https://micahflee.com/ddosecrets-publishes-410-gb-of-heap-dumps-hacked-from-telemessages-archive-server/ - the "obvious" way to fix this is to forbid unofficial clients, which is not the software freedom perspective, but right now I have no idea whether someone I'm sending messages to is using a hacked client that's exporting everything in plaintext to an insecure cloud service and that feels like a bad thing?
@mjg59 maybe like matrix show which clients the other person uses
@shadowwwind @mjg59 presumably without a centralised list of clients and their keys the client could just lie about that though.