However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. The flaw in the encrypted messaging application ( CVE-2021-23827 ) does not expose Keybase users to remote compromise. Honestly, no one should expect the app, he is trusting, to behave erratically in a secrecy context exposing its users to a threat that: they didn’t expect, cannot prevent, and will not be notified of.A serious flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted. “If you have reasons to worry about your personal security, we strongly recommend using only Secret Chats” When I was using Telegram Secret Chat, I was expecting it to behave like what they stated in their Wiki, the fact that it does not comply with it is something the user should be made aware of. Message will then disappear from both your and your friend’s devices.” “Messages and media files to self-destruct in a set amount of time after they have been read or opened. Especially because that is in contrast with their own design: Exportable medias in secret chat context should not be possible, or at least, not without notifying your interlocutor. Now, this bug is (in my opinion), at very least, a bad design choice. Longer timers in Secret Chats are intended for ‘self-cleaning’ communication and not to prevent pictures from being saved.”īasically, they were telling me that the bug I was reporting is an intended feature and a design choice they were aware of. “ Media sent in secret chats either without a timer or with a timer longer than 1 hour have all these options (the one that allows a media to be exported). I tried to contact Telegram in order to report this bug: Please also note that, differently from trying to take a screenshot, this action will not be notified to the other part.įor me, this bug, was an unintended behaviour since, media shared in a normal chat with the expiration time setting enabled, are correctly deleted and sharing/saving the media is prevented. If I chose the ‘save in the gallery’ option, I can easily store the media somewhere else and prevents its deletion after the expiration date. When a user sends a media file, it will be opened with the “default player/viewer” and a useful menu will appear: On the latest Telegram Android/iOS App, I discovered a nasty bug in the secret chat. Secret chats can only be accessed from their device of origin.Message will then disappear from both your and your friend’s devices. ![]() Messages and media files to self-destruct in a set amount of time after they have been read or opened.When you delete messages, they will be deleted on the other side as well.All messages in secret chats use end-to-end encryption.To sum up all these concepts, we can define a secret context as a chat where: ![]() This means you can only access messages in a secret chat from their device of origin.” The message will then disappear from both your and your friend’s devices.Īll secret chats in Telegram are device-specific and are not part of the Telegram cloud. You can order your messages, media and files to self-destruct in a set amount of time after they have been read or opened by the recipient. And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well. On top of this, Messages cannot be forwarded from secret chats. This means only you and the recipient can read those messages. All messages in secret chats use end-to-end encryption. “Secret chats are meant for people who want more secrecy than the average fella. ![]() If you are not practical with the concept of Telegram’s Secret Chat: For whom is following me on Twitter this is not a news, yesterday I was complaining about a Telegram “Feature” in the secret chat context, while for whom doesn’t this should serve as a write-up of the bug that I have discovered (The bug is nothing fancy but something I think people should, at least, know).
0 Comments
Leave a Reply. |