Notices where this attachment appears
-
Telegram, the honeypot.
Telegram is probably one of the most effective government-corporate honeypots I've seen in the last decade because both free software enjoyers and security nuts believe to some extent it's secure and or free, when it's not.
I've even seen people on Trisquel forums believing that Telegram clients are free software because they go to a Github repo, check the license and see it says "GPL 3.0".
I'll explain why this is false and why the license is void, and this should be more proof that Telegram is not only proprietary but deliberately deceptive and why I define it as a honeypot because of such.
Okay, let's assume you're enough software literate that you understand how software is made, and you're a free software enjoyer. So what you do? You decide to compile the client yourself because the repositories on whatever GNU distribution you're using do not have it (and you'll find out why right now).
Let's check the Telegram docs to do this:
Building Telegram client for GNU desktop (only on documented for Docker, lmao):
https://github.com/telegramdesktop/tdesktop/blob/dev/docs/building-linux.md
> Obtain your API credentials
> You will require api_id and api_hash to access the Telegram API servers.
Hold on, what does that mean? Let's read further:
https://github.com/telegramdesktop/tdesktop/blob/dev/docs/api_credentials.md
> To build your version of Telegram Desktop you're required to provide your own api_id and api_hash for the Telegram API access.
Okay, so to get a functional client I need to request these keys... This on itself should be enough suspicious, but let's expose it further and what requirements they impose to get these granted:
https://core.telegram.org/api/obtaining_api_id#obtaining-api-id
> In order to obtain an API id and develop your own application using the Telegram API you need to do the following:
> Sign up for Telegram using any application.
> Log in to your Telegram core: https://my.telegram.org.
> Go to "API development tools" and fill out the form.
> You will get basic addresses as well as the api_id and api_hash parameters required for user authorization.
> For the moment each number can only have one api_id connected to it.
Okay, so in order to get a functional client, you need a pre-compiled client provided by them or an authorized dev, get an account, fill a form and wait for them to review it and decide whether you're worthy of this privilege or not. On top of that, these API credentials can be revoked at any time after compiling clients, so any client that has these credentials will get bricked if they decide to revoke permission.
This, arguably, breaks freedom 0, the freedom to use the software for any purpose (and the sole purpose of this software is to connect to Telegram servers to communicate), and it could even be very much considered a form of digital handcuffs (DRM) which the GPL forbids implementing (unless you can trivially break it, which is not the case given the server is the authority and enforcer here).
Therefore, since freedom 0 is abused, the license is void and this codebase can't be legally protected by GPL, making these clients proprietary.
This is why I think Telegram shouldn't be distributed by F-Droid, the only reason they consider Telegram free is because they got these API keys granted and they're gripping tight on technical definitions to distribute it. But this is blatantly dishonest and not described on their disclaimer warnings, they say the software has anti-features, but not that you can't even get a functional build compiled if you do it yourself.
Stay away from Telegram, and stick to XMPP or email+GPG.