
Telegram 0-day vulnerability that can be used to disclose user's phone numbers - seapunk
https://twitter.com/edwincheese/status/1164826783746629633
======
luckylion
Sounds like it doesn't directly give you a user <=> phone number mapping, but
allows to confirm whether the user with phone number X is in a public channel,
which is bad enough.

------
azffz
[https://news.ycombinator.com/item?id=20776327](https://news.ycombinator.com/item?id=20776327)

lol "0-day vulnerability". I've known this since forever, everybody does. If
you have someone on your contact list you see them with the name you've stored
them as on your contact list in groups too.

Telegram is not e2e encrypted by default and group chats can simply not be
encrypted. Whoever uses Telegram expecting security is a dunce.

~~~
seapunk
Honestly, your comment is not very constructive. Did you create this account
only to critize and lessen this security issue?

~~~
azffz
It's as constructive as yours.

~~~
seapunk
I'm serious. Your url about the previous HN post was relevant but the rest of
your message sounds really defiant. Just an honest feedback about what I feel.

