[kedmi]

It's smart.

It allows Telegram users to hide in plain-sight, within the noise of other Google Translate web users.

I'm pretty sure that using the official pre-built java SDK, as suggested by the author, would allow Google to cluster the content of Telegram users (since app-specific id/token should be sent).

Other than that, a great read and kudos to the author for shedding light on it.

Edit: typo.

[xg15]

I think Google can still cluster Telegram users pretty easily, especially now that that the method is in the open.

Yes, Telegram fakes the user-agent, but the rest of the request still looks very different from a request an actual browser would do. (No referrer, missing headers, different connection pooling behaviour, possibly different TLS and HTTP2 behaviour, etc).

So if Google is doing any detection for browser vs non-browser requests, those requests should show up as suspicious.

[nothasan]

If they used cronet, they could get past these checks.

[hdjjhhvvhga]

> It's smart.

On the contrary - it's the most stupid thing to do. The only result will be their users wondering soon why this function is broken.

[dejj]

If Telegram or Google users would pay for services, they wouldn’t treat them like the product being sold.

[giomasce]

It doesn't look very well hidden if there are blog posts about it...

[OJFord]

The users are hiding among all the web traffic to translate.google.tld; not that that Telegram's doing this is top secret undiscoverable magic sauce. It's open source (GPL2): https://github.com/DrKLO/Telegram/blob/9e740dfd4d2b1ab6b8ed2...

[michaelmcmillan]

A rotated user agent does not hide anything from Google.

[AndriyKunitsyn]

Shell game street fraud (with cups and balls) is also "smart" in some way, but it's not really the right thing to do.