available or not to use it for other reasons, to start secret chats TDesktop is very necessary. Telegram despite being a mobile service use on the desktop is a unique and highly desirable feature.

Cheers

Note: It seems that developers webogram also try to implement this feature, but there are problems that are still unresolved.

@diazbastian +1

This is not just an enhancement; it is a modification that is entirely necessary to be able to fully use the Telegram service. The chatting service without encrypted chat is simply insufficient, and I consider this an incomplete client without the feature, despite the overall stability and polish that is clearly in the design of it.

@benbenolson I could not agree more...

@benbenolson yep

@telegramdesktop I understand you are not planning to add secret chats to Telegram Desktop. But will you accept a PR? I will gladly try to resolve this issue.

@ksmirenko @telegramdesktop +1 I would be more than happy to help myself...

Dear Developers,

your app is used not only by glam girls with iphones. You deprive us of the opportunity to make contacts safe. Delete messages one by one each time? Are you kidding?

ADD SECRET CHATS FOR DESKTOP.

Things won't change. We have to move on. Lets go to some free and _completely_ open source product.

@matthiasbeyer, @smarinov, guys you can help in Cutegram's development

@smarinov Android emulator with Telegram App! YES! WE DON'T SEARCH EASY WAYS! :smiling_imp:

@Sollex-21412 Nope. Telegram itself (server components) remain unfree, so why should I care about telegram? They had their chance. They fucked it up. Time to move on!

@Sollex-21412, sorry, but Cutegram at current state is shit.

• No channels support
• No keyboard of bots
• No supergroups support
• No predictions for usernames, bot commands
• No info about links (replaced with screen of page, which (as I think) done using your PC (not Telegram servers))
• Ugly design
• Biggest size
• A lot of bugs

Are anybody wants to use this? Me not.

@DaFri-Nochiterov, Yep, Unfortunately this is true.

It disturbs me that an admin is available to delete comments about competing clients, but there has been no response to the questions from @ksmirenko or @JacobCZ about accepting a PR.

Combined with the team's vitriolic responses to negative responses from security professionals, I'm starting to have serious doubts about the Telegram team's genuineness.

Could it be that we've all been tricked into adopting a platform that was never intended to be as secure as we thought?

@rhyven agreed

Also noticed the comments disappear.

@rhyven That sounds a little paranoic to me :wink: But I agree that telegram is starting to be less and less legit in my eyes...

@JacobCZ - it did to me too, at first... but then, I started wondering about that in mid-2015. I've been watching Telegram's responses to negative feedback and it's _seriously_ aggressive, and rarely addresses the actual concerns.

And having someone around to delete negative comments, without responding to legitimate offers for help... It doesn't smell right.

@rhyven I apologize for the deleted comments, I hope this won't happen again. Here they were:

But I hope you'll stay close to the topic, discussing other apps can be done in any other place, here is simply not very right place for that.

Regarding the issue: I can only repeat the answer about secret chats that was given in #363. I have too many tasks with much higher priority right now. Currently only mobile apps are about secret chats while desktop apps are about cloud synced chats, groups, supergroups, channels and bots.

Regarding the question about pull request: I'm afraid I won't able to merge a pull request with secret chats support, because to be done well this feature requires such a huge amount of code added that I simply can't imagine checking it (and adding it by someone in the first place), so it could be only like a forked alternative client app.

@telegramdesktop How are bots higher priority than a core feature (secret chats) of telegram? This is ridiculous...

@telegramdesktop:

I have been watching this thread silently but I figure this is where I must add my two cents.

It is acceptable if you do not have enough time to write the code for secret chats. However, nothing stops you from accepting a pull request from someone who has worked hard to implement this. It just doesn't add up! Here is someone implementing a feature for you practically for free and you're rejecting it?

Now I do not know the specific pull request it is that implemented secret chats so my argument may be misplaced. However, I do believe that by actually taking this stance, you are indeed offering the opportunity for a non-official fork to supersede and supplant the role of the official app. This is indeed unacceptable.

I would have written my fork to circumvent all this feet dragging if the application was written in C# or VB.NET. As it stands though, I have to wait until @telegramdesktop finishes doing all the other things before working on secret chats on Telegram Desktop.

@telegramdesktop - thanks for your response.

This thread is good evidence that the priorities are just _wrong_.

And I understand that desktop secret chat is HARD. But honestly it looks like you don't want this to happen.

@telegramdesktop Sorry, it was a response to a related topic. We were not talking about how to develop or add features.

For me @ksmirenko just wants to help. What's wrong with that?. Perhaps he can adapt to the style of work of Telegram team. Secret chat is a highly demanded feature for the desktop app.
Telegram for OS X supports secret chats, send videos, etc. We would like to have something similar in the official app.

With the above I wonder. ¿Github only works to report errors? I'm not a software developer, but if a developer offers his help, it would be good to see how he can help improve the development of this service that we all use.

Cheers

Telegram is a mobile messaging app in the first place. Secret chats are hold only on one client device and can't be synced between them and they stay more secure remaining on the mobile. In my opinion different secret chats on different platforms will confuse users.

I respect your way of thinking and your concern about the security of the app, except the problem with only using the desktop app is you don't get to know that someone is talking to you or requesting a secret chat. I got one of my friends mad at me for not replying for days. Only to know that he was using secret chat with me and I had no idea, because I rarely open telegram on my phone.

IMO secret chat is a really needed feature now and it should be moved above all others on the priority list.

@Dark-Mind Well, he would be the same mad at you, because he would have a secret chat with your phone (like right now) and desktop won't know anything about the messages that are sent to this secret chat — no matter does it support secret chats or not.

Currently you _at_least_ know, that secret chat means your mobile app (almost always only one device), while you can be logged in on desktop at your home PC + at your laptop + at your workplace, and all they will have different secret chats, not related to one another in any way, and your contact won't be able to imagine where did he send you his secret message and when will you read it among all of possible desktop devices.

Your phone is the most "private" device and the probability that you'll see the messages there is the highest.

@telegramdesktop Couldn't you at least add some kind of notification mirroring function that would notify you (in the desktop client), that you have a new private chat incoming on your phone?

@JacobCZ I think the telegram developers are generally aware of the limitations of their current Secret Chat system, at least the mechanism of how they're initiated; and also of how much of a hassle it'd be to reimplement it. I think we just have to hope they work out a good way to do multiple-device Secret Chats. In the mean time I expect they probably don't want to bring the implementation to the official desktop client precisely because it will cause unpredictable behaviour necessitating the user to "understand" why it's "weird".

@aphirst I understand that implementing the whole secret chat thingy into the desktop app will take a LONG time and possibly require a rewrite of majority of the code, but I doubt it would be that hardcore to add a simple notification...

@JacobCZ I had wondered myself at one point whether it could be a temporary fix to implement in both clients some mechanism to "(temporarily) ignore" a Secret Chat initiation event, so that another of your devices can pick it up.

@telegramdesktop

Your phone is the most "private" device and the probability that you'll see the messages there is the highest.

In the first instance you are right, but in practice it is not. I know many people who have more than one mobile phone and use the same account in both, including the dynamics of secret chats.
How important is where it starts or continues a secret chat when the self-destruct message is activated?

The secret chats do not work only in smartphones, but is connected to a platform and operating system. Thus a user can use secret chat in: smartphone + tablet + pc/pc-like (android/remix os, ARC chrome, iPad pro, etc).

A user who actively use secret chats has the same dependence on the smartphone using WhatsApp web.

Your phone is the most "private" device and the probability that you'll see the messages there is the highest.

I understand this may be the case for a lot of people but it does not apply to my phones. Secret chats are almost useless in them because i have no problem borrowing a phone for someone else to test my software, place a few calls or to manage a vault in fallout shelter.

Meanwhile it would be great to have secret chats at my notebook where telegram desktop is installed and where i have some security measures to ensure i'm the only one using it.

@ribeirobreno I agree. Mobile phone security (be it even Blackberry etc) just cannot beat a business-grade laptop with hardware-level drive encryption secured by fingerprint sensor (a bit overkill, but you get the idea)

Mobile phone security (be it even Blackberry etc) just cannot beat a business-grade laptop with hardware-level drive encryption secured by fingerprint sensor (a bit overkill, but you get the idea)

To be fair, the iPhone 6 encrypts all your data, and there's a fingerprint sensor on it to protect this data.

@AngeloG Do you honestly believe that your data is safe on iPhone?

@AngeloG @JacobCZ Please stay on topic (Telegram secret chats). Recently the devs deleted off topic posts.

@diazbastian Sure. I am just pointing out the fact, that mobile phone is in no way more private or secure than a desktop...

This bickering is pointless; please delete all of these off-topic comments, and stop making them. The purpose of this thread is to discuss Telegram secret chats, and whether or not they should be implemented.

Clearly I think that they should, but after the comments by the developers, they seem like something that would be better suited to a fork of the official client, which would be perfectly acceptable for me. I would do it, but I'm certainly not very experienced in cryptography, and fear that I would botch the security of the application. Is there anyone here that feels that they could contribute?

@benbenolson I would like to help, however I'm a beginner both in C++ and in cryptography. Also, @JacobCZ earlier wrote he was willing to contribute. We could create, say, a Telegram group chat in order to discuss the fork plans and not to flood this thread.

@ksmirenko @benbenolson Let's talk about it... https://telegram.me/secretchatdev

@benbenolson Could you add me on Tg so I can invite you to the group? Username's @jac0bas

It's insane to don't plan to implement secret chat in a Telegram client. What's the purpose of the Telegram then?

@ferittuncer You can join our new, unofficial dev team. We are going to implement it ourselves in a fork of this client. Just add me on telegram @jac0bas and I'll tell you more...

I think it's crazy to refuse implementing this feature, and even to prevent telegram desktop to accept an incoming secret chat, especially after the sponsor at MWC sold this feature as the main feature of this platform.
If this (lack of secret chats on desktop and web) the real intention of the sponsor, well then that's plain hypocrisy.
If not, well then the developers have just not worked out the proper use cases (as the many requests here show).
The argument that nowadays "usually only one mobile device" is madness.
I don't use any telegram supporting device as my main mobile (sadly), yet i own and use (at some points during the day/week) at least 3 other devices running it.
Preventing me to accept or sending secret chats while, for example, i'm at work and have only the desktop or web, with the excuse that "only one device should receive that chat" is ridiculous.
At best, if privacy is concerned, telegram should have server side support to let the user choose whether to broadcast secret chat requests, or to multicast it (excluding specific devices), or to unicast it (having a single allowed device seeing incoming secret chats).
All of the clients, though, should allow sending secret chats requests.

I add my vote for this, crazy that the official desktop client does not support one of the main feature of Telegram… :(

Use the new reactions of GitHub on the first entry of this issue instead of creating unnecessary +1 comments.

I use OSX (desktop) telegram and it has secret chat, but Windows does not have the encryption function, which I was über surprised about. Hope this gets attention. Telegram for Windows 10 should have encryption.

@nestor-santana
you are talking about Telegram for OS X (native) ... this thread is about to add the function to Telegram Desktop. Both are independent software.

See:
Telegram Desktop: https://desktop.telegram.org/

Cheers

This is a distraction from the point, but Telegram Desktop includes OSX,
Windows, and Linux 32/64. There isn't a Telegram Desktop that is separate
from Telegram Desktop for OSX. Perhaps I'm missing something, but the link
(with ssl!) https://desktop.telegram.org tells us the same thing.

On Wed, Mar 16, 2016 at 6:15 PM, Bastián Díaz [email protected]
wrote:

@nestor-santana https://github.com/nestor-santana
you are talking about Telegram for OS X (native) ... this thread is about
to add the function to Telegram Desktop. Both are independent software.

See:
Telegram Desktop: https://desktop.telegram.org/

Cheers

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
https://github.com/telegramdesktop/tdesktop/issues/871#issuecomment-197404473

_NESTOR J. SANTANA_, APPLIED TECHNOLOGIES DIRECTOR

_GSM_ (USA) +1 415 205 4031 _GSM_ (ESTONIA) +372 519 19 185 _T_ (HK) +852
8192 5897
MIDWEST ALPHA LTD.// 中西營銷諮詢有限公司

Lockhart Road, Causeway Bay, Hong Kong

中威商業大廈銅鑼灣駱克道447-449號香港

所在地: 59.4371997N 24.7452441E

WWW.MIDWEST-AGENCY.COM

WWW.SIX-MAGAZINE.COM

@nestor-santana

Telegram Desktop (Linux, Windows and OS X) : https://desktop.telegram.org/
Telegram for OSX (Only OS X) : https://itunes.apple.com/es/app/telegram/id747648890?mt=12

Most unexpected that these versions for Desktop and Appstore for the same
platform (OSX) are distinct. I suppose the Desktop version is for server
and those who shun the App Store. Ridiculous that the encryption feature is
pulled, either way.

On Wed, Mar 16, 2016 at 8:50 PM, Bastián Díaz [email protected]
wrote:

@nestor-santana https://github.com/nestor-santana

Telegram Desktop (Linux, Windows and OS X) : https://desktop.telegram.org/
Telegram for OSX (Only OS X) :
https://itunes.apple.com/es/app/telegram/id747648890?mt=12

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
https://github.com/telegramdesktop/tdesktop/issues/871#issuecomment-197484262

_NESTOR J. SANTANA_, APPLIED TECHNOLOGIES DIRECTOR

_GSM_ (USA) +1 415 205 4031 _GSM_ (ESTONIA) +372 519 19 185 _T_ (HK) +852
8192 5897
MIDWEST ALPHA LTD.// 中西營銷諮詢有限公司

Lockhart Road, Causeway Bay, Hong Kong

中威商業大廈銅鑼灣駱克道447-449號香港

所在地: 59.4371997N 24.7452441E

WWW.MIDWEST-AGENCY.COM

WWW.SIX-MAGAZINE.COM

Telegram's primary unique selling point is that it has secret chat (in my opinion anyway), but doesn't provide it to the most popular desktop platform is a major fail. Wondering if they're under pressure from government not to add it. Seems insane to spend time on making things pretty, and adding stickers, bots etc. I don't use Windows myself, but wanted to chat to someone who was on Windows, took me a while to realise why my chat messages were not being read - suggest they could at least detect if a user uses Windows and let people who are creating secret chats to those users know that the destination user may not be able to see the message/s. The conversation is so secret I'm basically talking to myself :p

84% of business users use Windows desktop.

Just noticed this really disappointing absence of the secret chats in Windows client. As a software developer, I can't imagine how it could happen at all. This app has some protocol. All clients use and should use this same protocol. So why not implement secret chats on windows as you already have it on other platforms?

Would be nice to get any official response from the devs why this really requested and must-have feature is not in the top priorities.

It's been almost two whole years since this repo was first commited to and this still isn't implemented, which is ridiculous, as is labelling this an "enhancement" instead of a "bug".
Secret chats aren't simply "additional functionality". They are part of the core of the protocol and functionality and not having secret chats actually prevents people from using Telegram correctly. It's a BUG not a fancy new feature. It's also the 2nd most commented issue this project has.

Are you even thinking about implementing secret chats? @auchri @john-preston

@pwseo I've expressed myself here a several times. Secret chats are not a priority task for this desktop app (and for the web version https://web.telegram.org as well). They use a completely separate part of the Telegram API and you can have completely functional apps (like Telegram Desktop or Telegram Web) without them. They require offline message storage which is not yet supported in neither of this two clients (Telegram Desktop loads the messages from the cloud each time it is launched — like the web client does). There is a possibility that they will be implemented some day in Telegram Desktop, together with the encrypted offline message storage, but this project has no defined ETA.

Sure, the application loads and functions properly, you just can't use two core features heavily publicized by Telegram (arguably the most publicized features).
And while I know your opinion on this matter, I'm unable to comprehend how can this not be a priority. I can see the web-version not having this due to encryption and offline storage issues with the browser, but it seems baffling that this would even be a problem on a native desktop app.

Thanks for your comment, @john-preston !

Though I still can't understand why it's not the top priority =\

This feature is one of the reasons why people start using Telegram at all, and this was a reason for me.
I saw the private chats promotion on the website and I'm like "YAY finally I'll be able to throw out all that old jabbers with OTR etc. and move all sensitive conversations to this promising new messenger!".

I open win client and figured out secret chats are not available!... You know, this is ike open Chrome and figure out tabs are not available on Windows and I'll have to work in 1 tab ony =D

I like telegram, really great messenger, but absence of the encryption on the Windows is really disappointing, killing its uniqueness =(

If it's an API issue, then API should be fixed immediately. There is no excuse for it. "This is a security application, go ahead and use it and make others use it as well, but well we can't implement a critical security feature because of this that and that, sorry."

I'm stunned it's not possible.
I don't need sync, just give me the chance to write - and ATTACH! something from desktop. That is why I use Telegram.

Encrypted chats on desktop and mobile client with sync, even if you have to manually export a private key or something, would move Telegram from a good IM app to THE IM app in my opinion!

@telegramdesktop re:

Uniting cloud sync for messages and attachment across all mobile, tablet and desktop devices, very fast and reliable mobile apps, file sharing up to 1.5GB (for a single file), group conversations for up to 200 members, message history search (from the cloud — for all ever sent messages right after sign in on any device). All those features together are not in any other (known to me, maybe) "just instant messenger".

There are other chat clients have those features, Slack can send 1GB files, handle all that stuff like cloud syncing everything, bots, history search, multiple teams / large groups (far more than 200 users..), great mobile apps, gifs/stickers/emoji and all the pretty stuff that Telegram thinks people want. Even HipChat, Line, Messenger and a bunch of other free common chat programs, other than the file size limit, have everything Telegram has. On the encryption/privacy front, Wickr is taking the lead, Ring.cx is starting to take off.

I thought the USP would be being somewhere between Slack/HipChat/Line and Wickr/Ring, so having good chat functionality, but also having secure conversations. Now I'm not sure where Telegram sits.

Telegram should at least remove 'business' from this -

as 84% of business users use Windows desktop.

@stripyshirtguy

Have everything Telegram has

Even 5000 members in group?)

@stek29 Just asked them, Slack has unlimited users per team, and unlimited users per channel.

Guys, you suppose that missing encryption is a 'mistake' made with good will, but I doubt it.

There is high probability that the whole Telegram project is targeted to gather communication data from "security-aware" people.

Look:

• Program is very high-quality and convenient to use.
• Encryption protocol uses custom unique algorithms - suspicious, but maybe it's made for performance.
• Group chats are not encrypted by design! There is no technical problem to make them encrypted, at least for small number of people - you can imagine it as pairwise secure chats. So there is no real tecnhical reason.
• Telegram server knows all you contacts - the Android client uploads them to server. For agency guys or commercial guys, such metadata is more valuable than even messages content, because it's your friends, your social graph.
• Desktop client may be _deliberately_ made not supporting encryption - soon or later you'll loose your attention and start to chat with the same people in desktop client, for convenience, so the server can sneak into your conversations (even if protocol encryption is strong).

So there is non-zero probability that the Telegram project is an attempt of some second-tier agencies to steal a piece of surveillance from first-tier (US) agencies.

All of this could've been avoided if you had implemented secret chats in the first place (or at least had plans to do so in the near future).

To other people - don't get me wrong, I'm not against Telegram, I like it and use it (F-droid build for better tinfoil protection) and recommend it to other people as a replacement of WhatsApp etc.
Telegram is a big step forward in privacy comparing to Viber, WhatsApp and similar software.
It combines highest usability with point-to-point encryption, open protocol and open source client app.
Also it popularizes the idea of encrypted communication to wide audience.

But if we talk about encryption, security, we need to consider the worst case, not only just "trust these good people". We don't know what happens on server side, business model is "we don't make money, Pavel Durov just gives it", and these servers cost substantial money, considering millions of people sending files (and big files, for example, video) stored on servers. Ok, if it's non-profit then why the server source code is closed, why you can't create an alternative server? So I can (and will) suggest the worst. But I also hope that I'm wrong.

@auchri

Don't even think of it!
I assure you that we will create another one if you lock this issue!

You either give us a real timeline for development of secret chats on Telegram Desktop or else this thread stays!

I can close the new ones too ;)

And the cycle will continue! You [and your team] may be relentless but we are persistent.

@auchri sure you can. That's how people slowly realise Telegram's team doesn't really care about their opinion. I mean, it's been more than a year and you haven't even considered the thought of implementing this in the future. It's always no, no and no (with no decent excuses to support such decisions)

Wow, what a convenient way to solve problems... Just close the issue and let it go away... WOW!

Wow, what a convenient way to solve problems... Just close the issue and let it go away... WOW!

I didn't say _close_, I said lock to avoid off topic comments.

@hex000 Illuminati!!!
@pwseo @JacobCZ Lock != Close

Would propose to enable secret chat on all platforms of Telegram Desktop. Currently it is unfortunately available only on mobile platforms. If security is number 1 concern by Telegram Desktop then secret chat should be available everywhere.

So even WhatsApp uses end-to-end encryption and is totally free.
https://blog.whatsapp.com/10000618/end-to-end-encryption
So what is my reason to stay?

@gefrit Whatsapp client is closed source.
They can do whatever they please, like adding a function that would for example send them your private key, if they felt like it for some reason.

@gefrit @utack
Whatsapp made an excellent partnership with Open Whisper System and your encryption system is opensource (waiting for an external audit). https://github.com/whispersystems/libsignal-protocol-java/

However, remember the problem of metadata (https://www.eff.org/deeplinks/2013/06/why-metadata-matters). That's a big difference that keeps Telegram with other companies, Telegram ensures not share any data with third parties and has a whole legal structure in place to be so, however Whatsapp can yield to a request from any Court and deliver our metadata.

But we are here because we like Telegram and we hope to continue to improve.

Cheers

Nota: Whatsapp Blog entry I think inappropriately (Bit humble and far from reality), I prefer the Open Whisper System blog entry: https://whispersystems.org/blog/whatsapp-complete/

@gefrit Does WhatsApp have Desktop app?

It has a web based client that sends data through your phone, and there are loads of third party desktop apps, I'm currently using "DesktopApp for WhatsApp" on OS X, works like the web app so all data goes through a single point - your phone, guess that's how they're doing end to end encryption.

@edmundlaugasson It's available on OS X desktop, just not Windows desktop, which is obviously the far majority desktop OS. This thread is to add pressure to creating secret chat for Windows desktop, instead of them spending time developing stickers etc.

@stek29 @stripyshirtguy stop off topic please!

I would like to add a comment i kept for myself for a while:
the developers bring as excuse lack of resources for withholding this feature. Even refusing to code review an external contribution.
OK.
What's the freaking point of maintaining an official native osX client that supports this, when the cross platform desktop client doesnt?
Can't you damn kill the development of the osX native and focus on the cross platform client?

(this was the logical rant, in all truth we all know you just don't want to implement it for whatever political reason)

And now that: http://techcrunch.com/2016/04/07/nows-your-chance-to-try-signals-desktop-chrome-app

Are we gonna stay behind?

@paoletto And how it could help? I don't think that Cocoa + ObjC dev could do much with Qt app.
@auchri Sorry)

LINE has introduced Letter Sealing on the desktop version too. You don't see it in settings, but if you enable it on your phone, the desktop version will ask for a verification and will use the same encryption on the same contacts. No device specific bullshit. Just make sure your contacts have also enabled Letter Sealing. So you can ditch Telegram and be happy :)

The killer-feature of Telegram was security. End-to-end encryption is a must have feature! Now even WhatsApp already have it. -.- Come on, this secret chat should have been part of the beginning of the Telegram Desktop client. Actually it should be available in every Telegram client, not only for the mobile.

@danger89 I agree. The "killer feature" is now totally killing the project :grin: I mean, even freaking Viber started doing EtE encryption...

@danger89 whatsapp isn't a good example, afaik it doesn't have a desktop client at all. Nevertheless, I also think end-to-end on desktop is a must.

Man, this would be so much easier than sending GPG encrypted emails back and forth...

@JacobCZ there are better options out there than GPG over e-mail... such as xmpp+otp

@phjr I agree, but GPG mails are the most user-friendly solution for a company communication right now (for us at least)...

@phjr you're right, Whatsapp does not have a desktop client, but it still allows using its web version while maintaining E2E encryption _through_ your phone (or so they say). So yeah, we can still use it in the desktop.

I started watching this topic two years ago, can't believe E2E encryption still isn't available for the desktop client. Even freaking Whatsapp now support E2E as default, not even Telegram for mobile devices is using E2E enc by default.

Honestly, if this feature won't be implemented in the foreseeable future, I will stop using Telegram immediately once there's a better alternative which supports all three major mobile platforms and comes with a real(!) desktop client which doesn't lack the most important security functionality.

I am tired of waiting for a better telegram desktop client, two years passed, still low priority without any plans to implement this feature in the near future. Sorry, but that's just ridiculous.

@ThelloD
As I said before, LINE supports E2E encryption on every platform, including desktop. It doesn't support 5000 members in a group, but who cares? I don't know that many people and I never will.
Telegram's priority list is very strange, put every important feature to the end of the list and work with useless ones now :)

@kastal Thanks for the suggestion. I'll have a look at LINE, but since it's just another closed source messenger it's just not _the_ messenger I'm waiting for.

Currently I think Signal might have the best potential to become my favorite messenger one day, if only they would ditch their google play dependency and would release a windows phone 8.x/windows 10 mobile app.

(And sorry for off topic @ everyone else)

Even technically-inclined end users are getting confused and thinking Telegram itself somehow doesn't support secret chats on Windows / Linux because Telegram desktop doesn't to support it - https://news.ycombinator.com/item?id=11635751

Given that this was literally the #5 issue created when this github repo opened, I'd say there's a decent amount of user interest out there for secret chats.

@ScottRFrost Users want it, but it's much harder to implement than some other improvements. Also, whole telegram project can't just stop and wait until TDesktop adds Secret Chats. It is constantly improving, so Developer has to work on other things, even if he really wants to work on Secret Chats (lol).

http://www.theverge.com/2016/5/10/11653606/whatsapp-mac-windows-desktop-apps-download

While Telegram devs resist from implementing secret chats on desktop, other great apps appear around, some with secure chats, some with voice and video support (Discord looks promising).
After all, Telegram may lose all customers. It already loses lots and still doesn't implement most requested feature.

Looks like we're riding a dead horse…

@Geobert WhatsApp Desktop is just a browser hardcoded to WhatsApp Web.

@auchri @john-preston What's the relationship between this project and the official Mac OS X client? Why don't they share goals? The native Mac OS X application does support secret chats... so what's the rationale for this one not supporting it? Aren't they both desktop apps with the same purposes in mind?

Also, what's Telegram's take (as a company) on the recent mass E2E encryption adoption by most of their competitors?

@pwseo Telegram for OS X can use iOS app code while TDesktop can't. That's why it was much easier to add it in OS X.
Also, don't know about OS X one, but TDesktop was unofficial, that's why goals may differ.

@stek29

Telegram for OS X can use iOS app code while TDesktop can't. That's why it was much easier to add it in OS X.

I guess that's an advantage and therefore has almost the same functions that Telegram on a mobile device.

Also, don't know about OS X one, but TDesktop was unofficial, that's why goals may differ.

But it is now an official app, I do not see the point of your argument. Independent of origin, Telegram Desktop is presented as the official application for the Telegram service for desktop and you need to share your most important features. If you read above and other sites like reddit or Telegram groups you will see that users are willing to be without synchronization messages due to the nature of the secret chats, but we need secret chats on the desktop.

@stek29 I don't really think that's what made it possible for the Mac OS X client to have this implemented in the first place, but that's not for me to answer.

Also, like @haevalencia said, tdesktop is now an official client (has been for some time), and so should share the project's goals -- and in fact, it seems to be: every major feature is implemented _except for secret chats_.

It seems to be official policy towards Windows client - no secret chats. Like no russian localization on all platforms.

@kleuter Yeah, illuminati and so on.

This is because key and blablabla... If you can not start a secret chat from browser, thats ok. If the secret chats are can not be synchronized between devices, thats ok too.

But, it the whole thing becuse of the "one device, one key" problem, why the hell I can't START a secret chat from my desktop Telegram native program? I want to write long text. After that, that chat is live only on my PC... It could be labeled as "phone", "desktop".

This is a shame, I am thinking to remove the app and find another.

You can start secret chats on Desktop easily.
Just install Pidgin (or any other Libpurple based messenger), install Telegram-purple https://github.com/majn/telegram-purple and enjoy the secret chats.

I also need this feature. JUST DO IT!

That's astounding that one of the most important feature is still not implemented ! I hope that will change.

Is it a protocol deficiency that this cannot be done for multiple devices. Because Signal can do it with E2E on multiple devices or at least 2 devices. Because messages sent from my phone gets synced to my chrome application. So it's certainly doable.

Yeah, Telegram is on its way out for me too.

Secret chats' notifications are severely broken since their latest two updates - making the app unreliable as a messenger!!! No fix in sight up to now.

There is not enough interest in e2e-encrypted chats at Telegram. They're focusing on the "encrypted cloud chats" - being NOT e2e-encrypted, of course.

Well, perhaps it's also due to the users themselves as well!!!
Too few people use e2e and thus Telegram gets insufficient negative feedback from its user base.

I am using Signal more frequently now...

Just do it

@VSG24 I don't think it's happening. Those retarded stickers are apparently so much more important 😠

Exactly, stickers and cloud-based stuff is much more important for Telegram these days!!!

Their notifications were broken for secret chats for weeks and weeks and they didn't care about it for more than half the time. Because the number of users actually using true e2e-encryption is so small, that they didn't consider this a priority issue...

Only now the notifications started to work again and Telegram became usable finally.

If only Signal would work more reliably, then I'd have long ago switched away from Telegram. But for now I can't motivate any of my friends to go that path. Most of them are too pissed of with Telegram by now. Everyone is on WhatsApp and I as a WhatsApp-denier have a very hard standing... :-(

Maybe just create fork, and implement this feature by ourselves?
We could take source code from Cutegram.

@Sollex-21412 why not, you can start right now.

any news about this feature ?

Since encryption / Secret chat is only available for mobile or OS X (mac), and not Windows, they should probably at least remove 'business' 'encryption' from the homepage / feature list until it's actually supported. It's misleading, given that far majority of business users use Windows.

Since encryption / Secret chat is only available for mobile or OS X (mac), and not Windows, they should probably at least remove 'business' 'encryption' from the homepage / feature list until it's actually supported. It's misleading, given that far majority of business users use Windows.

I think you're misunderstanding what secret chats are.

Telegram NEVER sends anything over the wire unencrypted, EVER. Secret chats are end-to-end encrypted, which means even Telegram's server can't read your messages. Regular chats are still encrypted in transit, exactly like when you're browsing your bank's website / gmail / etc. Both secret and regular chats are encrypted, the only difference is that secret chats are encrypted end-to-end.

EVERYTHING in Telegram is kept secret from people around you. Secret chats are also kept secret from Telegram's servers. Unless someone hacks Telegram's servers (or compels them via court order / etc), they can't get to your data either way.

@ScottRFrost I do not think @gingerCodeNinja is confusing the concepts.
That section of the main Telegram web called "Encrypt", refers to the secret chats where you can even share "personal or business secrets" without problems, however, this feature is not available on all platforms.

Moreover, the industry often use encryption in transit or additional methods such as Telegram (encrypt the data inservers and physically separate encryption keys in different data centers). The problem?. The company continues to have access to our data and could eventually be hacked or receive a court order to deliver data as you say and that is not safe, not to share personal or business secrets.

The origin of this ticket is that although Telegramoffers E2E chats, with Telegram Desktop are obliged to only use the messaging service based on the cloud (there is no way to know if someone starts a secret chat with us).

Unless someone hacks Telegram's servers (or compels them via court order / etc), they can't get to your data either way.

That's the problem, it all depends on Telegram's servers. Also, what if someone wants to initiate a secret chat with us? We don't even get a notification that such a conversation has been started... it's absurd. Even more so when the native MacOS client supports secret chats.

@auchri @john-preston is there any intention of implementing this in the future?

@ScottRFrost , as @diazbastian has explained, I'm not mixing them up. I do understand there is some SSL encryption in the communications. It'd be very worried if there wasn't at least that.

EVERYTHING in Telegram is kept secret from people around you. Secret chats are also kept secret from Telegram's servers. Unless someone hacks Telegram's servers (or compels them via court order / etc), they can't get to your data either way.

That's exactly it.

If Telegram doesn't think secret chats are useful, why have them on OS X and Android/iOS ? Why not remove them from those platforms? Why was it ever made for those platforms? Telegram can more easily make their data security/privacy intentions known by making a clear stand either way, finish the feature and develop it for Windows, so business users can use it, or remove it for all platforms and just Telegram for kids sharing.. stickers.

Post-Snowden, the amount of effort put into &_^£%_@ stickers rather than making the app more secure on more platforms is beyond me.

And I think that this will never happen, even for something as simple as removing the ugly chat bubble (1 char to change in the code) they don't listen, so let alone something that require huge amount of work. The dev prefer to refactor the setting page… wow, so important thing to do indeed…

Telegram started as an extremely promising and ambitious project, only to slowly change into a mediocre WhatsApp-like platform... :disappointed:

That reminds me a situation like this:

— Hey, developers, you have a nice XML API! Can you add a JSON API as well?
— No, it is impossible to implement.
— But you can process TCP requests already!
— Well, you see, our application's architecture is very complex and does not allow to send TCP requests directly, that will require a huge rewriting, this is a dangerous hack, crutch, etc.

Telegram developers' version:

— Hey, developers, you have nice secret chats! Can you add them to the desktop version?
— No, it is impossible to implement.
— But you have them in mobile apps already!
— Well, you see, our application architecture is very complex and requires offline storages for them, that will require a huge rewriting, this is a dangerous hack, crutch, etc.

How many voters you need in order to raise the issue's priority?

Given that this is the most hot open issue I assume that I am not the only one who both finds secret chats' absence very inconvenient and feels acute spanish shame because developers ignore this both significant and hyped shortcoming.

tl;dr: secret chats are a must. Their absence is a serious reason for developers' team to be ashamed.

Hey, guys! Stop yelling here! Telegram Team already told us they need to focus on super duper important critical areas, like minigames
https://techcrunch.com/2016/10/03/telegram-levels-up-its-bot-platform-with-competitive-games-that-live-inside-chats/
What purpose do you think this application have? Send messages securely? lol.

We are doing it wrong. This is not yelling.
To yell them properly, we have to quit using Telegram. That will make them understand what's important what's not.

I have started a petition at change.org. Please find a few minutes to sign it and send it to as many people using telegram as possible. https://www.change.org/p/https-telegram-org-implement-secret-chat-in-telegram-desktop

Signed it already. Good idea.

@ferittuncer Thank you. Please send it to as many people as you can :)

signed!

Am 14.10.2016 um 11:43 schrieb Jakub Sycha:

@ferittuncer https://github.com/ferittuncer Thank you. Please send
it to as many people as you can :)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/telegramdesktop/tdesktop/issues/871#issuecomment-253755595,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AReDL76R71AQdclPUTQpWje9__IJCKHPks5qz07GgaJpZM4FQbRT.

Please guys, do not write messages like 'Signed' and similar to this. I do not like get tons of emails like this.

Just sign it, and share it to your communities, and thats all.

@JacobCZ I doubt change.org petition means more than issue with tons of comments, 71 participants and more than 150 +1s.

Also, I'm wondering why conversation is still not locked.

@telegramdesktop

«Your phone is the most "private" device and the probability that you'll see the messages there is the highest.»

I suppose you were joking, right? A mobile "private"? The most private device is our computer, which we turn off when don't need it, which we don't carry everywhere nor is so easily able to be lost, robbed, broken, which we can format and install 100% open sourced operating systems and software and be more (always relatively, we all know that) secure that we aren't being spied... Where do you work on, where do you save your important stuff, on you encrypted hard disk or in your mobile device? Come on, let's not become crazy with the mobile stuff fashion.

I understand your argument that Telegram was planned to be a mobile app, but it's becoming much more. You need to recognize it, your little creature which hoped to defeat Whatsapp on the mobile market will never do it in a close future, but unexpectedly, it is growing and gaining addicts thanks to channels, groups and bots; and these unexpectedly successful features (at least not as expected as most of us thought when we first knew of them) are much more comfortable to use on a computer, principally because when you are in several groups typing on a mobile is a pain in the *ss and you miss a real keyboard so badly. You know the numbers, not me, but I'd bet that the number of users that are using TG from their desk/laptops is constantly increasing; I know that even some IRC channels are moving to TG supergroups.
No, Telegram is not a simple messenger for the mobile anymore, it's growing and expanding its "dominions", and I think you should not dismiss this fact.

So, this takes us to the real problem, in my opinion: if people keep using Whatsapp for their private conversations, especially now that WS has REAL encryption, encryption for every chat, group and call, just like Signal, Actor, Wire, and others already do, and seems that they will keep doing for a long time; and on the other hand Telegram is growing a lot among people who paricipate in groups, create channels and bots, and use it an increasing amount of time on home computers, why not to make ALL the activity really secure and encrypt all of it at a protocol level, so no unencrypted Telegram will ever exist again? We would stop reading and hearing that ironic, but sadly true, argument that Whatsapp has become the most secure messenger application widely used nowadays.

Please, developers, we love Telegram, is the best mesaging app out there, but has important defficiencies. Please, reconsider the priorities and make Telegram really secure, wipe out any line of code from your protocol that permits to send a single word or a single photo unencripted from our devices. Of course if no conversation/file could leave or devices unencripted all the Telegram clients would have no other remedy than support encryption.
"Reclaim" your right to call TG the most secure widely spread messenger, now that it's by default even less secure than latest versions of Facebook messenger.

@Salkin2 Your text is great, but it looks like you're missing the fact that ALL chats in Telegram encrypted, and secret chats are just an end-to-end layer on top of it.

You may need end-to-end if you can't trust Telegram. But how can you be sure Telegram does not MITM you? You may check "key visualizations", but if you have a secret channel to pass those why do you even need Secret chats then?

@stek29

But how can you be sure Telegram does not MITM you?

Check the soruce code.

@Salkin2

In Telegram any word or photo sent to any chat or channel is encrypted, nothing is sent unencrypted, just like you ask. The idea of making all chats only end-to-end encrypted is a bad idea, because users will loose many features they love, including instant server-side search in all your cloud messages, including the channels you've mentioned.

Speaking of WhatsApp security: http://www.huffingtonpost.com/entry/six-reasons-you-should-stop-using-whatsapp_us_57f6ca32e4b0d786aa52ad91

In simple words: about every second WhatsApp user enables cloud backup (so all his messages are available to Google / Apple, who gives it to god knows who, including the US gov of course). Even if you didn't enable cloud backup you don't know did the guy you chat with enable it. Which makes it 50% case your messages are available to Google / Apple even if you don't enable cloud backups.

Which makes the WhatsApp end-to-end encrypted group chats kind of funny: if you're in a group of five people and you personally disabled cloud backup it is 93.75% probability that all your messages from that chat are available to Google / Apple.

Of course only you decide, who you trust:

• either you trust WhatsApp that they really use that Signal protocol (no way to find out, because their apps are not open source, right?) you're still left with the cloud backups and you trust Google / Apple that your messages are safe (though they don't hide that they're processing the US gov requests - at the very least)
• or you trust Telegram cloud who tells that it didn't disclose a single byte of personal data even from the cloud, and end-to-end encryption can be trusted because of the open source implementation (and there is no demanding cloud backup for them, they have timers for self destruct etc)

BTW what about Facebook messenger?

@john-preston I think we understand your arguments, including the staff of Telegram and the same Durov have clarified several times, however, they assume that 100% of Telegram users use (or want use) cloud chats and forget that don't support secrets chats in TDesktop prevents interoperate with other users through this function. Its means not being able to communicate with another user!

There is no way of knowing if a user wants to start a secret chat with us and is quite uncomfortable having to answer conversations with TDesktop and the smartphone to supply this problem.

I like the cloud chat, but I also like secrets chats. Users are sufficiently aware that involves the loss of some functions. Come on, why we need to back up the secret chats if one of the star features is the self-destruction of messages.

@vaso123

Check the source code

And where could I find server side source code?
Also, even if Server Side code was open sourced how can people be sure the same code is running on server side without any modifications?

@vaso123 he means Telegram servers can MITM your secret chat, but then the key visualizations in the secret chat will be different - that's ok, you should check the key visualizations if you don't trust Telegram servers.

@stek29 well, you can check the key visualizations once when establishing the secret chat, for example if you're near this person at the moment of chat creation, and after that you're sure it is safe and without MITM even being away from each other.

@diazbastian my reply was just to clear the thing about "sending anything unencrypted" + some thoughts about the WhatsApp safety myth. I didn't address the issue of the secret chats absence in telegram desktop.

@john-preston yeah, that's exactly what I said:

You may check "key visualizations", but if you have a secret channel to pass those why do you even need Secret chats then?

@stek29 As I know, the encryption / decryption is happens at client side.

This is their problem, that you can not share private key between devices. Anyway, I do not understand, what is the problem with desktop secret chat. This messages won't be synchronized, thats all.

@john-preston despite all that you have said, you have provided no reasons for not implementing secret chats in tdesktop (even native macOS application has them). Whether or not you turn them on by default is an entirely different matter -- and a pretty irrelevant one, if the functionality isn't there to begin with.

I think you guys should at least provide some kind of feedback on this much needed feature. As others have said, we don't even get a notification that someone wants to talk to us if we're secretly contacted on tdesktop. At the same time you guys are always implementing every little bit of eye-candy instead of prioritizing this specific bug, which makes little sense for a privacy-oriented piece of software such as this.

@vaso123 @pwseo RTFM first please (end to end docs)
Also, please read discussion carefully, especially comments by Preston.

Short summary for lazy people:
1) Encryption/Decryption is done on client side indeed. However, encoded messages are being sent via Telegram's servers. That's why key visualizations are defined: to have fast way to check if clients have same keys.
2) The main issue with secret chats is storing whole history on client side. TDesktop currently does not store any data except caches, auth keys and settings.
But database with messages has to be encrypted. MacOS client uses System keychain. What should tdesktop use? There's such projects as qtkeychain may help, but should we even use keychains to encrypt database? Maybe it would be better just to force user to set an in app password?
There are lots of unanswered questions
3) IMO Telegram is not so security focused last time. It's more focused on entertainment.

@stek29 Yes, of course I meant e2e encryption like Whatsapp has, Wire and Signal, and recently Line too have. It was a colloquial way of speaking. Excuse the imprecision.

«how can you be sure Telegram does not MITM you?»
That's another very good point. We have been tol that the server code was going to be published "soon". Well, the years pass by and the server code keeps closed. We can't know if Telegram is MTIMing us if experts can't verify the code.
That's another important issue, but it doesn't concern the Desktop app that we discuss here. But yes, I completely agree with you: we can't be sure.

@Salkin2 No we can. We have key fingerprints, and just in case we can make third-party app which would display whole key if we want to check it.
Also we can be sure that if two people have the same key we can be sure Telegram does not have it, that's how diffie-hellman algorithm works.

@john-preston

any word or photo sent to any chat or channel is encrypted, nothing is sent unencrypted

Wait, that's something I didn't know. From what I read in TG's site I understood that the encryptions takes place once the messages arrive to the servers, not on my device. If my data were encrypted on my device that would be end to end encryption, no?

making all chats only end-to-end encrypted is a bad idea, because users will loose many features they love, including instant server-side search in all your cloud messages, including the channels

So it isn't technically possible to have those features in an e2e encrypted environment, or perhaps it's a lot of work to be done at the present but we could expect some progress in the future?

Speaking of WhatsApp security: http://www.huffingtonpost.com/entry/six-reasons-you-should-stop-using-whatsapp_us_57f6ca32e4b0d786aa52ad91

Don't get me wrong, I wasn't advertising WS, just comparing. The article says that messages are stored unencrypted. Well, Whatsapp swears that they are using Axolotl encryption protocol from Signal bot for conersations and shared files and voice calls, I don't know if the article is talking about message storage on the device. Well, that could be a risk if someone physically gets my device, something that most of us, common citizens aren't probably too concerned about; I mean, who can get my phone, some friend, familiar, fiancee? Most of us don't have unconfessable secrets to hide, just want that companies and governments don't put their noses into our private lives. Our close relatives and acquitances already form part of our private lives. Yes, there are things I'd feel embarrased if my mother would know, but she's not going to grab my phone, copy the messages database (which BTW I though they indeed were encrypted since a couple ofyears ago, or so). Besides, se wouldn't even need; if she grabs my phone she would just need to open WS and read, if she were able to bypass my phone's lock, of course.
So, what I think most of us are concerned is about "spies", both private and state funded, and hackers, who aren't going to be phisically in touch with pur phones.

There have also also several writings recommending not to use TG, with arguments regarding security flaws, mostly about its lack of e2e encryption by default and for groups. I don't have the knowledge to discuss them, but I don't think criticism should be ignored. We like Telegram, we like it more then other messengers, but we'd like it were even better.

In simple words: about every second WhatsApp user enables cloud backup [...] Which makes the WhatsApp end-to-end encrypted group chats kind of funny

I think that only affects Iphone users, who are roughly the 20% of mobile phone users. But then, if storing the messages in the cloud is dangerous... well, TG does store all of them excepting secret chats in the cloud. We are in the same risky position; and it would affect both to Aple Icloud and Android users, if I understand correctly, no?

either you trust WhatsApp that they really use that Signal protocol (no way to find out, because their apps are not open source, right?

Absolutely, I don't trust them at all. I just want to believe that they have been audited (and this is just a silly hope from me); I fully agree with you: one can only trust (and alway relatively) in open source software.

or you trust Telegram cloud who tells that it didn't disclose a single byte of personal data even from the cloud

this takes us to another important issue: can we trust an open sourced app, it the infrastrcture it's based on (servers and such) is using closed source software? I know that's not your responsability, but you see, we can't really trust Telegram as a complete service that much.

BTW what about Facebook messenger?

They recently implemented Signal's encryption protocol (or so they say).

Anyway, despite all those arguments. Couldn't at least secret chats be implemented in the desktop client? The feature already exists in the mobile client, is there any other technical barrier that makes it hard to implement?

I really appreciate these enlightening conversations with developers like you, and I thank you for you time explaining to common users like me things that aren't so publicly commented; and I hope you take my, and other users', criticisms as constructive ones, as a real interest that we have to make Telegram even better.

Best regards.

P.D: A single and last edition (sorry for the lenght of this post :-/ ).
@stek29 has said:

Short summary for lazy people:
1) Encryption/Decryption is done on client side indeed. However, encoded messages are being sent via Telegram's servers. That's why key visualizations are defined: to have fast way to check if clients have same keys.
2) The main issue with secret chats is storing whole history on client side. TDesktop currently does not store any data except caches, auth keys and settings.

Is that correct? The difference between normal chats and secret chats, besides autodestruction, is that messages are stored in the servers or not? Are our messages really being encrypted with the same strenght, on our phones, no matter if normal chat or secret one, are they leaving in the same way with the only difference that normal chats will reside in the servers and secret ones in the two devices of their participants? Because if this is the truth, then I think you need quite a new communication campaign that makes this really clear and corrects many misconceptions like mine.

@stek29

Also, even if Server Side code was open sourced how can people be sure the same code is running on server side without any modifications?

The same way non source based Linux distro users are more or less sure that the compiled packages they install are really compiled from the original sources, checksums and hashes I think they call it (excuse my frequent imprecisions, I'm not a programmer nor an informatics professional).

that's how diffie-hellman algorithm works.

But again, that's for secret chats only, no?

@Salkhin2

From what I read in TG's site I understood that the encryptions takes place once the messages arrive to the servers, not on my device. If my data were encrypted on my device that would be end to end encryption, no?

Wikipedia: End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages.

So in normal chats data is transferred between Server and Clients in encrypted way. Only users and Telegram servers can decrypt it.
While in Secret chats encrypted data is transferred between client via Server, but the Server can not decrypt it.

So it isn't technically possible to have those features in an e2e encrypted environment, or perhaps it's a lot of work to be done at the present but we could expect some progress in the future?

As you just read, Server can't process e2e data. Which means that:
1) Search can be done locally, but it would be slow and consuming.
2) Channels and supergroups can't work with e2e encryption, It's obvious (how can someone who just joined read previous messages? Every other user would have to send him whole history? Also imagine chat with 5000 members. If someone sebds a message he'd have to encrypt it 4999 times with different key)

Besides, se wouldn't even need; if she grabs my phone she would just need to open WS and read

While for hackers it's much easier just to pull one file from your phone without you even knowing it instead of trying to use GUI remotely.

But then, if storing the messages in the cloud is dangerous... well, TG does store all of them excepting secret chats in the cloud.

TG stores them in their own cloud. So you have to trust Telegram only, it both stores your messages and processes them.
While WA stores them in Apple's and Google's clouds. So you trust two companies at least.

And it should be much easier to trust Telegram because they "didn't disclose a single byte of personal data", while WA, Apple and Google pass information to governments easily and even use your information to make money.

can we trust an open sourced app, it the infrastrcture it's based on (servers and such) is using closed source software

We can trust no one. Even if server code is open source you can't trust until you set up your own server.
But it seems sane to trust semi-opensource projects more than fully closed source.

The difference between normal chats and secret chats, besides autodestruction, is that messages are stored in the servers or not?

Messages in normal chats are never deleted from servers (unless you delete them)
Messages in secret chats are deleted from server after its confirmed that client received them, or after 7 days pass.

Are our messages really being encrypted with the same strenght, on our phones, no matter if normal chat or secret one, are they leaving in the same way with the only difference that normal chats will reside in the servers and secret ones in the two devices of their participants?

I didn't understand this really, but if you meant "Are messages from normal and secret chats stored on our phones in the same way", then the answer would be "may be same or not, depends on particular realization".

The same way non source based Linux distro users are more or less sure that the compiled packages they install are really compiled from the original sources

1) it's just "let's trust that guy and accept every package signed by him". Of course you can check downloaded executable file to see if it has any malicious code in it
2) it won't work for servers because you can't access Telegram's server and check what is really running there

But again, that's for secret chats only, no?

I was talking about secret chats. But almost the same algorithm is used it client -- server communication.

It's strange that secret chats are not implemented yet.

To anyone whom it might concern, I would like to thank you for signing the petition. Unfortunately, we only have collected 15 signatures so far, which is by far not enough for anything to change. Please consider sacrificing a few minutes of your time and sending the link to the petition to as many people as possible. Thank you.

https://www.change.org/p/https-telegram-org-implement-secret-chat-in-telegram-desktop

@stek29 There may be a lot of unanswered questions regarding secret chat implementation, but from the end-user point of view, there is no discussion on how to answer such questions.
Also, I'm sure that people would understand if they were forced to use a password to protect secret chats in order to use them on tdesktop -- if that's one possible solution to the problem, go right ahead.

@JacobCZ With 10,000 signatures something change?

Few people have signed the petition because it makes little sense, developers know well that "secret chats" is a very requested and required feature by users, but for staff, time, schedule, interest or whatever, is not a priority.

I have seen some users concerned have wanted to make a PR, but it seems that "is not a solution". You could try bountysource or a similar service and maybe have some luck.

@diazbastian I don't expect the petition to be an absolutely 100% solution, but if we got a significant number of signatures, it would force the developer to at least publicly state their opinion on the matter. What the developer has said in this "conversation" is nothing more than meaningless obstructions and excuses... That's my opinion at least.

@JacobCZ

force the developer

Ahhhh yes, of course. That's the way it works.

@kehugter, exactly! I signed this useless petition with an appropriate comment. This is going to lead nowhere. One needs an incentive for the developer to implement secret chats, forcing is definitely not going to work.

In the end this is about finding an alternative for Telegram altogether! Signal works, but can be - compared to Telegram - sometimes much slower. And yes, there aren't these nice stickers. The best, though is, that it is bot-free territory! ;-)

@kehugter @mkae Well, there sure is one more option... Let's assemble a team of people versed in C++, fork the client and implement this feature ourselves.

@JacobCZ Yes, that's the other option and I think this had been pointed out already somewhere further up. It's more likely that this will lead to a result than pressing a developer who has other priorities.

@mkae It actually has happened once already, but unfortunately, all the people involved decided not to do it in the end...

@JacobCZ, I remember there was some talk a while back about taking code from another Telegram client and including it here in tdesktop... Well, all you need is dedication and believe in a platform. And the jury is out whether Telegram is a platform with future if they care more about bots and lark like that - instead of coming up with a better encryption method (not only SHA1), encrypted groups, e2e encryption per default, etc.

@mkae That's a good question... I'm afraid that since the invention of OTR chats over Jabber, not much has been improved. I can't imagine a single person that could benefit from ability to chat encrypted, who would prefer some stupid stickers and minigames over it...

@JacobCZ, speaking of minigames. That was the ultimate news for me. Yes, Telegram, go ahead with stuff like this since that's indeed the future!!!

The past year is in such stark contrast to that what their mission seemed to have been a while ago. Security for the user and so on. Forget it. OTR, Signal and whatnot seems more like an option these days. ;-/

@mkae It's kinda sad tho. Shit, even Viber is doing it better lately...

@mkae

coming up with a better encryption method (not only SHA1)

not only SHA1

only SHA1

I hope you're kidding.

What makes you think I am only kidding?

IIRC the encryption is indeed - for performance reasons - not the best...

@mkae it may be not the best, but it's not "only SHA1".

@mkae What do you even mean by "only sha1"? %)

What I understood back then when I read about it was that one should use a more sophisticated encryption algorithm but that SHA1 was chosen for performance reasons. That's all I know.

@mkae Well, you didn't understand well enough. SHA1 is not an encryption algorithm at all (so it can't be "the only encryption" that is used), it was chosen to be a message digest (like a checksum) for performance reasons, but this doesn't affect encryption safety.

OK. Then I missunderstood that bit.Anyway, doesn't matter, it doesn't belong to this whole discussion and I apologize for having drifted off topic here.

Instead of wasting time trying to get this feature developed on tdesktop from my point of view it's better to invest time into working on Unigram development. Tdesktop has proven not to be as good as expected into supporting Win10 as a new UWP could do, and I'm quite sure there are lot of people capable of porting the e2e encryption in C#, so if security really matters let's move on to a new fresh application less focused on funny useless features.

@LuKePicci From your point of view indeed. From MY point of view, of all ideas, this is the most stupid. Why would someone waste time into a Win10 only application in C# when Telegram Desktop is a cross platform app, which would bring secret chats virtually everywhere, once implemented?

@paoletto I definitely understand what you say but keep in mind that Mac users already have their own app which is fully functional and also implement e2e. Tdesktop on windows is not so good if you try using it on modern devices with hi-dpi, touchscreen and always on power states. It may sounds like a dumb reason but if you get a chance of trying Tdesktop in such a situation you will surely understand (maybe not agree) my opinion.

Give up Telegram, it's dead for security point of view. Use Tox, which is a decentralized, end-to-end(no exceptions) encrypted protocol for messaging.

@ferittuncer Does Tox already have transparent and stable multi-client-same-time support? Roster synchronization between workstations? All protocol and client version compatibility problems (like non working on some of the clients group chats) already solved? What's with mobile versions? Last time I tried to import my Tox profile from desktop to Antox the process failed.

It's not sarcasm. I really want to know which of these was solved.

@ferittuncer and @skobkin please keep this civil and constructive. This is a board for discussing a concrete bug in Telegram, not for promoting and/or ask support for other software.

Saying _it's dead for foo, use bar_ doesn't help to get secret chat implemented.

Read this http://security.stackexchange.com/questions/49782/is-telegram-secure and this http://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415 . Then you understand why dead.

We all came here for security right? So let's not deceive ourselves, no security for us here.

So they implement secret chat or not, doesn't change anything.

@skobkin Kindly, please check them urself, as @mmoya said, I should not discuss Tox here.

@ferittuncer Please stop posting links where the only argument is "they made their own protocol, so it is not secure" and where is no mention of the secret chats at all (the thing, that is discussed in this issue btw) — this has nothing to do with logic in any way.

So if the secret chats feature and is it implemented or not doesn't change anything for you, please go to the Tox implementation repository and chat about it there — there is no reason for you to be here, like, at all.

@john-preston The only argument is not "they made their own protocol ..." Read and see yourself.

Yeah you are right, I'm done here anyway, good luck and have fun with your awesome stickers.

It would be great to have Secret Chats in the desktop app, but I wouldn't like it if I were not able to know which client my contact is using. I have two concerns regarding this:

1. I'm not sure to what extent the desktop client would be able to keep all the features the Secret Chats have in the mobile versions, like notifying about screenshots, for example. I know very well that restricting the Secret Chats in official clients to the mobile versions doesn't mean that there is no way to circumvent some features, but I think it decreases the chance of less tech savvy users to do so.
2. I use Telegram in two desktops and two phones. Some people already find it very confusing when they get two secret chats with me. Getting three or even four would be a very likely scenario in my case with Secret Chats available in the desktop. Not to mention that Telegram's chat list already is a hell, with chats, groups, channels, bots... Thankfully, usually people only use one phone, so it's extremely rare for me to have more than one secret chat of the same contact in the same device.

If the users get the ability to know which client the their contact is using for each Secret Chat, I guess these things wouldn't be much of an issue. I have some ideas about how to handle this:

• Add a small icon to be displayed for each Secret Chat showing which kind of client the user is using, i.e, mobile, desktop, web etc;
• Give more info about the client being used in the Secret Chat details screen, like the name and version of the client;
• Give each Secret Chat a separate status indicator, this way a sender will know if the recipient is still using the device where a Secret Chat is and which Secret Chat he is more likely to get the message;
• Make Telegram aware of how many Secret Chats are open with a contact. This info could be added to each Secret Chat details screen - something like "You have 4 active secret chats with this contact, 2 in this device." - also adding the option to end Secret Chats of other devices would be cool;
• What about merging all the Secret Chats from a contact that are open in the device? Telegram could show all Secret Chats in one single chat and then the sender could choose to either send the message to the recipient's last active chat/device or manually choose the secret chat/device for which to send the message. In this case, each message should indicate somehow for which secret chat/device it was sent or received. An option to resend the message for a different secret chat/device cold be nice as well, and auto-destruction timers would have to be synced between all merged secret chats.

I know Secret Chats are still far from TDesktop, but I do hope when it gets there, it comes with some kind of solution to the multiple secret chats problem.

@tomcpc great ideas, except the last one.

@telegramdesktop after reading the entire thread, it is apparent that this discussion is no longer on whether the feature should be implemented or not, that is very clear.

But raises a new set questions:

1. Is supporting a core feature considered a _sensible_ request?
2. If so, given a sensible request from users, why can't the priorities of a project re-evaluated?
3. If not and the pull requests will not even be considered... brrlah! is this a personal thing?
4. If not, this is about telegram. How to re-evaluate the team/project structure so that the client is full-featured?