https://micahflee.com/ddosecrets-publishes-410-gb-of-heap-dumps-hacked-from-telemessages-archive-server/ - the "obvious" way to fix this is to forbid unofficial clients, which is not the software freedom perspective, but right now I have no idea whether someone I'm sending messages to is using a hacked client that's exporting everything in plaintext to an insecure cloud service and that feels like a bad thing?
Or maybe the answer is that this is a social issue rather than a technical one and I should just not be communicating with anyone I don't trust to not do that
@mjg59 You probably know better than most others that one could use attestation to cryptographically identify the client, but is that really what we want?
I see it more as a social problem. People could be screen-recording your conversation anyway, even with the official client.