Forwarded from @adurovleaks
⛔️ Swiftgram’s possible tracking
One of Swiftgram’s (unofficial Telegram client) feature is to show users’ registration date.
But when it sends request to fetch this registration date, it also includes current user’s payload (identifier of Telegram account) and device’s unique ID in request (and the last one passes only in this request!)
1. With first parameter (user’s payload) they can track which profiles did you open.
2. With second parameter (device’s unique ID) they can track all of current user’s accounts and link them.
UPD: Swiftgram's official response — link
Anyway, be careful using unofficial Telegram clients and configure them correctly.
One of Swiftgram’s (unofficial Telegram client) feature is to show users’ registration date.
But when it sends request to fetch this registration date, it also includes current user’s payload (identifier of Telegram account) and device’s unique ID in request (and the last one passes only in this request!)
1. With first parameter (user’s payload) they can track which profiles did you open.
2. With second parameter (device’s unique ID) they can track all of current user’s accounts and link them.
UPD: Swiftgram's official response — link
Anyway, be careful using unofficial Telegram clients and configure them correctly.
Forwarded from Swiftgram
@adurovleaks
⛔️ Swiftgram’s possible tracking One of Swiftgram’s (unofficial Telegram client) feature is to show users’ registration date. But when it sends request to fetch this registration date, it also includes current user’s payload (identifier of Telegram account)…
Swiftgram uses official Apple DeviceCheck tokens to ensure requests are coming from the Swiftgram app and not abused by other devs like Nekogram did. Swiftgram generates new token on each request. Since tokens are single-use and ephemeral, Apple makes it impossible to fingerprint devices by design.
App will cache registration date data. In the mean time it's 12 hours. So no requests will be made in the next 12 hours for the profiles you've already seen.
The same DeviceCheck token is used in another request - validating purchases of Swiftgram Pro.
Any server will know the IP of your device and can potentially match requests by the IP address - this is how internet works. So there's no need to go through hoops of user payload, device tokens, etc to create another ⚡️exclusive reveal post.
I admit it might be redundant to pass the payload for this request, but that's some basic authorization - an additional API protection measure, so I see no harm there. It was working in a similar way since I've first introduced it in Nicegram in 2019.
Swiftgram server does not store IP addresses, Registration Date requests and does not link any users or devices together. That's an enormous amount of data for ~400k MAU app with no value at all.
If you're paranoid, you can simply disable Registration Date and no requests will be made.
If you're paranoid enough, you can build the app yourself from source code (which you didn't even bother to check) and modify it the way you feel safer.
App will cache registration date data. In the mean time it's 12 hours. So no requests will be made in the next 12 hours for the profiles you've already seen.
The same DeviceCheck token is used in another request - validating purchases of Swiftgram Pro.
Any server will know the IP of your device and can potentially match requests by the IP address - this is how internet works. So there's no need to go through hoops of user payload, device tokens, etc to create another ⚡️exclusive reveal post.
I admit it might be redundant to pass the payload for this request, but that's some basic authorization - an additional API protection measure, so I see no harm there. It was working in a similar way since I've first introduced it in Nicegram in 2019.
Swiftgram server does not store IP addresses, Registration Date requests and does not link any users or devices together. That's an enormous amount of data for ~400k MAU app with no value at all.
If you're paranoid, you can simply disable Registration Date and no requests will be made.
If you're paranoid enough, you can build the app yourself from source code (which you didn't even bother to check) and modify it the way you feel safer.
Forwarded from Durov's Code
Anonymous Telegram numbers are now priced at a minimum of $1,788 — the highest they’ve ever been.
@durovs_code
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from 小白猫
注意 Telegram 炸号事件!Telegram 最近出現了可以炸號的網址/連結🔗請各位小心
一、删号网址:嵌入在文字当中:
二、为什么 "转发" 会被封号:
引用:Alex John | 青空朔雪 | 𝐙𝐆𝐐 ɪɴᴄ. | 𝐙𝐆𝐐 ɪɴᴄ 2
技术原理解析:
一、删号网址:嵌入在文字当中:
点击钓鱼链接后:其账户的注销时间改为0,即账号被立即注销是"注销"而不是封禁,没法恢复(即使给官方写信)
推测是利用Telegram的:
account.deleteAccount 注销帐号的API
accountDaysTTL 帐户0天删除
备注:对于开启二次验证(2FA)的账号,如果链接里未带入 2FA 密码,Telegram 会延迟 7 天再执行;若密码正确,则即时注销。
二、为什么 "转发" 会被封号:
原因:"举报"
因为你在文字当中掺入"删号"连结,对方透过举报的方式。
在上图当中提到:
→ "参加比赛要给他转发"
→ "我只给他一个人私信转发了"
也就是说,这个外国人本身动机不纯。利用别人发的"删号"连结,来制裁对方。
举报触发机制:
Telegram允许用户举报涉嫌有害内容(如诈骗、骚扰或恶意链接)。如果链接中包含account.deleteAccount API举报者可以声称这是一种“有害行为”(例如,宣称它可能导致账户破坏)。平台会自动审查举报内容,Telegram的算法可能将此类行为误判为恶意活动,从而对涉事账户或群聊进行封禁。
引用:Alex John | 青空朔雪 | 𝐙𝐆𝐐 ɪɴᴄ. | 𝐙𝐆𝐐 ɪɴᴄ 2
Forwarded from Telegram Alpha
Telegram
Extra-Secure Group Calls, Automated Accounts, and More
Today’s update introduces extra-secure, easy-to-use group calls. We’re also rolling out a major upgrade that enables full automation for Telegram Business accounts, new options for gift users, a simpler way to appeal account restrictions — and more.
Forwarded from Durov's Code
Pavel Durov celebrated Telegram reaching 1 billion users with a record-breaking drone show in Dubai, featuring 1,600 drones lighting up the sky with Telegram and TON visuals.
The show — organized by Notcoin and Dogs — set a Guinness World Record for the largest flying dog bone made of drones.
Thank you to everyone who was part of it. We did it together, frens, — said the team at Notcoin.
@durovs_code
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Laoself 🦠
Telegram Designers
The Task:
Create a video that highlights the innovation leadership of Telegram over WhatsApp by showcasing how Telegram introduced key features years before WhatsApp copied or adopted them.
向WhatsApp,宣戰!
#Telegram 宣布了短影音比賽,獎金最高5萬美元(
#Telegram 宣布了短影音比賽,獎金最高5萬美元(
Forwarded from @durovleaks 🇮🇳
A user from the @GabChannel noticed that each dislike adds exactly 2 likes.
He also confirmed this pattern using the MTProto API (via userbot).
He also confirmed this pattern using the MTProto API (via userbot).
Forwarded from Telegram Info English (Sominemo)
Outages in many Telegram services
Our subscribers report that Telegram's data center in Europe (DC2) has been experiencing interruptions since 20:15 UTC.
Symptoms: groups and channels are slow to open, messages and pictures are not being sent in large chats.
#outages
Our subscribers report that Telegram's data center in Europe (DC2) has been experiencing interruptions since 20:15 UTC.
Symptoms: groups and channels are slow to open, messages and pictures are not being sent in large chats.
#outages
Forwarded from ㄥ卂Ҡㄚッ - 馬泰奧
Telegram Info English
Outages in many Telegram services Our subscribers report that Telegram's data center in Europe (DC2) has been experiencing interruptions since 20:15 UTC. Symptoms: groups and channels are slow to open, messages and pictures are not being sent in large chats.…
WhatsApp attacking Telegram after Durov post /jk
tg生态观察 ٭✡️⚝✹✸✶✷✴️✧⊛🔯❂⍣≛✨🇻🇳
https://t.me/AnotherGroup/381449
Telegram
@adurovleaks
A few people examined the behavior of reactions on this post: https://t.me/designers/242. And there’s some very strange behavior, which was confirmed during a observation by a certain group of users.
Let’s start with the timeline of what magical things happened…
Let’s start with the timeline of what magical things happened…
Forwarded from 每日消费电子观察 (horo)
中国下一代监控工具借助人工智能瞄准 Telegram 和 VPN 用户
https://www.scmp.com/news/china/politics/article/3310749/chinas-next-gen-surveillance-tools-get-ai-boost-target-telegram-and-vpn-users
公安部第三研究所展示了一款据称可以监控Telegram的工具。Telegram是一款广泛使用的即时通讯应用,以其隐私性和安全性而闻名。该工具表示,该工具可以监控使用中国手机号码注册的Telegram账户,而这些账户有严格的实名要求。
据该机构称,迄今为止,该工具已收集了超过 300 亿条消息,并监控了 7000 万个 Telegram 账户以及 390,000 个公共频道和群组。
https://www.scmp.com/news/china/politics/article/3310749/chinas-next-gen-surveillance-tools-get-ai-boost-target-telegram-and-vpn-users
South China Morning Post
China’s next-gen surveillance tools get AI boost to target Telegram or VPN users
Annual policing tech expo offers glimpse of law enforcement future as Beijing ramps up domestic security drive amid ‘lone wolf’ attacks.