I'm not sure what this has to do with anything. Sure, maybe this doesn't help you in a channel, but one on one? Or small groups? Most people don't run custom apps and you're probably going to know if your friends do. The biggest use I see of bidirectional deletion is if you see your friends be picked up by a nefarious actor and you can delete the messages. This reduces the chance of self incrimination because you can probably delete the messages before the phone is cloned or the messages are saved in some way.
It has everything to do with this when the conversation is if the government is going to use your messages in the unencrypted channel to come after you. If your friends are picked up by a nefarious actor, you would have to know that they were–and also, you'd have to ensure that Telegram isn't keeping some sort of deletion log.
>> Sure, maybe this doesn't help you in a channel, but one on one? Or small groups? Most people don't run custom apps
The bidirectional part is helpful in the non-public channel context.
How does this help? Why does this matter? Well you can keep a public face and a private face. Private channels, group chats with friends, or one on one messages you can be more open and use this tool. But this is normal. Everyone shows a different face in public than what they show to friends (offline!).
> If your friends are picked up by a nefarious actor, you would have to know that they were
Sure. But they're your friends. I don't know how you interact with your friends, but usually when I'm out with them I'm physically near them and know what they are doing. Chances are pretty high I'd know within a few hours if they got arrested/abducted.
> you'd have to ensure that Telegram isn't keeping some sort of deletion log.
This is a different issue and FWIW that's why I don't personally use Telegram. There's no verification so no trust. But that doesn't mean that the deletion tool can be useful in certain contexts if the implementation is correct. No reason to throw the baby out with the bath water. It is about the probability of reducing self incrimination, not guaranteeing.
I certainly do not know what my friends are doing 24/7, perhaps not even within a day or two. And that's plenty of time for law enforcement to install a third-party client on their phone, or just read the messages. I agree that having it is better than not having it, but I would not put too much faith in it being useful against law enforcement. Perhaps retracting a mistakenly sent message, but not much more than that.
I feel like you're being needlessly dense. The threat scenario is being at a protest with your friends, not some midnight abduction. And I'll I'm arguing is that it is better to have it than not have it because there's a __chance__. When it comes down to it every aspect of security and privacy is probabilistic. Security walls aren't impenetrable, but unlikely to be penetrated in a given time-frame. If it doesn't reduce the floor on security or privacy but increases the probabilistic upper bound, why not? So my complaint to Signal is why shoot yourself in the foot by limiting this to 1 hour? (24 if you run a custom app)
There's a reason big companies/government employers want root access to your phone and will wipe data if it is lost or stolen. Because it reduces the chance that company/state secrets. No one thinks it is a guarantee. But if given the choice of "revealing a secret" vs "rolling a dice to see if I reveal a secret or not" I'm going with the latter no matter the odds.
