GPG encrypted backups on telegram
Project description
PGPgram
PGPgram is a GPG encrypted backup/restore tool written in python
using TDLib. It locally encrypts your files with GnuPG, before they get sent to telegram cloud.
Since version 0.2 it also backups youtube videos, playlist and whole channels.
Version 0.4 packages a pre-built windows binary.
Motivation
I've come to hate telegram. At the beginning, they were like "we're gonna open source everything after some time, we care about privacy", then
-
they've never released the source of the server (over 5 years have passed),
-
they didn't improve secret chats algorithm so that it could be the default way of sending messages without lacking features (going instead with a curious, to say the least) apology of unecrypted remote storage, despite aknowledging the existence of credential recovery schemes secure at least as their authentication;
-
they didn't ported secret chats to desktop;
-
they competed unfairly in respect to other opensource IM projects, locking in users with over the top short to last features made possible by their huge dollar backing (Durov), like not specified storage quota size (heck, what do you think you are, Gmail in 2004?).
-
their positions is not so much clear; regarding copyright infringements they put theirselves in a gray area; having strong opinions on the matter I am concerned that there exist loopholes in their statements.
So now telegram boasts itself as a privacy champion in the instant messaging space, although previous points tell us quite the opposite. Also, their press material is always very careful with words, so that their statements can easily lead uninformed users to think that their service is secure: they don't mention that's as true as when you say that Skype is secure, not as when you say that GNUpg is secure and you should know why.
So why did I write PGPgram?
I wrote it as proof-of-concept to show that it could be easy to have (whatever) encryption implemented by default on telegram. Not that counts anyway, because telegram API terms of services indirectly prohibit use of encryption over its servers:
it is forbidden to force users of other telegram clients to download your app to view CERTAIN messages and content sent using your app,
which is indeed what an encrypted by default version of telegram would do, even by keeping retrocompatibility.
It should be noted notice that PGPgram does not violate that rule, since the contents it produce are not meant to be shared with other telegram users.
At the time of writing it would be just a matter of time to convert PGPgram to a full fledged telegram client, using other encryption schemes that preserve message sharing among devices, forward secrecy or secret group chats and bots.
Installation
PGPgram is available through the Python Package Index (PyPI). Pip is pre-installed if python >= 3.4
has been downloaded from python.org; if you're using a GNU/Linux distribution, you can find how to install it on this page.
After setting up pip, you can install PGPgram by simply typing in your terminal
# pip3 install pgpgram
Archlinux
The packages pgpgram
and pgpgram-git
have been published on AUR.
MinGW (Windows)
The package pgpgram
has been published on MinGW AUR.
Usage
PGPgram install a command line utility with the same name, pgpgram
, that can be used to backup
, restore
, and list
files. You can invoke command line help with pgpgram --help
and get command options with
pgpgram <command> --help
The application requires split
, cat
, dd
, sha256sum
and gpg
to be present on your system, so maybe macOS users will need to make some aliases. At the moment file deletion is not handled because I reached time limit for unpaid development.
Backing up the backup
To backup your encrypted file list just put a copy of files.db
(located in ~/.config/pgpgram
) somewhere safe. If you need to import files from an existing PGPgram installation to another, you can use the import
command over files.db
.
About
This program is licensed under GNU Affero General Public License v3 or later by Pellegrino Prevete.
TDLib is licensed under the terms of the Boost Software License.
If you find this program useful, consider offering me a beer, a new computer or a part time remote job to help me pay the bills.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file PGPgram-0.4.tar.gz
.
File metadata
- Download URL: PGPgram-0.4.tar.gz
- Upload date:
- Size: 7.2 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.7.2 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d7115c38ab1f582906cef1bf41407dce474f59fab1e7b9f92ea66967e6100232 |
|
MD5 | bb5afcf6d1478dd8a16e5251206eab06 |
|
BLAKE2b-256 | c9e654f011eb68e42e262c621b56b913c7ca4feb47eb7cfba883ddd6af2bdbca |
File details
Details for the file PGPgram-0.4-py3-none-any.whl
.
File metadata
- Download URL: PGPgram-0.4-py3-none-any.whl
- Upload date:
- Size: 7.2 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.7.2 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1667b793209674d2c54287e7338f04f5092cbc76ccf40252164d171e271cf449 |
|
MD5 | 9bd001bdbcb9e957836064d11a7e7937 |
|
BLAKE2b-256 | 119a825eb03b0e498a99fac73172e6ba4f12f1925e8981717d49c55b87af50cd |