Conversation

Notices

1. Embed this notice
   𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙 (sally@freesoftwareextremist.com)'s status on Monday, 26-Aug-2024 04:02:01 JST 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙
   Telegram, the honeypot.
   
   Telegram is probably one of the most effective government-corporate honeypots I've seen in the last decade because both free software enjoyers and security nuts believe to some extent it's secure and or free, when it's not.
   
   
   I've even seen people on Trisquel forums believing that Telegram clients are free software because they go to a Github repo, check the license and see it says "GPL 3.0".
   
   I'll explain why this is false and why the license is void, and this should be more proof that Telegram is not only proprietary but deliberately deceptive and why I define it as a honeypot because of such.
   
   
   Okay, let's assume you're enough software literate that you understand how software is made, and you're a free software enjoyer. So what you do? You decide to compile the client yourself because the repositories on whatever GNU distribution you're using do not have it (and you'll find out why right now).
   
   Let's check the Telegram docs to do this:
   
   Building Telegram client for GNU desktop (only on documented for Docker, lmao):
   
   https://github.com/telegramdesktop/tdesktop/blob/dev/docs/building-linux.md
   
   > Obtain your API credentials
   > You will require api_id and api_hash to access the Telegram API servers.
   
   Hold on, what does that mean? Let's read further:
   
   https://github.com/telegramdesktop/tdesktop/blob/dev/docs/api_credentials.md
   
   > To build your version of Telegram Desktop you're required to provide your own api_id and api_hash for the Telegram API access.
   
   Okay, so to get a functional client I need to request these keys... This on itself should be enough suspicious, but let's expose it further and what requirements they impose to get these granted:
   
   https://core.telegram.org/api/obtaining_api_id#obtaining-api-id
   
   > In order to obtain an API id and develop your own application using the Telegram API you need to do the following:
   
   > Sign up for Telegram using any application.
   > Log in to your Telegram core: https://my.telegram.org.
   > Go to "API development tools" and fill out the form.
   > You will get basic addresses as well as the api_id and api_hash parameters required for user authorization.
   > For the moment each number can only have one api_id connected to it.
   
   
   Okay, so in order to get a functional client, you need a pre-compiled client provided by them or an authorized dev, get an account, fill a form and wait for them to review it and decide whether you're worthy of this privilege or not. On top of that, these API credentials can be revoked at any time after compiling clients, so any client that has these credentials will get bricked if they decide to revoke permission.
   
   This, arguably, breaks freedom 0, the freedom to use the software for any purpose (and the sole purpose of this software is to connect to Telegram servers to communicate), and it could even be very much considered a form of digital handcuffs (DRM) which the GPL forbids implementing (unless you can trivially break it, which is not the case given the server is the authority and enforcer here).
   
   Therefore, since freedom 0 is abused, the license is void and this codebase can't be legally protected by GPL, making these clients proprietary.
   
   
   This is why I think Telegram shouldn't be distributed by F-Droid, the only reason they consider Telegram free is because they got these API keys granted and they're gripping tight on technical definitions to distribute it. But this is blatantly dishonest and not described on their disclaimer warnings, they say the software has anti-features, but not that you can't even get a functional build compiled if you do it yourself.
   
   
   
   Stay away from Telegram, and stick to XMPP or email+GPG.
   • meso and Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 like this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 03-Dec-2024 20:07:18 JST 翠星石

     in reply to

     • Ren Tatsumoto :gnujihad:
     @tatsumoto @sally >Richard Stallman doesn't oppose the term
     He does in fact oppose the term - he mentions that the term to use to be neutral between open sores and freedom is "FLOSS", but he stands for freedom, not "FLOSS"; https://www.gnu.org/philosophy/floss-and-foss.en.html
     
     >If a program is free/libre, it is also considered FOSS.
     "FOSS" is commonly misunderstood to mean gratis, source available software, which most free software does qualify for (although free software at a price would not).
     
     >The client is definitely free, not proprietary.
     If I remember correctly, the source code release of new versions of the client has been known to take months to be published and as a result, such client is proprietary until the source code is released.
     
     >It grants you the 4 essential freedoms.
     You can't use it without a server and the server code is unpublished, this in the telegram cr...app form, you don't have the 4 freedoms.
     
     Although it does grant you the ability to get the 4 freedoms by implementing your own server and modifying the client to work with the server, which has been done.
     
     >You're trying to invent an interpretation of the GPL
     It appears that the way API keys are handled may possibly not comply with the installation information requirement of the GPLv3;
     "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
     
     The API key maintainers can decide to arbitrarily make the software stop executing usefully if a modification they do not like has been done (the GPLv3 does grant permission to revoke API keys if a malicious modification have been made; "Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network." but otherwise doing so isn't allowed).
     
     >XMPP is just a worse version of Matrix.
     Matrix is hot garbage (all clients and servers are bloated and broken), while you can just install one of the many non-bloated free XMPP clients and access XMPP.
     
     >You're at the mercy of whoever hosts your server.
     You can host your own XMPP server without killing your server unlike hosting a Matrix server.
   • Embed this notice
     Ren Tatsumoto :gnujihad: (tatsumoto@freesoftwareextremist.com)'s status on Tuesday, 03-Dec-2024 20:07:19 JST Ren Tatsumoto :gnujihad:

     in reply to

     @sally

     Because they can revoke they keys at any given time by any reason later on anyway.

     That's fine. When you generate the keys, you understand that they might be revoked at some point.

     "FOSS" is a corporate psyop to harm computer freedom and it shows it's effective given it convinced you it's the same as free software

     Richard Stallman doesn't oppose the term, so I'm okay with saying FOSS or FLOSS. If a program is free/libre, it is also considered FOSS. There are differences, but they relate to the goals stated by those who prefer each term.

     Tekegram effortlessly convinced you they're not bad actors.

     They didn't convince me of anything. When I choose to use it, I am aware of the risks involved. And I don't recommend that people use it if they want privacy. I mentioned before that I moved my conversations to SimpleX.

     Whoever maintains a proprietary fork doesn't matter as the client itself is still being proprietary.

     The client is definitely free, not proprietary. It grants you the 4 essential freedoms. Yes, if the API keys are revoked, the program becomes useless, but it doesn't change its status as free software. For example, the NewPipe Android app has broken many times in the past because Google changed how videos are retrieved. But when it broke, it didn't suddenly become nonfree, it just became useless.

     And every single one of them is just as proprietary.

     They are free. A free program can talk to nonfree network services. For example, many people use git, a free program, to download or upload files to nonfree services like GitHub.

     It is a problem as Telegram implements a form of DRM into it, which goes against freedom 0

     You're trying to invent an interpretation of the GPL that doesn't make much sense. Essentially, what you're saying is that any program accessing any network resource via API is nonfree unless said network resource is also free. Since the client and server are different entities, I don't think this assumption is correct.

     which is XMPP

     XMPP is just a worse version of Matrix. You're at the mercy of whoever hosts your server. I don't want to depend on someone else. I've already experienced being banned from a Matrix server because the admin didn't like something about me. I want a platform that doesn't even allow the possibility of removing a user's account or tampering with their messages. Currently, I use SimpleX. I also tried Session, but didn't like that it doesn't support large group chats.

   • Embed this notice
     𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙 (sally@freesoftwareextremist.com)'s status on Tuesday, 03-Dec-2024 20:07:20 JST 𝅙𝅙𝅙𝅙𝅙𝅙𝅙𝅙

     in reply to

     • Ren Tatsumoto :gnujihad:
     @tatsumoto
     
     > You don't have to wait for approval.
     
     Because they can revoke they keys at any given time by any reason later on anyway.
     
     > The FOSS version on F-Droid is maintained by people unrelated to the official app as far as I understand.
     
     
     Cringe and proprietary-pilled language, "FOSS" is a corporate psyop to harm computer freedom and it shows it's effective given it convinced you it's the same as free software, just like Tekegram effortlessly convinced you they're not bad actors. Whoever maintains a proprietary fork doesn't matter as the client itself is still being proprietary.
     
     > There are other forks of telegram on F-Droid as well.
     
     And every single one of them is just as proprietary.
     
     > Using the API is really easy, it's not a problem.
     
     It is a problem as Telegram implements a form of DRM into it, which goes against freedom 0, and therefore GPL is void.
     
     
     You had every single chance to host your community on a platform that respects user's freedom, is decentralized, fully anonymous and doesn't have the technical issues that Matrix has, which is XMPP, you went for a proprietary one that is not only that but also deceptive, has absolute zero end to end encryption and requires a phone number at all to create account (which you can't using any of the "unofficial" clients, by the way).
     
     
     Keep larping.
   • Embed this notice
     Ren Tatsumoto :gnujihad: (tatsumoto@freesoftwareextremist.com)'s status on Tuesday, 03-Dec-2024 20:07:21 JST Ren Tatsumoto :gnujihad:

     in reply to

     I've been using pyrogram for a long time to automate stuff on Telegram. It also requires API keys to work. You basically just go the the official website, click a few buttons and it gives you the keys. You don't have to wait for approval.

     The FOSS version on F-Droid is maintained by people unrelated to the official app as far as I understand. They got their own keys. There are other forks of telegram on F-Droid as well.

     Using the API is really easy, it's not a problem. Though I agree that telegram is shit for other reasons.