@npub1ffsl...cxj7 The important bits of the article seem paywalled.
> the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer
Shouldn't it be enough to use TLS?
And that seems like a weird use of the term E2E, if the archive destination (server) is controlled by the customer? Generally, I expect that term to be used for situations where you have two clients, and a potentially untrusted server in between. If the server is controlled by the customer, I don't see an issue. Or do they route the archives through the company's servers, and the destination is another client device?
If customers run their own servers, then this "hack" may be insignificant, as it may be the fault of the customers that they didn't secure their servers.
Would love to see more accurate and detailed reporting on this.
