The Signal and the noise: Why the messaging app is great for privacy but not for war plans.
-
TLDR: some government/military official added a reporter to a Signal group were some high profile people were discussing and sharing war plans.
The app's encryption is perfectly fine. It's just clickbait.Its not click bait, its a great layman's terms explanation of the app and what it does. This is the kind of article I would send to my parents who are basically tech illiterate when this topic inevitably arises. It also clarifies points that were poorly reported by other outlets, which is necessary to call out, especially in our current informational climate.
-
TLDR: some government/military official added a reporter to a Signal group were some high profile people were discussing and sharing war plans.
The app's encryption is perfectly fine. It's just clickbait.What about it is clickbait? That title is really upfront about signal's encryption being fine.
-
Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump woupd reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
Yeah- that is a bit odd. Who and if not intentional, how?
-
You don't know what you are talking about. Just because Session is a fork of Signal doesn't mean it isn't better, but is an improvement. Session adds identity protection and it is decentralized. There is no personal information needed to create accounts; no phone number or email required. There is no metadata storage. Had the Trump cabinet used Session instead of Signal, there would be no evidence to the identities of the individuals messaging each other. Signal requires a phone number to have an account which traces to an identity. The leaked war plans were not from encryption failing, but traceable identities.
Just because Session is a fork of Signal doesn’t mean it isn’t better.
And nobody said that, strawman count one.
Session adds identity protection and it is decentralized.
Just so you knew, everything about security is made much harder and more complex by decentralization. Welcome to the real world, two good things do not help each other, you have to compromise on something.
This statement adds nothing but the vague idea that decentralization helps security, so answered only that.
There is no personal information needed to create accounts; no phone number or email required. There is no metadata storage.
The article I don't remember was about purely technical mistakes of Session developers in processes inherited from Signal. Mistakes! Mistakes happen in software. While what you are doing is listing features.
Signal requires a phone number to have an account which traces to an identity and metadata that logs time and date.
You are again talking about features and policies and limitations.
Damn right it's better to use a system where users using their IP addresses store messages in a blockchain, very anonymous.
Had the Trump cabinet used Session instead of Signal, there would be no evidence to the identities of the individuals messaging each other. Signal requires a phone number to have an account which traces to an identity and metadata that logs time and date. The leaked war plans were not from encryption failing, but traceable identities by an insider.
Buddy, that journalist didn't trace anything, they just were added to a chatroom, saw what's being discussed there, said oops, informed others and left it.
I'm sure you can set a nickname to your real name in Session too.
-
We need a US Community on Revolt too not just Lemmy
Never heard of it before.
What's the elevator pitch?
Reddit
️Lemmy
Twitter️Bluesky
Discord️RevoltI say we make a U.S. Server on there to inform each other, inspire each other, take action, collaborate, & coordinate
That would be a great way for all of us to really get things going in real life & online. Also, to have different sections of the server dedicated to various issues:
- This whole mess with GOP fighting back on every level
- Making Protests Fun, & Effective. Connecting Social Events to Them, & having Goals for Each Protest (Get to know others to work with, building out better infrastructure, gettings things done, etc)
- Homelessness
- Walkable/social/fun/bikeable/transit infrastructure for cities and towns
- Building and Maintaining Community
- Collaboration with Allies
- Etc Etc
I would do it but don't know how to run a community, & server
-
Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump woupd reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
-
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That's incredibly unlikely for a regular citizen, but it's a lot more likely for an important position like the head of the Department of Defense or something.
-
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That's incredibly unlikely for a regular citizen, but it's a lot more likely for an important position like the head of the Department of Defense or something.
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
-
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
Same. I'm just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
-
System shared this topic
