Hacker News new | comments | ask | show | jobs | submit login

So basically, somebody could use telegram metadata to see when I came online...on telegram? And they could also make a best guess at who I'm talking to? You don't even have to go to the CLI client for this, the 'target' status is visible on the top of every conversation. Pretty much any chat client I could think of has a feature like this.

Seriously, how is this even on the front page? It seems that people lately are coming up with excuses to call out any app/software/company based on privacy concerns, just so they get some attention.

Which other chat clients reveal if they are the foreground app right now or not? I haven't come across any as far as I remember (I don't use that many though). How many of those reveal it to everybody, without any confirmation?

(And even if it were general default behavior doesn't mean it isn't pretty crappy from a privacy point of view)

WhatsApp will hide last seen, but will still show you if a user is online instantaneously - you'd have to have their conversation open.

Facebook too, will show a user as instantaneously online even if they have chat turned off for you (I think). On the plus side, Facebook recently disabled API access for online/offline status of your friends unless they've consented.

> Facebook recently disabled API access for online/offline status of your friends unless they've consented.

Is this for just the messenger app or the facebook mobile app?

It's for the graph API, which I have no experience with, but I guess it covers both?

The limitation is in the API only, you can still see the statuses in-app and online, but you would have to resort to a webscraper to get them.

I've seen both WhatsApp and Viber do that. Might be a buggy client though, but nevertheless.

I find it amusing that we are raising 'privacy concerns' now for pretty much anything. How does sharing whether you are keeping your phone in your pocket or in your hands (and telegram active) affect your privacy? Its meaningless data.

The attack scenario is described in the article (I'd love to see data on if it actually is viable or not, but reports about similar attacks in the past make me suspect it is).

Most IRC networks let you see when a registered user last used their account too.

IRC is not exactly a beacon of privacy ;-)

Most other chat systems require user consent before sharing presence information

Seriously ? This is an app that claims to be a secure communication chatting application. This app is not as secure as it should be. I'm off from Telegram. Trust is gone.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact