[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Telegram privacy fails again.
From:       notspam () mm ! st
Date:       2019-09-16 18:54:03
Message-ID: 20190916185403.6pv72jornoxsehho () wrycode
[Download RAW message or body]

>> There's no way to take this functionality seriously - the feature is a
>> joke. A privacy feature centered around trusting another user's
>> node to delete a file you already sent them is silly. Unfortunately,
>> it seems like nobody gets this; even Matrix clients are supposed to
>> have message redaction soon.
>
>It is still a useful feature as long as you don't consider it
>"secure".

In the immediate term, yes, it's easy to see potential benefits. In
the long term, it will harm people.

>If a user of the software took the "delete" claim at face value then it
>could be considered security related ..

Second line of the original email: "This is not a security vulnerability it's a privacy issue."

>and unlike Snapchat, the Telegram client *is* open source.

The Telegram ecosystem is closed-source.

Regardless, Telegram clients don't have to respect this setting, so
the feature is a lie. The only way to enforce message deletion is
through drm-like means (Snapchat...), which doesn't work anyway. That
Telegram allows third-party clients only makes it worse, in a way.
[prev in list] [next in list] [prev in thread] [next in thread]