At least it was Americans talking on an american platform. I wouldn’t be surprised if we had french Europeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.
Comment on Signal downloads spike in the US and Yemen amid government scandal | TechCrunch
Squizzy@lemmy.world 1 week agoDont use consumer apps for national security matters.
There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.
Bogasse@lemmy.ml 1 week ago
Squizzy@lemmy.world 1 week ago
There was a case recently, related to Ukraine, of a general taking part in a secure video call on his hotel network and it being compromised.
sugar_in_your_tea@sh.itjust.works 1 week ago
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Squizzy@lemmy.world 1 week ago
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
sugar_in_your_tea@sh.itjust.works 1 week ago
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.