You'll see this policy in action when you install Keybase on a 2nd computer. This is verified by everyone you chat with. Key additions must be signed publicly into your signature chain by a currently active key,Īs determined by your signature chain. What's preventing Keybase from adding a device for me, that's really just owned by Keybase or nefarious shadow organization X? You can think of a PGP key as another part of a user's identity, and therefore one of the assertions you can make, like a Twitter address. You can, however, address someone by their PGP key! I've proven ownership of this PGP key, which your own client will verify: keybase chat send 'hi whoever owns 9701 6CB3' The basic idea here is that non-technical people won't get confused and do something irresponsible. You can read more about our key model here. People aren't so great at managing and moving PGP private keys around, so PGP keys are not included in our chat or filesystem. Even if you have a PGP key on your Keybase profile, these messages are only encrypted with your Keybase device + paper keys. Honestly, no one should expect the app, he is trusting, to behave erratically in a secrecy context exposing its users to a threat that: they didn’t expect, cannot prevent, and will not be notified of.No. “If you have reasons to worry about your personal security, we strongly recommend using only Secret Chats” When I was using Telegram Secret Chat, I was expecting it to behave like what they stated in their Wiki, the fact that it does not comply with it is something the user should be made aware of. Message will then disappear from both your and your friend’s devices.” “Messages and media files to self-destruct in a set amount of time after they have been read or opened. Especially because that is in contrast with their own design: Exportable medias in secret chat context should not be possible, or at least, not without notifying your interlocutor. Now, this bug is (in my opinion), at very least, a bad design choice. Longer timers in Secret Chats are intended for ‘self-cleaning’ communication and not to prevent pictures from being saved.”īasically, they were telling me that the bug I was reporting is an intended feature and a design choice they were aware of. “ Media sent in secret chats either without a timer or with a timer longer than 1 hour have all these options (the one that allows a media to be exported). I tried to contact Telegram in order to report this bug: Please also note that, differently from trying to take a screenshot, this action will not be notified to the other part.įor me, this bug, was an unintended behaviour since, media shared in a normal chat with the expiration time setting enabled, are correctly deleted and sharing/saving the media is prevented. If I chose the ‘save in the gallery’ option, I can easily store the media somewhere else and prevents its deletion after the expiration date. When a user sends a media file, it will be opened with the “default player/viewer” and a useful menu will appear: On the latest Telegram Android/iOS App, I discovered a nasty bug in the secret chat. Secret chats can only be accessed from their device of origin.Message will then disappear from both your and your friend’s devices. Messages and media files to self-destruct in a set amount of time after they have been read or opened.When you delete messages, they will be deleted on the other side as well.All messages in secret chats use end-to-end encryption.To sum up all these concepts, we can define a secret context as a chat where: This means you can only access messages in a secret chat from their device of origin.” The message will then disappear from both your and your friend’s devices.Īll secret chats in Telegram are device-specific and are not part of the Telegram cloud. You can order your messages, media and files to self-destruct in a set amount of time after they have been read or opened by the recipient. And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well. On top of this, Messages cannot be forwarded from secret chats. This means only you and the recipient can read those messages. All messages in secret chats use end-to-end encryption. “Secret chats are meant for people who want more secrecy than the average fella. If you are not practical with the concept of Telegram’s Secret Chat: For whom is following me on Twitter this is not a news, yesterday I was complaining about a Telegram “Feature” in the secret chat context, while for whom doesn’t this should serve as a write-up of the bug that I have discovered (The bug is nothing fancy but something I think people should, at least, know).
0 Comments
Leave a Reply. |