Tdesktop: [Security Feature Request] Don't store cached media in plain

@etki File downloads can't be encrypted and be usable at the same time :( because files are opened by external apps and they require the file to be present in the system "as is".

But if you only see photos and stream video in your porn channels, you're fine! They should not be stored in Downloads unless you explicitly save them, only in local cache which is encrypted.

@john-preston

File downloads can't be encrypted and be usable at the same time :( because files are opened by external apps and they require the file to be present in the system "as is".

Then they can be decrypted and put in temp folder _on demand_ and deleted once they've finished playing / previewing / anything else.

But if you only see photos and stream video in your porn channels, you're fine! They should not be stored in Downloads unless you explicitly save them, only in local cache which is encrypted.

I explicitly requested to save 0 (zero) of these files

I explicitly requested to save 0 (zero) of these files

Maybe the files in your download directory are either Telegram documents (eg. mkv or mp4 files uploaded as document) or you downloaded them using the "download" icon instead of streaming the video. I did a few tests with a bunch of videos and none of them are saved in the downloads directory when streamed

I sent bunch of pdfs from android to desktop (through saved messages) and they ended in my downloads dir. I guess this is set up somewhere in preferences, but that's not the point. The actual point is that besides funny pictures and videos people send ssh keys, passport scans and whatsoever just because they believe that messenger is secure and keeps it only in the cloud. Instead files end up living on fs forever, accessible to any process that succeeded to run under that user.

Come on, it's a security vulnerability. It's not even active eavesdropper security vulnerability, it's enough to gain access just once to see full past history.

Bumping at this feature but changing the question to: Is the cache encrypted?

I explicitly requested to save 0 (zero) of these files

Maybe related https://github.com/telegramdesktop/tdesktop/issues/6866

Then they can be decrypted and put in temp folder _on demand_ and deleted once they've finished playing / previewing / anything else.

When you open a file via default system handler, the system opens the application in background and you can't know when the application is closed.

@ilya-fedin also system has things like lsof (dunno what API is called under hood) even if PID is lost

also system has things like lsof (dunno what API is called under hood) even if PID is lost

Most applications are single instance what means if an application that can open a file is already open, it won't be a child process and lsof is useless.

I think a better solution to OP's concerns is to write a simple script to delete old files from his Downloads folder and then run that script via cron or launchd.

I think this should work:

# Deletes files not modified in 3 days
gfind "$HOME/Downloads/Telegram Desktop/" -mindepth 1 -type f -mtime +3 -print -delete 

If we want cache files encrypted I propose an encrypted container/volume type of solution that is "mounted" when Telegram is started/unlocked.