Technology

68244 readers

5248 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

661

Signal downloads spike in the US and Yemen amid government scandal | TechCrunch (techcrunch.com)

submitted 1 week ago by [email protected] to c/[email protected]

90 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 31 points 1 week ago* (last edited 1 week ago) (1 children)

On Signal you can verify user identify, and you should absolutely do it if were to discuss national security maters.

This is not a hidden feature, I think it's designed to prevent man in the middle attack. It also work against the "oops I accidentally added a journalist to my conversation no one should know of", which is so dumb that no one saw this coming 😅

[–] [email protected] 8 points 1 week ago (2 children)

Dont use consumer apps for national security matters.

There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.

[–] [email protected] 15 points 1 week ago (1 children)

vulnerability

My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.

This is completely fine for personal use since the average person isn't going to be a target, but for classified information, that's unacceptable. This isn't unique to any messenger, any app that stores data on the phone is open to it.

[–] [email protected] 2 points 6 days ago (1 children)

Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.

[–] [email protected] 3 points 6 days ago

They do seem to have experimental support for local encryption, but I don't think it's quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn't likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.

It's a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.

[–] [email protected] 2 points 1 week ago (1 children)

At least it was Americans talking on an american platform. I wouldn't be surprised if we had ~~french~~ Europeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.

[–] [email protected] 1 points 6 days ago

There was a case recently, related to Ukraine, of a general taking part in a secure video call on his hotel network and it being compromised.