Comment on Signal downloads spike in the US and Yemen amid government scandal | TechCrunch
Bogasse@lemmy.ml 1 week agoOn Signal you can verify user identify, and you should absolutely do it if we to discuss national security maters.
This is not a hidden feature, I think it’s designed to prevent man in the middle attack. It also work against the “oops I accidentally added a journalist to my conversation no one should know of”, which is so dumb that no one saw this coming 😅
Squizzy@lemmy.world 1 week ago
Dont use consumer apps for national security matters.
There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.
sugar_in_your_tea@sh.itjust.works 1 week ago
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Squizzy@lemmy.world 1 week ago
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
sugar_in_your_tea@sh.itjust.works 1 week ago
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.
Bogasse@lemmy.ml 1 week ago
At least it was Americans talking on an american platform. I wouldn’t be surprised if we had
frenchEuropeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.Squizzy@lemmy.world 1 week ago
There was a case recently, related to Ukraine, of a general taking part in a secure video call on his hotel network and it being compromised.