Re: Telegram privacy fails again.

[Stuart Henderson <stu () spacehopper org>]

On 2019/09/12 18:29, notspam () mm st wrote:
> > IMO, If Whatsapp/Telegram wanted to take this functionality more seriously,
> > they'd need to be writing the images to disk in an encrypted form from the
> > outset. It increases the overhead of display, and wouldn't necessarily stop
> > forensic recovery etc, but it would mean that other apps couldn't simply
> > watch the directory and upload anything which appears in it in a usable
> > form. That's a whole other can of worms though as it's another set of keys
> > to manage.
>
> There's no way to take this functionality seriously - the feature is a
> joke. A privacy feature centered around trusting another user's
> node to delete a file you already sent them is silly. Unfortunately,
> it seems like nobody gets this; even Matrix clients are supposed to
> have message redaction soon.

It is still a useful feature as long as you don't consider it "secure".

> The original email didn't contain a security vulnerability (remember
> the name of this list?)  - it was blogspam. It didn't belong here for
> the same reason that you don't see Snapchat bugs on this list.

If a user of the software took the "delete" claim at face value then it
could be considered security related .. and unlike Snapchat, the Telegram
client *is* open source.