Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190916185403.6pv72jornoxsehho@wrycode>
Date: Mon, 16 Sep 2019 14:54:03 -0400
From: notspam@...st
To: oss-security@...ts.openwall.com
Subject: Re: Telegram privacy fails again.

>> There's no way to take this functionality seriously - the feature is a
>> joke. A privacy feature centered around trusting another user's
>> node to delete a file you already sent them is silly. Unfortunately,
>> it seems like nobody gets this; even Matrix clients are supposed to
>> have message redaction soon.
>
>It is still a useful feature as long as you don't consider it
>"secure".

In the immediate term, yes, it's easy to see potential benefits. In
the long term, it will harm people.

>If a user of the software took the "delete" claim at face value then it
>could be considered security related ..

Second line of the original email: "This is not a security vulnerability it’s a privacy issue."

>and unlike Snapchat, the Telegram client *is* open source.

The Telegram ecosystem is closed-source.

Regardless, Telegram clients don't have to respect this setting, so
the feature is a lie. The only way to enforce message deletion is
through drm-like means (Snapchat...), which doesn't work anyway. That
Telegram allows third-party clients only makes it worse, in a way.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.