Telegram encrypted messaging app adds ‘Unsend’ button

Happy New Year! Welcome to another “Unsend” button!

The story goes like this: a certain engineer was so revved about the new year, he sent his mom an SMS sticker depicting a scruffy Santa saying “Screw you” to its recipients.

Is the profane Santa an Unsend creation myth? Who can say? The tale is sure believable, given the missteps we’ve probably all made with e-chatting. Or, as his employer, encrypted messaging app Telegram, puts it…

Take that, Friday nights!

At any rate, there is no hangover large enough to justify telling Mom to go screw herself.

So the engineer quickly whipped up a way to kill recently sent messages and save his bacon. And as of the recently released v.3.16, all Telegram users are now able to do the same.

You know that Unsend button: it used to be the joke you played on the technically clueless when they flew out of their offices, bug-eyed, asking everybody to delete the email they mistakenly, unadvisedly sent to the whole company.

Google made it real, more or less, with the undo send option it first offered in 2009, buried as it was under an “experimental” warning. Google pulled the Unsend button into the daylight to promote with a bit more gusto in June 2015.

Google gave you a frantic, fumbling 30 seconds to lunge for that button. Yahoo Messenger last year gave you the ability to reach into years worth of outbox muck to delete any message sent to any user at any time, making it disappear from the recipient’s inbox.

Telegram’s promising something in between: it’s giving you 48 hours to un-embarrass yourself, it said on Tuesday.

But. With so-called but often so-not-really disappearing messaging promises, there’s always a but.

The notion that messages and images are ephemeral and will disappear forever has been flawed from the start – recipients can always grab screenshots or simply take photos of their screens.

Even if they don’t, we found that with Snapchat, the supposedly disappearing images stayed right on senders’ phones and often hung around on Snapchat’s servers.

Regarding Yahoo’s wiping a given message from its servers and deleting it from a recipient’s phone, it followed Viber on that path. Viber in October 2015 began to offer unsend, including messages, photos or GIFs, from recipients’ devices.

Oh, boy, many of us thought: any message, from any device, as Viber enthused?

Um, no, it said a few days later: Windows phones not included.

So yes, deleting messages has been a bit of a shaky proposition. Messages have a way of lingering, be they in image form as screenshots, printed out or copied before a sender deletes them from a recipient’s inbox, stuck in servers’ innards, or having the poor judgment to pop up on the wrong kind of phone.

And that’s not all – Telegram has also had its share of security issues.

It was in headlines over security twice in one week in August. Once for a data leak in its MacOS version, from which any cut-and-pasted text wound up in the system log. System logs hang around for days and in corporate environments might even be sent unencrypted to a logging server.

As Naked Security’s Mark Stockley said about the vulnerability, it was the kind of thing that can happen when somebody makes a mistake like leaving a bit of debugging code in a production app.

That was followed by an SMS text vulnerability that led to account compromise of Iranian journalists, activists and others in sensitive positions.

There’s screw-you Santas, and then there’s the need to keep your encrypted messaging app away from the prying eyes of repressive regimes.

Even super-secret-sauce software is still software, as Mark noted. It’s still made by people, used by people, and subject to flaws.

The moral of the story: unsend features like Telegram’s are promising, but it’s safest to assume that messages aren’t necessarily going to blink out of existence.