**
Oh and this is yet another kick in the face to people with accessibility issues.
**
As an aside, once AR is mainstream I expect that apps will only display encrypted text and some pair of smart glasses will be able to be configured to decrypt and display the play text all on the client (glasses) such that such issues are removed.
1. Hey Siri, turn Voice Over on.
2. Tap the message once, making Voice Over speak its contents.
3. Tap the screen four times with three fingers. When Voice Over is on, this gesture copies the last spoken phrase to the clipboard.
4. Hey Siri, Turn Voice Over off.
There's no way to block this without breaking accessibility. You could split a message up into multiple items, which partially solves your problem, but the more items you have, the more annoyed actual Voice Over users become.
A similar (although more involved) attack could be used to extract Kindle books. There's no way for Amazon to prevent this, one of the primary screen readers for Windows uses GPL without a CLA, so a proprietary accessibility API is out of the question.
Correct, however they can randomize certain words in your copy to watermark it and trace it back to you if it ever finds its way to the public internet.
Then sooner or later someone will break accessibility just to prevent this. And everyone will follow.
Building walls in physical world is also very stupid. It does not prevent people of using ladders hehe.
Sorry about the joke. They want to create more friction so users can avoid people from 'easily' taking screenshots.
With messaging inherently you are trying to share with others. If you’re sharing why stop saving?
[1] https://developer.android.com/reference/android/view/WindowM... [2] https://stackoverflow.com/a/30618030
In fact, iOS does not provide any tools to prevent screenshotting, on the contrary, this feature requires some nasty hacks to pull off.
One of them is actually even patented and it requires rendering whatever you want to protect (text, image, etc) into a one frame DRM protected video and rendering that instead.
When I used feature "screen cast" and tried to cast Firefoxs private tab, I just got black screen.
Or, more power for technical people to hold over those less able.
And again, this doesn’t prevent redistribution.
Or make you forget instantly!
^1 Actual viewing of the movie not included, use of IP during social events requires a premium license, disparaging comments are subject to filtering and may result in license termination, Disney is not responsible for any long term damage to your brain, ... .
https://www.youtube.com/watch?v=IFe9wiDfb0E
"Welcome to Life"
Good move Telegram. This is how you ruin your otherwise-great platform.
This seems like a fine change, people on HN just like to be angry.
I simply do not understand why people are even thinking of moving to another closed platform like Discord. We already have an alternative and I think it's time to embrace it: Matrix
Comparing Matrix to polished apps like telegram or discord is... misplaced to say the least.
Is this effectively true for media? Key concept is democratizing DRM. You as a digital person having digital rights and letting you manage them.
Consider Netflix on iOS devices. Now consider if OnlyFans creators could have the same effective guarantees. Might they not adopt Telegram in droves?
iOS doesn't have the same system as Android that fully blocks screenshots within the app, but they can obscure part of the screen when taking a screenshot.
They already ruined it with ads
Edit: granted, not only old websites do this. Instagram lays a full width/height transparent div atop the picture to prevent right-click copying of the image.
We have free software everywhere except phones. I wonder why organizations such as GNU aren't working on free software clients for these popular services like WhatsApp and Telegram. The potential for a positive impact is enormous.
This - it didn't use to be true because most computer users were literate enough to bypass simple restrictions, and if a platform was restricted, others were available.
With the latest changes in Windows, Android, and demographics, now a vast majority of users cannot easily bypass restrictions; the war on general computing has been won. Yes, a small number of highly skilled people can easily dump binary data through hacked devices, but in the grand scheme of economics, that doesn't matter.
Javascript hijacking right click is prevented by shift-right click in Firefox.
This introduced me to developer tools and the funny 3d view of html layers that Firefox had.
Just want to point out that it's not actually DRM. Just Telegram giving users the option to prevent message recipients from downloading content.
Applications definitely shouldn't get any say in which screenshots are allowed.
Life tip: never send nudes or any private information to anyone you don't completely trust, regardless of the privacy features the communication medium offers, as there's always an easy workaround.
My conclusion and I think everyone elses too at that project was that despite the fact that Microsofts offering (Azure Information Protection, but not the the Sharepoint part of it) was almost brilliant it only solves involuntary leaks:
- people forgetting to lock their machines,
- forgetting that something is internal
- etc
If someone wants to leak information they can always take a photo of it.
As someone who has had colleagues send screenshots of sensistive details, taking the effort to reply on BCC-ed mails and more and who has also managed to do a few things of my own I welcome this.
EDIT: Just to be clear given the title, I'm not pro DRM, and we can be pro or against auto-removable content, but I just love how they implement features that their users are asking for and the quality of their apps.
The UX is slicker and more comfortable to use than that of whatsapp (and miles ahead signal). With the latest update if I got it correctly, even E2E encrypted chats can be synced to all clients (? Needs to be verified)
I guess you mean the security model of non-E2E chats. Although you can read into it that they can do MITM, the details reveal that the actual keys/messages are shared into datacenters in multiple countries so no government alone can retrieve plaintext from at-rest storage. To me (especially compared to anything Facebook products) is already much better than nothing. If it's an issue for you, opt in for E2E chats and enjoy!
Sometimes I have to use whatsapp with some contacts and it feels like a huge step back after telegram, especially in UX.
> I guess you mean the security model of non-E2E chats. Although you can read into it that they can do MITM, the details reveal that the actual keys/messages are shared into datacenters in multiple countries so no government alone can retrieve plaintext from at-rest storage. To me (especially compared to anything Facebook products) is already much better than nothing. If it's an issue for you, opt in for E2E chats and enjoy!
It's unfortunately not that easy. For one, their promises of sharded keys is something we as users cannot verify, so we still just need to trust them here [0]. WhatsApp, on the other hand, at least attempts to have E2E. Secret chats are an option, but only the mobile clients support them [1] and you can't have them for groups at all. There's also some critique on mtproto, their roll-your-own encryption. I don't necessarily agree, but it's another strange point.
Like you I like the UX a lot and I have some trust in Durovs motivations, but the security model is questionable.
[0] They refuse to open source their servers, but I follow their argumentation in so far as that this would not help since we could not verify that the published source code is the one running on the servers.
[1] At least the official Linux desktop client and the web clients don't.
It's the reason why I avoid it. I talk to someone on the desktop client, yet my phone, work laptop and tablet will ring on every message.
I can't be assed to go and mute 3 other devices every time I decide to talk to someone.
In short, this limitation is rather pointless.
According to other comments in this thread, this just freezes when switching apps, and fails. I'm not too surprised, given that the feature (at least on Android) is meant as a security measure (i.e. most of the banking and 2FA apps use it to some extent).
But my personal favorite is that this is entirely, 100% client-side, and there's already a few handy ways to patch out the checks from the foss client.
- people might have a legal right to make copies
- it's opens up a lot of potential for abuse, as it's harder to safe proof of abuse.
- it gives people a false sense of security (e.g. when sexting)
Couldn't they instead e.g. display low resulution images for screenshots or similar?
That should be good enough for artists in my experience. (I mean there are artists which live draw the art on e.g. twitch they then sell, it works as the image quality you can easily extract is just not "good enough" for most potential buyers, and if we idk. throw AI sharpening tools at it then we could also throw tools at it which circumvent telegrams protections).
If we compare it to classical post that is like sneaking into someones else house and stealing the message you send.
I can understand why they do it.
But it, especially compared with the DRM change, makes abuse SOOO much easier.
I remember watching at least one movie where a character did this.
Not personal conversations! That's odd. You wrote the comment even without understanding what it could be used for
However, the chat is viewable in Telegram Web (K). Web K even offers to download the picture, which actually downloads the file.
Additionally, Telegram Desktop for Mac similarly allows screenshots as usual and isn't affected.
In the past I have seen some other apps implement screenshot prevention on iOS usinf something that "cloaks" the screen when the button combination is detected, and when the OS is about to background the app. This is the method Fido My Account (mobile carrier in Canada) uses (current version allows screenshots, but blocks the info from the app switcher).
The method Telegram is using appears to be rather seamless, as it does not show the screen going black or anything when the screenshot is taken. Stack Overflow seems to discuss two solutions, one using DRM video, and another using some password field hackery. https://stackoverflow.com/questions/18680028/prevent-screen-...
This is the most likely case, as the behaviour is similar to what happens when you take a screenshot of DRM netflix; it appears it is drawn by the hardware and not in the OS framebuffer, and thus shows up as a black box.
Of course this is not really security, but Telegram, despite being open source on the client, does have in the ToS that apps have to implement the "secure" features of secret chats properly, or risk being blocked. Recently they have been sending info out to bot developers that says apps that don't implement the ads in channels will be blocked as well, but I'm not sure if they will really enforce this.
"We ask that you make sure that these sponsored messages are supported and properly displayed in your app by January 1, 2022. Unfortunately, Telegram cannot financially sustain apps that support Telegram Channels but do not display official sponsored messages – such apps will have to be disconnected."
What about screen recording?
It's different from apps using DRM like Netflix, where it usually just shows a notification saying "failed to start screen recording".
The trick was to start the screen recording out of Telegram, open it (if you're on the actual page it will freeze the recording interestingly) but once you get to the media overview page, the screen recording works again and you can capture whatever you want. I have been able to record everything without problem once incl the chat, but this is probably only effective in some cases.
As it turns out, regular screenshots also work on that page. My testing was not super thorough I suppose, for something I quickly did while trying to fall asleep...
Also, Telegram Desktop is licensed under GPLv3, which is an anti-DRM license. Something doesn't add up here...
Back in the days there were apps in cydia to get a hold of all the snaps you received since they were just lying unencrypted inside a private sandbox.
Hell, I even stopped trying to use developer tools to extract facebook videos because they made it more difficult, and stopped using youtube-DL because Google is now throttling it. Main reason is that it's not worth the trouble anymore.
Had the same problem. Switched to yt-dlp. Now I do not have the problem.
It was still doable, but quite inconvenient.
Simpler to just record screen with OBS.
I lost a favourite video of mine from youtube, fortunately someone reupled it, so I quickly ripped it with OBS, as the youtube downloaders had trouble downloading the audio part.
It seems a lot of people don't realize that Telegram is used for more than chatting with your contacts. Telegram Groups and Channels serve as a content delivery system, with access often restricted behind some kind of pay system like Patreon or Telegram's own Payments API (think OnlyFans and private Discords). This is a boon to content creators as it protects their payed Telegram content from being easily shared into other Telegram Channels.
Telegram quietly transcended beyond chat app and into the social media arena a while ago. It's about time HN caught up.
So, this can curb sharing but not really prevent it. Will it be a net positive? Let's see.
I am generally of the opinion that piracy is a net positive, but I am ok with pirated content being slightly degraded, analog copies often meet this criteria
How is it disingenuous? They introduced DRM. Call it "protected content" if you want,but that honestly seems more disingenuous than simply calling it "DRM".
> This is a boon to content creators as it protects their payed Telegram content from being easily shared into other Telegram Channels.
No it doesn't. DRM doesn't work. End of story. Telegram has a public API and a Free Software client. All someone has to do is fork the client and disable screenshot / screen recorder blocking. At best they can block "forwarding" so you can't actually see what user originally sent the message. Once you send someone content on Telegram, you have no technical capability to stop them from doing what they want with it.
obviously everyone cheated that question to get more money; a year they essentially changed the module to add a "are you lying?" question and suddenly this lowered significantly the overestimated prices farmers declared
---
this does not apply 1-1 to DRM in telegram (they removed the download option, not just added a warning), but I find it a relevant story to a broad interpretation of "DRM doesn't work"
I am not sure I understand where you are coming from. Are you suggesting that people accidentally take screenshots and share them?
Telegram seems to have decided that either Person A or Person B can delete the message, without the permission or notification of the other.
I personally would prefer it to be the message is only deleted with the permission of Person A and Person B. Ie. "Bob has deleted his copy of this chat, and requests you do the same. Delete Chat?"
On the other hand however, unilateral delete does help the use case where people want to minimize the chance that the information is accidentally leaked or exposed - the "store less info" strategy
The result is that the screenshot still gets taken (they have no way of disabling that), but the photo is unusable.
You know, to protect its users' privacy.
Why is this even a feature?
This isn't like classical DRM where the intent is to stop you from owning content you already purchased.
This is effectively a way for group/page holders to ensure control over content that is not meant to be shared beyond that context.
Yes I know that technically if you post a picture of your kids in the group someone could still take a physical screenshot from another phone, but the point is reasonable friction, not an insurmountable tech barrier.
I fail to see how this actually prevents what it is supposed to prevent. You can still take a screenshot on desktop, or you can take a photo with another phone of your phone with the "DRM'd" content. They just got rid of the "Save" button and probably revoked the permission for taking screenshots.
Is the client open source? If it is, you can just modify it then.
https://community.signalusers.org/t/watermark-photos-videos/...
(In my opinion, Telegram has by far the best apps of all messengers out there, but I will never be able to get certain friends to use it until that issue is resolved...)
No one has two phones, or one phone and a camera.
Of course, that’s not remotely true, so what have they accomplished? If someone receives messages that they want or need to save, e.g. for legal reasons, this feature isn’t going to stop them.
Making people jump through hoops means only the most egregious stuff would still be shared.
