Disappearing messages don’t impress security professionals, given how flimsy a privacy protection they offer, but despite an inherently fickle form the feature keeps recurring on comms platforms.
The latest to add what it calls an “unsend” feature is mobile messaging platform Telegram — which is now letting users retrieve (i.e. delete) messages within two days of sending them, once they update to v3.16 of its app.
Secure messaging app Signal also recently added an ephemeral messaging feature, back in October — albeit for ‘tidiness’, not privacy.
Telegram’s unsend feature works within one-to-one and group messaging scenarios, and has to be enacted within the 48 hour window. It says the idea is to serve users with ‘morning after messaging regret’ by letting them scrub stuff they wish they’d never said.
Of course it pays to point out this is at best privacy theatre, given that messages can be read and screengrabbed long before being ‘retrieved’. So basically don’t trust your secrets or your stupidity to an ‘unsend’.
It also adds another layer of complexity to Telegram’s messaging structure. The app already silos end-to-end encrypted messaging into a ‘secret chats’ feature, which has to be initiated by the user vs the default message type (which is not end-to-end encrypted). And Telegram has taken a lot of flak for not enabling e2e encryption across the board as other messaging apps have.
Its use of proprietary encryption also turns noses in the security community vs other messaging apps, such as Wire and WhatsApp, which use or build on the independently audited Signal Protocol (also used in the Signal messaging app).
Safe to say, there are a growing number of messaging options for mobile users to play around with. And a growing number of considerations to factor in if you’re seeking a secure messaging app. But while unsending messages might be a fun way to troll your friends for kicks, it’s no substitute for a proper wrapper of robust and respected end-to-end encryption.