Forwarded from 2.5次元日常
Forwarded from 2.5次元日常
省流 (补充版)
① TG员工没几个, 全靠自动审核
② 群成员发送的违规内容会被临时封停, 再通知管理员解决问题
③ 如果频道/群组管理员发送违规内容, 那么频道会被封禁, (而且应该会连坐群主?)
④ 敏感内容可以考虑带加密的压缩包以规避哈希匹配
⑤ 除了极端主义和儿童虐待 其他的举报选项应该没啥用
图1 Telegram 成员构成
图2 对端到端采用腾讯同款方式 (碰上伪造你不就炸了)
图3 群组封禁准则
建议:
① NSFW 频道/群组与主频分开 (最好不接受NSFW)
包括Owner和管理员尽量全部分开避免连坐
Bot最好单独开个号放 (可能会连坐Bot Owner)
② 群成员使用人工审核成分
③ 及时备份数据
发NSFW会炸吗 包炸的
① TG员工没几个, 全靠自动审核
② 群成员发送的违规内容会被临时封停, 再通知管理员解决问题
③ 如果频道/群组管理员发送违规内容, 那么频道会被封禁, (而且应该会连坐群主?)
参考 美图与沙雕
④ 敏感内容可以考虑带加密的压缩包以规避哈希匹配
⑤ 除了极端主义和儿童虐待 其他的举报选项应该没啥用
图1 Telegram 成员构成
图2 对端到端采用腾讯同款方式 (碰上伪造你不就炸了)
图3 群组封禁准则
建议:
① NSFW 频道/群组与主频分开 (最好不接受NSFW)
包括Owner和管理员尽量全部分开避免连坐
Bot最好单独开个号放 (可能会连坐Bot Owner)
② 群成员使用人工审核成分
③ 及时备份数据
发NSFW会炸吗 包炸的
Forwarded from @adurovleaks
⛔️ Swiftgram’s possible tracking
One of Swiftgram’s (unofficial Telegram client) feature is to show users’ registration date.
But when it sends request to fetch this registration date, it also includes current user’s payload (identifier of Telegram account) and device’s unique ID in request (and the last one passes only in this request!)
1. With first parameter (user’s payload) they can track which profiles did you open.
2. With second parameter (device’s unique ID) they can track all of current user’s accounts and link them.
UPD: Swiftgram's official response — link
Anyway, be careful using unofficial Telegram clients and configure them correctly.
One of Swiftgram’s (unofficial Telegram client) feature is to show users’ registration date.
But when it sends request to fetch this registration date, it also includes current user’s payload (identifier of Telegram account) and device’s unique ID in request (and the last one passes only in this request!)
1. With first parameter (user’s payload) they can track which profiles did you open.
2. With second parameter (device’s unique ID) they can track all of current user’s accounts and link them.
UPD: Swiftgram's official response — link
Anyway, be careful using unofficial Telegram clients and configure them correctly.
Forwarded from Swiftgram
@adurovleaks
⛔️ Swiftgram’s possible tracking One of Swiftgram’s (unofficial Telegram client) feature is to show users’ registration date. But when it sends request to fetch this registration date, it also includes current user’s payload (identifier of Telegram account)…
Swiftgram uses official Apple DeviceCheck tokens to ensure requests are coming from the Swiftgram app and not abused by other devs like Nekogram did. Swiftgram generates new token on each request. Since tokens are single-use and ephemeral, Apple makes it impossible to fingerprint devices by design.
App will cache registration date data. In the mean time it's 12 hours. So no requests will be made in the next 12 hours for the profiles you've already seen.
The same DeviceCheck token is used in another request - validating purchases of Swiftgram Pro.
Any server will know the IP of your device and can potentially match requests by the IP address - this is how internet works. So there's no need to go through hoops of user payload, device tokens, etc to create another ⚡️exclusive reveal post.
I admit it might be redundant to pass the payload for this request, but that's some basic authorization - an additional API protection measure, so I see no harm there. It was working in a similar way since I've first introduced it in Nicegram in 2019.
Swiftgram server does not store IP addresses, Registration Date requests and does not link any users or devices together. That's an enormous amount of data for ~400k MAU app with no value at all.
If you're paranoid, you can simply disable Registration Date and no requests will be made.
If you're paranoid enough, you can build the app yourself from source code (which you didn't even bother to check) and modify it the way you feel safer.
App will cache registration date data. In the mean time it's 12 hours. So no requests will be made in the next 12 hours for the profiles you've already seen.
The same DeviceCheck token is used in another request - validating purchases of Swiftgram Pro.
Any server will know the IP of your device and can potentially match requests by the IP address - this is how internet works. So there's no need to go through hoops of user payload, device tokens, etc to create another ⚡️exclusive reveal post.
I admit it might be redundant to pass the payload for this request, but that's some basic authorization - an additional API protection measure, so I see no harm there. It was working in a similar way since I've first introduced it in Nicegram in 2019.
Swiftgram server does not store IP addresses, Registration Date requests and does not link any users or devices together. That's an enormous amount of data for ~400k MAU app with no value at all.
If you're paranoid, you can simply disable Registration Date and no requests will be made.
If you're paranoid enough, you can build the app yourself from source code (which you didn't even bother to check) and modify it the way you feel safer.
Forwarded from Durov's Code
Anonymous Telegram numbers are now priced at a minimum of $1,788 — the highest they’ve ever been.
@durovs_code
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from 小白猫
注意 Telegram 炸号事件!Telegram 最近出現了可以炸號的網址/連結🔗請各位小心
一、删号网址:嵌入在文字当中:
二、为什么 "转发" 会被封号:
引用:Alex John | 青空朔雪 | 𝐙𝐆𝐐 ɪɴᴄ. | 𝐙𝐆𝐐 ɪɴᴄ 2
技术原理解析:
一、删号网址:嵌入在文字当中:
点击钓鱼链接后:其账户的注销时间改为0,即账号被立即注销是"注销"而不是封禁,没法恢复(即使给官方写信)
推测是利用Telegram的:
account.deleteAccount 注销帐号的API
accountDaysTTL 帐户0天删除
备注:对于开启二次验证(2FA)的账号,如果链接里未带入 2FA 密码,Telegram 会延迟 7 天再执行;若密码正确,则即时注销。
二、为什么 "转发" 会被封号:
原因:"举报"
因为你在文字当中掺入"删号"连结,对方透过举报的方式。
在上图当中提到:
→ "参加比赛要给他转发"
→ "我只给他一个人私信转发了"
也就是说,这个外国人本身动机不纯。利用别人发的"删号"连结,来制裁对方。
举报触发机制:
Telegram允许用户举报涉嫌有害内容(如诈骗、骚扰或恶意链接)。如果链接中包含account.deleteAccount API举报者可以声称这是一种“有害行为”(例如,宣称它可能导致账户破坏)。平台会自动审查举报内容,Telegram的算法可能将此类行为误判为恶意活动,从而对涉事账户或群聊进行封禁。
引用:Alex John | 青空朔雪 | 𝐙𝐆𝐐 ɪɴᴄ. | 𝐙𝐆𝐐 ɪɴᴄ 2
Forwarded from Telegram Alpha
Telegram
Extra-Secure Group Calls, Automated Accounts, and More
Today’s update introduces extra-secure, easy-to-use group calls. We’re also rolling out a major upgrade that enables full automation for Telegram Business accounts, new options for gift users, a simpler way to appeal account restrictions — and more.
Forwarded from Durov's Code
Pavel Durov celebrated Telegram reaching 1 billion users with a record-breaking drone show in Dubai, featuring 1,600 drones lighting up the sky with Telegram and TON visuals.
The show — organized by Notcoin and Dogs — set a Guinness World Record for the largest flying dog bone made of drones.
Thank you to everyone who was part of it. We did it together, frens, — said the team at Notcoin.
@durovs_code
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Laoself
Telegram Designers
The Task:
Create a video that highlights the innovation leadership of Telegram over WhatsApp by showcasing how Telegram introduced key features years before WhatsApp copied or adopted them.
向WhatsApp,宣戰!
#Telegram 宣布了短影音比賽,獎金最高5萬美元(
#Telegram 宣布了短影音比賽,獎金最高5萬美元(
Forwarded from @durovleaks 🇮🇳
A user from the @GabChannel noticed that each dislike adds exactly 2 likes.
He also confirmed this pattern using the MTProto API (via userbot).
He also confirmed this pattern using the MTProto API (via userbot).