|
|
|
|
|
|
by btown
383 days ago
|
|
|
If you need your partners/bankers/salespeople/cabinet-level officials etc. to be able to converse with their clients on the E2E encrypted systems those clients already use, like WhatsApp and Signal, but maintain retention for legal or internal data-mining reasons, the only way to do that is to have a modified client, perhaps cracked or forked from an official client, that speaks the same wire protocol, but copies messages to separate storage. Now, such a system could be set up to route those copied messages in a separately E2E-encrypted way to the client's in-house/on-prem archival systems, and have the client be responsible for implementing decryption and secure storage at rest. But it's far easier to just sell a centralized cloud-based archival/retrieval system - which must necessarily be able to decrypt messages, and thus makes for an incredibly juicy target. Given the supply-chain risks of the provider offering the customized clients anyways, one would expect them to have a strong security focus... but it certainly seems this was not the case. |
|
|
My firm requires screenshots. If the concern is that someone would bypass that, well, someone could bypass TeleMessage, too.