Important
- Never share your bot api key.
- Never Share your secret token.
- Never share your Cloudflare worker url. If someone know your worker url can impersonate you with fake requests to the worker (they should also know your secret token or brute force it), because your Telegram ID is not secret. If your worker url is not secret change it!
Please note: Cloudflare hosts your service so they could be able to see all your data. To stay really secure and anonym you should host it by yourself.
- To protect your privacy you could use a duck address for the cloudflare registration. A duck address should be binded to a privacy focused email (e.g. tutamail).
- Protect your ip address: no log vpn, whonix.
Tip
Optionally, you can set up a self-signed certificate to enhance the security of the requests. For more datails check the following links: setWebhook and self-signed.
Note
Contact me here or use the Discussions section.
You are responsible for what you do with this code. In some countries, e.g. EU states according to the GDPR law, there are laws that protect users from data collection so in that countries you should provide an opt out mode (db version).