oss-sec mailing list archives
Re: Telegram privacy fails again.
From: notspam () mm st
Date: Mon, 16 Sep 2019 14:54:03 -0400
There's no way to take this functionality seriously - the feature is a joke. A privacy feature centered around trusting another user's node to delete a file you already sent them is silly. Unfortunately, it seems like nobody gets this; even Matrix clients are supposed to have message redaction soon.It is still a useful feature as long as you don't consider it "secure".
In the immediate term, yes, it's easy to see potential benefits. In the long term, it will harm people.
If a user of the software took the "delete" claim at face value then it could be considered security related ..
Second line of the original email: "This is not a security vulnerability it’s a privacy issue."
and unlike Snapchat, the Telegram client *is* open source.
The Telegram ecosystem is closed-source. Regardless, Telegram clients don't have to respect this setting, so the feature is a lie. The only way to enforce message deletion is through drm-like means (Snapchat...), which doesn't work anyway. That Telegram allows third-party clients only makes it worse, in a way.
Current thread:
- Telegram privacy fails again. Dhiraj Mishra (Sep 09)
- Re: Telegram privacy fails again. Ilya Matveychikov (Sep 10)
- Re: Telegram privacy fails again. Solar Designer (Sep 12)
- Re: Telegram privacy fails again. Ben Tasker (Sep 12)
- Re: Telegram privacy fails again. notspam (Sep 13)
- Re: Telegram privacy fails again. Stuart Henderson (Sep 13)
- Re: Telegram privacy fails again. Jiri 'Ghormoon' Novak (Sep 16)
- Re: Telegram privacy fails again. notspam (Sep 16)
- Re: Telegram privacy fails again. Ben Tasker (Sep 12)