On Signal you can verify user identify, and you should absolutely do it if were to discuss national security maters.
This is not a hidden feature, I think it’s designed to prevent man in the middle attack. It also work against the “oops I accidentally added a journalist to my conversation no one should know of”, which is so dumb that no one saw this coming 😅
Dont use consumer apps for national security matters.
There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.
At least it was Americans talking on an american platform. I wouldn’t be surprised if we had french Europeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.
Ironically having a giant security breach happen in a security focused messaging app was good advertising.
Of course in this instance the breach was not because of the app, which is a good thing I guess.
“When something is made idiot-proof, they will just make better idiots.”
Gestures broadly at the federal government
On Signal you can verify user identify, and you should absolutely do it if were to discuss national security maters.
This is not a hidden feature, I think it’s designed to prevent man in the middle attack. It also work against the “oops I accidentally added a journalist to my conversation no one should know of”, which is so dumb that no one saw this coming 😅
Dont use consumer apps for national security matters.
There was a vulnerability identified in Signal last year that caused the British to discontinue its use. I dont trust the british government but I am wary of what they are wary of.
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.
At least it was Americans talking on an american platform. I wouldn’t be surprised if we had
frenchEuropeans leaders having occasionally this kind of discussions on Microsoft Teams or some Google chat.There was a case recently, related to Ukraine, of a general taking part in a secure video call on his hotel network and it being compromised.
It’s not a security breach per se. Someone accidentally added a journalist to the group. Signal is still as safe as it’s ever been.
PEBKAC