https://micahflee.com/ddosecrets-publishes-410-gb-of-heap-dumps-hacked-from-telemessages-archive-server/ - the "obvious" way to fix this is to forbid unofficial clients, which is not the software freedom perspective, but right now I have no idea whether someone I'm sending messages to is using a hacked client that's exporting everything in plaintext to an insecure cloud service and that feels like a bad thing?
You're missing major amounts of context.
It may be hacky, but not a "hacked" client. The client is sending messages to an archive service for auditability as required by law.
The default Signal client isn't allowed since it doesn't tick the boxes required for the US gov.
This article provides this information: https://en.wikipedia.org/wiki/TeleMessage#Products
@panda No. That's what it's being used for in this context, but this client was also used by people who were not legally required to do so (company policy, for instance, rather than legal requirement). I, as someone communicating with someone else, have no idea whether or not they're using such a client, and even if the reason the plaintext is being collected is to meet legal requirements I still want to know that so I can consider what I feel comfortable sending