Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump would reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
What security vulnerabilities does signal have?
Hmm, last cve was in 2023…
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That’s incredibly unlikely for a regular citizen, but it’s a lot more likely for an important position like the head of the Department of Defense or something.
NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
Same. I’m just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
BTW, thanks for providing the CVEs, I hope that answers a few peoples’ questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).
Thats why the Linux kernel has a massive amount of CVEs, its extensively audited and researched.
Yeah- that is a bit odd. Who and if not intentional, how?
TLDR: some government/military official added a reporter to a Signal group were some high profile people were discussing and sharing war plans. The app’s encryption is perfectly fine. It’s just clickbait.
They weren’t war plans. They were attack plans. /s 🤦♂️
genocide assisting murder plans
Its not click bait, its a great layman’s terms explanation of the app and what it does. This is the kind of article I would send to my parents who are basically tech illiterate when this topic inevitably arises. It also clarifies points that were poorly reported by other outlets, which is necessary to call out, especially in our current informational climate.
What about it is clickbait? That title is really upfront about signal’s encryption being fine.
Very informative article. By most measures, it is pretty terrific at encrypting messages and protecting your privacy, just not when it’s wielded by idiots.
I understand how the public key encryption works when you are messaging person to person. Does anyone know how it works with group chats?
Each participant is sent a separate copy of each message encrypted with their own key.
Ok, let’s pick the correct App for planning the rebellion.
Bluesky, Lemmy, Revolt, Ghost, Spark, & Flashes apps. Diaspora, Zen Browser, & Raindrop too
Those each cover a different aspect that will empower everyone. We need a US Community on Revolt too not just Lemmy
The app doesn’t matter. Wrong fucking network.
