About the intricacies of privacy in the Telegram Bots API: “this is not a bug, this is a feature”

A week ago , the Bots API, a platform for creating bots, was launched in Telegram Messenger. Let the platform be slightly damp, slightly crutch, but nonetheless interesting - both for users and developers, who immediately rushed to write (and port) various bots . But, as it turned out, the API has at least one feature that may seem rather unexpected (and even unpleasant) for end users.

Immediately make a reservation: this note is not another attack on the security of the Telegram. Moreover, given the friendly relations with some of the developers of the messenger, I did not particularly want to write an article. But it seemed important to warn those who are planning to create and, most importantly, use bots in Telegram. "Plato is my friend but the truth is dearer".

First, in brief for ordinary users. If you send a photo to a bot in Telegram (hoping that the bot will send the photo to another person later), remember that the final recipient of the photo (if desired) can easily find out your name / photo / username (and can contact you directly ). Even if the bot involves privacy and anonymity. This interesting aspect is extremely unobvious, even for the creators of the bots themselves. And they (so far!) Can do nothing about it. Strictly speaking, this applies not only to photos (and almost all types of attachments), but to see your profile in other cases is somewhat more difficult.
')
This includes the example given in the description of the @HotOrBot platform. In this “analogue of Tinder,” you can easily peek at the accounts of those whose photos you are offered to evaluate (and, in fact, write to them - even if they have not yet reciprocated to you).

(as seen in the illustrations, it is enough to open a photo, for example, in the web version of Telegram )

In the @TalkBot I created (it allows you to communicate anonymously in “rooms” in the spirit of IRC or tête- à -tête, acting as an intermediary) the same problem: do not send photos to the chat room if you don’t want to be deanonymized. But my bot even warns everyone about it.


The technical background and why this problem cannot be solved without the participation of Telegram. Now the bot can only do one thing with the bot file sent: take it ( file_id ) and send it to someone else (this is not the message itself, but just the attached picture / video / audio / document, in the documentation it looks just like a trick to save resources). Unfortunately, it is impossible to get the file body at the moment (obviously, this will be implemented in the near future, since the feature is very important). Otherwise, you could not use the same file_id, but upload the photo again (at least some workaround would be). Now there is no other solution than to warn users (or limit functionality at all).

Why is this not a bug in the platform? Formally, this behavior is more or less documented ( InputMediaPhoto vs InputMediaUploadedPhoto constructors , as well as the returned photo object) in the usual API, so it cannot be considered a bug. And in general, bots are created by third parties - how much privacy is here. Given the positioning of Telegram as a messenger, which emphasizes privacy, it is possible that client applications should be made more explicit to understand that all data sent to bots is completely open to bot authors (no matter how commonplace it sounds).