[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Telegram privacy fails again.
From: notspam () mm ! st
Date: 2019-09-16 18:54:03
Message-ID: 20190916185403.6pv72jornoxsehho () wrycode
[Download RAW message or body]
>> There's no way to take this functionality seriously - the feature is a
>> joke. A privacy feature centered around trusting another user's
>> node to delete a file you already sent them is silly. Unfortunately,
>> it seems like nobody gets this; even Matrix clients are supposed to
>> have message redaction soon.
>
>It is still a useful feature as long as you don't consider it
>"secure".
In the immediate term, yes, it's easy to see potential benefits. In
the long term, it will harm people.
>If a user of the software took the "delete" claim at face value then it
>could be considered security related ..
Second line of the original email: "This is not a security vulnerability it's a privacy issue."
>and unlike Snapchat, the Telegram client *is* open source.
The Telegram ecosystem is closed-source.
Regardless, Telegram clients don't have to respect this setting, so
the feature is a lie. The only way to enforce message deletion is
through drm-like means (Snapchat...), which doesn't work anyway. That
Telegram allows third-party clients only makes it worse, in a way.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic