Before you spread panic about imaginary issues with Signal, consider why these rumors might be going around right now and in whose interest it might be for them to do so - ThreadSky

lookitup.baby • 19 days ago

Before you spread panic about imaginary issues with Signal, consider why these rumors might be going around right now and in whose interest it might be for them to do so

Comments

cheetsac7.bsky.social•19 days ago

It's amazing how thorough these assholes are. They are seriously trying to tear down any communications we have.

kyefox.com•19 days ago

I tend to follow @soatok.bsky.social's lead on stuff like this. If he's not shitposting relentlessly about it, it's probably nothing. Not _just_ because he's a friend but because he's written at length and with care for accessibility on the subject of Signal and E2E encryption.

lookitup.baby•19 days ago

hint: it isn’t yours

xylaria.vg•19 days ago

Because you're someone I trust with security, the only one of these "issues" going around that makes sense to me is one I wanted to ask about:
Is it plausible for "message preview" toasts to be something that could be subpoenaed/intercepted? I feel like it *is*, but I'm not sure where that data goes

xylaria.vg•19 days ago

Because like, I shut those off myself for privacy reasons quite a long time ago (if someone can grab your phone and read what's said without unlocking, that's kinda bad), but I never even considered the idea that someone in theory could intercept them remotely. Is that...a thing?

lookitup.baby•19 days ago

there have been threat models that involve message previews (generally involving third parties rather than Signal itself), and within Signal you can solve that problem entirely by simply turning them off

xylaria.vg•19 days ago

right, that lines up with what I suspected. every time I heard about it I'm like, "this actually sounds reasonable and seems like an easy thing to just not have to worry about"

one of the very few "conspiracies" about signal that's just got good security practice to it. thanks!

royx.bsky.social•19 days ago

Some apps send the contents of notifications thru Google/Apple services.

I've seen Signal say that they only use that infrastructure to wake up the app to tell it to fetch the notification from Signal, e2ee

youranonnews.bsky.social•19 days ago

If your identity is known, your records can be subpoenaed. Signal does not prevent that.

thatisabigmood.bsky.social•18 days ago

the question is if “your records” include message previews

lookitup.baby•18 days ago

You can turn those off

nighttrace.org•18 days ago

And you should!

segyges.bsky.social•19 days ago

welcome back

jacobian.bsky.social•19 days ago

Also, signal is generally better than other systems.

Also, don't trust any system. Bee smart and defensive no matter what

darkglade.bsky.social•19 days ago

Also this ^^^

shampoochan13.bsky.social•19 days ago

What issues?

heretakethisl.bsky.social•19 days ago

I don't have X anymore, but I'm willing to bet this has to be the guys who complained about how the desktop client stored keys.

If it is those guys, then I understand. They acted like they found an RCE exploit.

bobas.online•19 days ago

i really want to love signal but the lack of custom emojis is a dealbreaker for my friends group chat :(

bobas.online•19 days ago

we were using discord and then telegram, but we’re back to discord due to telegram…. everything

7leaguebootdisk.bsky.social•19 days ago

I mean, you can not have it notify everyone in your address book that you installed Signal finally. That was stopping me for a long time, because I have people whose name I want in my phone so I don't answer them.

birdetta.bsky.social•19 days ago

I don't trust Signal. I trust the alternatives less. Stop typing things into phones.

riverofdiversity.bsky.social•19 days ago

So say them, typing things into phones (Or a other device). 🤷

disorderlyf.bsky.social•19 days ago

curious, was this sent from a mobile device or website on a desktop/laptop?

nekointheshell.com•19 days ago

there's an issue with signal?

write a patch and submit a pull request. :P
https://github.com/signalapp/Signal-iOS

ktpanda.org•18 days ago

It's actually a Cloudflare issue from what I understand. There might be something Signal could do to mitigate it though.

dustinfinn.bsky.social•19 days ago

Is a real solid tutorial on how to set it up on the computer that walks you through keeping it secure and encrypted on (window/mac) - cuz always feels like it’s an escape vector that a lot of messaging apps fall into problems with

huenix.com•19 days ago

I work adjacent to this space and I can't begin to tell you how insecure WhatsApp is. And for as bad as it is, Telegram is terrible.

axelorsolini.bsky.social•19 days ago

It’s ok not to trust anything. Ideally we could build an app from the ground up to know there’s privacy. I don’t think it’s even needed though

lookitup.baby•19 days ago

I realize you probably mean well, but this is a bad idea. You do not want to roll your own cryptography. It is not needed because Signal already did it

axelorsolini.bsky.social•19 days ago

A hypothetical new app would obviously use existing cryptography. I assume people are paranoid about the internet connection parts of the app

lookitup.baby•19 days ago

You want to build a messaging app that doesn’t connect to the Internet?

axelorsolini.bsky.social•19 days ago

For it to be trusted for any clandestine activity we would have to control all the infrastructure it uses in the internet. At any rate it's probably overkill the Taliban kicked out americans without even scrambled radio I'm sure

darkglade.bsky.social•19 days ago

100% this, there's been a lot of rumor mongering about Signal which appears to be intended at driving people to other platforms like WhatsApp and Telegram, and well... It's pretty clear to me why one might want to convince people to switch from Signal to THOSE apps...

lookitup.baby•19 days ago

Uh huh.

heretakethisl.bsky.social•19 days ago

Either that or they pass a law backdooring all the encryption algos used by these apps

pauljamesharper.bsky.social•19 days ago

"Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger." https://medium.com/@thegrugq/operational-telegram-cbbaadb9013a

thatladytanja.bsky.social•18 days ago

Anyone who still doesn’t know Telegram is Kremlin product, where have you been for the last few years???

typingloudly.zip•19 days ago

I would use signal if I still had friends to talk to

telegram is so fucking compromised

funkys.bauble.boutique•19 days ago

Hard agree, and this is coming from someone who prefers https://matrix.org and https://briarproject.org

Encryption is encryption

That said, don't be too silly on an electronic device kids lol

systematicrabbit.bsky.social•19 days ago

Matrix has a slightly higher barrier to entry (in the same way Pixelfed or Mastodon does), but it's better. My instance is external to the U.S. so unless the U.S. goes all N. Korea, we good. Signal is primary tho at this juncture.

funkys.bauble.boutique•19 days ago

Briar is an even higher barrier to entry tbh

But holy hell it's awesome

I do worry about how centerialized communications are easier to shut down (i.e. us goes bye bye signal), but I don't think that should flat out eliminate signal as an option.

Matrix and briar are harder to kill

funkys.bauble.boutique•19 days ago

And I'll probably be advocating for them as at the very least a backup in the situation signal goes down

systematicrabbit.bsky.social•19 days ago

Why in the world haven't people turned of all their lock screen preview tho TBH? Give your data to any rando looking atcha. SMH

funkys.bauble.boutique•19 days ago

Frfr

crobi.bsky.social•19 days ago

it's a fuckin frantic wave of bullshit and it's hard to think about this shit every time. ugh :(

alp1n3.dev•18 days ago

100% of the problems people bring up w/ Signal are either:

1) Imaginary / Unable to prove.
2) Able to be fixed with a settings change.

Signal by default balances privacy with usability for the normies (a good thing), and it’s hard to see why they’d be criticized for that.

vonmuf.bsky.social•19 days ago

I use Signal but I’m also conscious of the fact that it’s US-based and hence subject to US laws.

openbuddha.bsky.social•19 days ago

And that means what? Really? They don't have your data.

void-turtle.bsky.social•19 days ago

The primary concern (imo) is that the US government could shut it down pretty quickly if they ever really wanted to. I think Signal is great as a primary messaging app, but we should be already connected on decentralized apps that we can seamlessly switch to in that event

vonmuf.bsky.social•19 days ago

This - exactly.

From an EU perspective the US government is unstable and can’t be relied upon.

More widely, the EU needs to urgently start weaning itself off its lazy reliance on US technology. It puts us in a very weak negotiating position.

catsluck.bsky.social•19 days ago

Even a solid steel door is insecure if you fail to lock it. Know how to use and secure the tools you depend on.

disorderlyf.bsky.social•19 days ago

I think this is the first time I've seen a detracting statement about using more secure communication that is actually productive. props

ddpsec.bsky.social•18 days ago

Saw a video on how to securely setup Signal, and one thing that was brought up (for android users) was the keyboard ap my be saving your keystrokes. An alternative keyboard being recommended was FUTO keyboard.
Has anyone been able to confirm that keyboard apps are logging our information?

lookitup.baby•18 days ago

Uh, I’m not an Android user but I would trust the default keyboard more than a third party app

lookitup.baby•18 days ago

Third party keyboard apps absolutely can and do log your information and do Maude knows what with it

ddpsec.bsky.social•18 days ago

More research into this will have to be done at a later time. Thank you for the input!

clawclawbite.bsky.social•18 days ago

Any good recent public cyber audits of signal, especially the new functionality that lets users export all messages? Would love to see if that's encrypted in a memory dump #noRASP

Or was the last good public audit back when Marlinspike used to run Signal?

https://www.bleepingcomputer.com/news/security/signal-will-let-you-sync-old-messages-when-linking-new-devices/

ellearmageddon.bsky.social•19 days ago

co-signed

ellearmageddon.bsky.social•19 days ago

i mean, you don’t need my co-sign, bc you know what you’re talking about, but i figure anarchists agreeing is noteworthy in its own right ;)

lookitup.baby•19 days ago

What you mean? Anarchists love to agree with each other! We do it all the time 😂

mybookstand.bsky.social•16 days ago

https://sub.media/its-revolution-or-death-part-2-heads-up-the-revolution-is-already-here/

ethanclsn.bsky.social•19 days ago

I have it a good authority that they also like snacks

ellearmageddon.bsky.social•19 days ago

i stand corrected :p

signalblur.bsky.social•19 days ago

Anarchy in the blUesKy

jonathanstegall.bsky.social•19 days ago

I was saying the other day that I think when people spout off bullshit about Signal it (among other things) whether intentional or not seems to deflect people’s attention from actual risk.

bdowney.bsky.social•19 days ago

Let's recall Musk was one of the people spreading those rumors (though apparently it was because terrible people had their phones physically seized or narc-ed on each other).

Comments

Posting Rules

Reply