For the people who want to use Signal but are stuck in WhatsApp land because all their contacts are on WhatsApp, you should download WhatsApp business and create an automated away message that says that you are only available via Signal and with a link to your Signal account (if you use a Signal username. ) People in my contacts are slowly switching to Signal.
Ironically having a giant security breach happen in a security focused messaging app was good advertising.
Of course in this instance the breach was not because of the app, which is a good thing I guess.
“When something is made idiot-proof, they will just make better idiots.”
Gestures broadly at the federal government
On Signal you can verify user identify, and you should absolutely do it if were to discuss national security maters.
This is not a hidden feature, I think it’s designed to prevent man in the middle attack. It also work against the “oops I accidentally added a journalist to my conversation no one should know of”, which is so dumb that no one saw this coming 😅
Dont use consumer apps for national security matters.
There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.
vulnerability
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.
At least it was Americans talking on an american platform. I wouldn’t be surprised if we had
frenchEuropeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.There was a case recently, related to Ukraine, of a general taking part in a secure video call on his hotel network and it being compromised.
It’s not a security breach per se. Someone accidentally added a journalist to the group. Signal is still as safe as it’s ever been.
PEBKAC
Bad actors are sowing distrust by implying that Signal is not secure. Always remember that the powers that be don’t want the public to have encrypted comms and would love to ban private messaging apps altogether. I could also be completely wrong and Signal is in fact a fed honeypot…
The code is open-source though, and I’m hoping that individuals more learned than I would surely alert us if there were any backdoors/exploits…
Bad actors are sowing distrust by implying that Signal is not secure. Always remember that the powers that be don’t want the public to have encrypted comms and would love to ban private messaging apps altogether.
Wrong logic, trying to guess what they are doing. I mean, if you were a god-level poker player, then maybe, but most people are not and god-level players lose too.
and Signal is in fact a fed honeypot
Being competitive and protected from network effects (decentralized, p2p, federation, one standard and many implementations, all that) can hurt being secure. The complexity of being both may not be practical.
The point of Signal is academic level security. It has a clear model and is not doing anything to make it more complex.
Which is why it is centralized, leading to suspicions and accusations of being a honeypot.
The code is open-source though, and I’m hoping that individuals more learned than I would surely alert us if there were any backdoors/exploits…
That’s a wrong hope in any case.
There are many things you can complain about when it comes to signal, but overall it’s a huge improvement from unencrypted messengers like discord and definitely a
stepleap in the right directionYou have to be very tinfoil hat to believe that this current administration is capable of anything so sophisticated as a misdirection.
Next up:
- Signal getting banned in US govt
- Signal getting banned in the US
- Signal servers seized, devs detained
- Signal protocol repos removed from M$hub
The chat space is problematic.
- There are a lot of apps that don’t encrypt at all (e.g. Google chat, discord, etc)
- There are apps that encrypt but they are subject to jurisdictions that can or may in the future force backdoors (e.g., Chinese apps, possibly telegram, possibly US apps in the future)
- There are apps that encrypt, are in countries that are privacy focused but are not for free (e.g., threema)
This contributes to a fragmentation that makes WhatsApp the app that-you-must-have
Sure it is supposedly encrypted but I would not bet my money that is without back doors
Whatsapp to messengers is what internet explorer was to browsers lol. Slow, bloated, unfree, universally hated, but still somehow universally used
I mean honestly, feature wise, it’s pretty good in my opinion. It has some very useful features Signal lacks (e.g. live location sharing) and it’s not slow or badly designed in my opinion.
I still prefer Signal since I don’t like Facebook, but realistically speaking WhatsApp is pretty good.
Ain’t that the truth
WhatsApp
Not in the US, pretty much nobody uses it here. Which is really odd to me, since it’s so prevalent elsewhere.
Good. It’s the only encrypted channel I trust right now.
So who exactly is downloading the app as a result of this latest government scandal? I’m going to guess it’s the maga crowd because they are this as an endorsement from their new king. But hopefully I’m wrong and it’s a broad sweep of different users from across the political spectrum.
Why should it matter if the new users are all magas or not?
You wouldn’t want the Signal brand to become linked to it.
“I’m on Signal, would you like to chat there?”
“What, on the MAGA Nazi app, are you joking? Of course I’m not talking to you there!”
Ideally you want a broad spectrum of people.
I know it shouldn’t make a difference and people should base their views strictly on the technical and usability aspects of the app, but real life doesn’t work that way. Perceptions matter.
TBH this is why I’ve never used Telegram.
Telegram is a great piracy app tbh.
Perceptions matter.
And this frustrates me to no end.
Yeah, I get it, you don’t want to associate with bigoted people. But I wish people would take a step back for a minute and think. If everyone runs away the moment conservatives take interest in something, that means conservatives get an undue amount of power over you.
If we all largely ignore trolls, bigots, and bullies, they’ll lose their power. I’m not saying to be tolerant of intolerance, I’m saying we shouldn’t let them have power over us. Content moderation should take care of intolerance where it makes sense. On platforms like Signal, this means accepting that privacy means protection for both you and things you dislike. Yes, the platform will be used to arrange drug deals, facilitate pedophiles, and enable Nazis to communicate, but it also protects whistle blowers, people living under repressive regimes, and LGBT communities. Privacy means privacy, and that has value in itself.
Stop throwing babies out with the bathwater.
It’s not just perception, it’s mindless tribalism and it’s a form of bigotry in itself. It’s no better than doing things to “own the libs” or whatever.
And the irony, some express this attitude on lemmy, which unlike signal is an actual platform, not a chat app, and with tankie roots to top it off.
It is what it is, I suppose.
I wouldn’t go as far as saying it’s bigotry to dislike Nazis, but you do you mate.
It matters though. Like in Germany telegram is associated with hard right wings groups. Telling someone you use telegram makes them assume that you are a part of hard right ideologies.
It’s a shame as the telegram app is really snappy. You always have to say that you are on telegram but are not right wing. Even then people can be suspicious.
Signal has been with me for a decade. Have had Matrix/Element installed for years but no one i know uses it
It just about always comes down to user error. The White House trusting Signal is very indicative of the effectiveness of the app’s underlying protocols and the organization’s commitment to privacy. This is definitely huge publicity and I hope Signal endures the limelight.
LOL what kinda bullshit comment is this?
The people in the White House are idiots. They choose Signal because they’re either dumb/negligent -or- because they have been intentionally avoiding record preservation requirements.
Signal is a solid app for sure, but these dipshits didn’t choose it for being the right tool for the job here, as it certainly is not.
It’s not the right tool for their job but still a good tool for the laws they were trying to break…
I wholeheartedly agree the White House is full of morons. I was just saying that Signal is a solid app for me to securely share bullshit with my family. Its definitely not the right tool for government officials to use. But its plenty safe for sharing memes and pics of my dog.
hmm havent heard of this one yet. Looks promising, gonna try it later. Thanks!
For people seeking an interface similar to signal, I suggest Session. It’s a fork of signal that onion-routes the messages (they have their own onion routing network, not TOR). There are no user IDs stored anywhere, you message people through their public keys. From the user experience side of the coin, it’s a little on the slow side tho.
But definitely find out beforehand whether there were any security gaps or anything else. I followed the whole thing at the beginning of the tox protocol and the clients were not yet fully developed. But since I couldn’t get people away from WA, I forgot about it over time. So I can’t say anything about the security.
I know session… well i have read about it… Didnt test it because i would fail at the same point like with tox.
