• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    1 year ago

    Telegram has open source their client code. Not their server code. It’s even on f Droid.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      edit-2
      1 year ago

      But it’s starting to get worse. Now they won’t send you an SMS code for registration unless you are using official build of the app. Even chat app under libre licence must connect with something…

      • atkdef@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        This actually is not a bad thing. If an unofficial client MITM the whole registration process, it’s much harder for the true account owner to prove that he/she is the legit one.

        Also, it doesn’t really require a client to register; Telegram can be accessed from a browser.

        • smileyhead@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          If unofficial app can MITM registration, it can the same way MITM login later.

          doesn’t require a client A side note, JavaScript app in the browser is as much an app as Java/Kotlin on Android. But I know websites and web-based applications are now so mixed together it sometimes can confuse me too.

          And browser version of Telegram does not allow registering new accounts also.

          • atkdef@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Compared to login, MITM on registration means the culprit knows the IP address and the time of the registration, which is usually significant on claiming the account back.

            I don’t have a spare number to test, but I’m pretty sure entering a phone number in the web sends a SMS code. Do you have concrete evidence that it really doesn’t work?

      • EngineerGaming@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        One of the most egregious thing they’ve done imo is this:

        If their app allows its users to access content from Telegram channels, third-party developers using the Telegram API are required to support and properly display official sponsored messages in their apps by January 1, 2022

        As well as not allowing registration from desktop.

      • Clot@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        it costs them too much to send code as sms, also some client abuse that in some way, it also may help them to increase the download count of their official app which is not bad imo.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I might be misunderstanding you, but I believe telegram requires SMS verification for all accounts, regardless of client.

    • cyberpunk007@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Thank you. Installed fork client and now that stupid story crap is gone and there’s new stuff I can do to fine tune things.