Telegram-foss: default secret chat or option to disable non-secret chats

Created on 2 Mar 2016  路  15Comments  路  Source: Telegram-FOSS-Team/Telegram-FOSS

since the good people at https://github.com/DrKLO/Telegram have removed the issue tracker, I try here. I've a small feature request. I'm often bugged by many people contacting using normal chats. Usually my reply is to open a secret chat and answering their message. This is quite annoying. Would it be possible to add a configuration option to do this by default ? With many Thanks.

enhancement

Most helpful comment

I've the impression that @DrKLO is not very interested to have such kind of feature. I actually don't understand why. I see a configuration option (off by default, so it does not change anything if you are not interested) to switch on encryption as a very innocuous feature.

This is how I imagine it. Two small components :

  1. A small checkbox in Configuration -> Privacy -> Start All New Chat as Encrypted
    This will allow the use to start en encrypted chat when starting a new message. This option off by default won't affect anybody that don't bother to switch it on.
  2. A small checkbox in Configuration -> Privacy -> Answer All Insecure Chats With An Encrypted Chat.
    Upon a Plain text message, the client will Answer something like "Please contact me over a secure Channel" and Start a new Encrypted chat with that contact. This option off by default as before.

This would not change the functionality for the large majority of users, but giving a few the possibility to enable secure communications by default.

Would this a reasonable thing to do ?

All 15 comments

FYI the archived issue about a similar feature request.
_(Obviously never heard anything about it from Telegram)_

I've the impression that @DrKLO is not very interested to have such kind of feature. I actually don't understand why. I see a configuration option (off by default, so it does not change anything if you are not interested) to switch on encryption as a very innocuous feature.

This is how I imagine it. Two small components :

  1. A small checkbox in Configuration -> Privacy -> Start All New Chat as Encrypted
    This will allow the use to start en encrypted chat when starting a new message. This option off by default won't affect anybody that don't bother to switch it on.
  2. A small checkbox in Configuration -> Privacy -> Answer All Insecure Chats With An Encrypted Chat.
    Upon a Plain text message, the client will Answer something like "Please contact me over a secure Channel" and Start a new Encrypted chat with that contact. This option off by default as before.

This would not change the functionality for the large majority of users, but giving a few the possibility to enable secure communications by default.

Would this a reasonable thing to do ?

would love such options

I agree it's a good idea!

@abate I've though about this a bit, I'd really like to have default secret chats in Telegram. Unfortunately Telegram's secret chats are only second class citizens in their system:

  • There is no support in the official desktop applications. That means if you only have one contact which is not always using a mobile device this you can't really use this setting as proposed.
  • Secret chats can only ever have one endpoint. That means beside not being synchronized across devices I you and you chat partner both use a phone, a tablet and a desktop computer (there is a pidgin plugin which works with secret chats) you end up with potentially nine(!) identically named secret chats for just one contact... ugh!. You then have to guess which device your chat partner is using, when initiating a conversation.

That said, I've a had few ideas, what could be done in this regard, but this is more involved than adding a few setting toggles.

Maybe we could transparently upgrade to a secret chat whenever possible. I imagine this could work as follows:

Scenario 1 - Communication with a non secret chat enabled client:
  • User A sends a message to User B in standard chat. This is the first message after a certain amount of inactivity.
  • Client B which supports this new feature automatically replies with a status message _"Do you support secret chats? (Reply 'YES' if you do.)"_
  • Client A doesn't know what to do with that message and displays it to User A who sends something other than YES.
  • Client B displays the new communication to User B and they continue to chat as normal.
Scenario 2 - Communication with a secret chat enabled client which doesn't support this feature:
  • User A sends a message to User B in standard chat. This is the first message after a certain amount of inactivity.
  • Client B which supports this new feature automatically replies with a status message _"Do you support secret chats? (Reply 'YES' if you do.)"_
  • Client A doesn't know what to do with that message and displays it to User A who understands the message and replies with _YES_.
  • Client B initiates a new(?) private chat with Client A which User A than accepts.
Scenario 3 - Communication with a secret chat enabled client which also supports this feature:
  • User A sends a message to User B in standard chat. This is the first message after a certain amount of inactivity.
  • Client B which supports this new feature automatically replies with a status message _"Do you support secret chats? (Reply 'YES' if you do.)"_
  • Client A automatically replies with _YES_.
  • Client B automatically initiates a new(?) private chat, Client A automatically accepts this chat, then forwards the initial message to the secret chat.
  • Client A then replaces/upgrades User A's chat window with the private chat window.
  • Client B only starts displaying the chat when the the secret chat is established.

I also thought about reusing secret chats, for scenario 3 this could be accomplished by having Client B send a device Number with the initial upgrade request. Client A then either uses an/the already existing chat with that device to send a reply or initiates a new connection.
For scenario 2 I don't know yet how either Client B or User A could identify the correct secret chat to re-use.

Also a client supporting this feature could transparently merge all different chat histories stored on the device when in conversation view with another user.

Problems: What about a downgrade attack? I don't know enough about the default (non E2E) chat encryption right now to say anything about that..

I think this would roughly solve all problems I outlined in my last post. But it is not something I can realistically implement in the near future.

Comments and ideas welcome.

hi, yes I see the downside of my proposal. Your way, with this query/response schema we get the best of both worlds, maintaining compatibility with devices that do not support this feature and avoiding the multiple device / multiple chat problem. You never know, maybe we'll get on board somebody that actually has time and like programming in java :smile:

I'd like to hear the opinion of @DrKLO or some other Telegram employee about this.

Now that WhatsApp has seamless end to end encryption, it should be a top priority for upstream to extend Secret Chats so they become the default behavior for all forms of communication in Telegram.

Ignoring this issue could hurt them badly.

Sorry, but this is something that must be solved by upstream, not by us.

By now nearly every device should support secret chats. Do you agree?

I would solve this via GUI only.

Non-secret chat: tap on the contact. The default contact list that is shown by telegram are "all contacts", since everybody supports secret chats. Correct?

Secret chat: Tap on the "edit" icon to initiate a secret chat by tapping on a contact in the "supports-secret-chats"-contact list.

Is it possible to change the default view of contact? This should be a GUI-thing only thus using Telegrams own feature by default. No compatibility issues to be expected.

There won't be any fix upstream. Ever.

Best,

Henning

Compatibility-issues are expected: I aggree it would bring a benefit in security, but with a (at least for some users) huge drawback: One cannot read the secret chat from another device, if they were started on the smartphone (and vice versa).

Compatibility-issues are expected: I aggree it would bring a benefit in security, but with a (at least for some users) huge drawback: One cannot read the secret chat from another device, if they were started on the smartphone (and vice versa).

Well you gotta pay a price for better privacy. I'm ok with this.
Also, Signal's chats are fully encrypted but you can link devices and see them on all.

I'm ok with this

Just noting that not everyone will ne fine with such a decision

Also, Signal's chats are fully encrypted but you can link devices and see them on all.

Sure, this is a architectural design flaw by telegram. I guess it can't be fixed only on the client sides (fix = make it work like in Signal, workaround = initial proposal of this issue)

I can recommend taking a look at matrix/[element](https://f-droid.org/en/packages/im.vector.app/, it has E2EE chats by default by now as well as retaining seamless multi-device support.

There's also a very well functioning Telegram bridge here that allows you to continue to talk to telegram contacts. Albeit non-e2ee chats only for now, mostly because telegram e2ee is quite limiting.

As I do not expect telegram to react on this on the server side, maybe also since with a thorough E2E encryption it will be more difficult to listen in, I try again to have this solved by the client only:

One could ask the user on during the first start if he/she would like to use encrypted chats as the default. Of course, there must be an option how to easily switch this behavior if someone experiences problems.

Best regards,

Henning

Was this page helpful?
0 / 5 - 0 ratings