fsebugoutzone.org:9999

       Post AsRedroeiPCvO0aEqG by signalapp@mastodon.world
 (DIR) More posts by signalapp@mastodon.world
 (DIR) Post #AsRedcLkDcAVPzwRCC by signalapp@mastodon.world
       2025-03-25T22:48:17Z
       
       1 likes, 2 repeats
       
       Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/
       
 (DIR) Post #AsRedjaXJ19xrtuqiu by signalapp@mastodon.world
       2025-03-25T22:48:32Z
       
       0 likes, 1 repeats
       
       One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: https://npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability. The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 2/
       
 (DIR) Post #AsRedroeiPCvO0aEqG by signalapp@mastodon.world
       2025-03-25T22:49:03Z
       
       0 likes, 1 repeats
       
       Phishing isn’t new, and it’s not a flaw in our encryption or any of Signal’s underlying technology. Phishing attacks are a constant threat for popular apps and websites. 3/
       
 (DIR) Post #AsRedzgnRVfrnwy4hc by signalapp@mastodon.world
       2025-03-25T22:49:12Z
       
       0 likes, 0 repeats
       
       In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. If you’re interested in learning more, this WIRED article from February 19th (over a month ago) goes into more detail:https://wired.com/story/russia-signal-qr-code-phishing-attack/ 4/
       
 (DIR) Post #AsRftYzAasnLZXY9Uu by divVerent@blob.cat
       2025-03-26T11:42:50.605653Z
       
       0 likes, 0 repeats
       
       @signalapp From what I read from articles, the only &quot;vulnerability&quot; was that users are shown as an icon with first letters of first and last name, and the journalist happened to match in initials with someone who may have been &quot;intended&quot; to be in that meeting.To which I must say, sorry, that&#39;s human error, not software error. Those tiny avatars were never meant for AAA in the first place, and having just 26^2 choices is obviously weak anyway and not Signal&#39;s fault.In a way there is something Signal _could_ do better though - I could imagine some form of contact groups, and e.g. listing group chat members according to those groups. That way, anyone in the group chat who maintains their contact list would quickly have noticed the &quot;unexpected&quot; person.So, not really a bug, but kinda a feature request for people who use the same chat app for different purposes (e.g. work/personal). As the example in the news shows, maybe not even a fixed list of categories, but an unlimited number of custom categories, like &quot;staff/press/personal&quot; groups.Also, I am not aware of a single chat app that even has this feature, but without the feature, the only somewhat effective way to avoid this problem is to use a different app for each purpose (or, if exactly 2 categories are enough, to use Android&#39;s work profile feature).Another option for Signal to solve this (although a clumsy way, IMHO, but OTOH also cryptographically more sound as key management then has fewer ways to go wrong, so there&#39;s that) is to allow login to multiple accounts on the same device.
       
 (DIR) Post #AsRpVvLwmQJnXEZQHI by ristkof@mastodon.social
       2025-03-26T09:08:19Z
       
       0 likes, 0 repeats
       
       @signalapp also in Belgian national media there&#39;s a professor from Antwerp spreading FUD about Signal ( https://www.vrt.be/vrtnws/nl/2025/03/25/signal-berichten-geheime-besprekingen-amerika/ )…He’s calling it a &quot;commercial app”. He claims intelligence services are able to attack if they want (somewhat credible I guess), and then proposes Threema as a better alternative, because the servers are in Switzerland (which sounds irrelevant to me in the context of e2ee without metadata).
       
 (DIR) Post #AsRpVwQwlJuat1uvi4 by djsumdog@djsumdog.com
       2025-03-26T13:30:31.839040Z
       
       0 likes, 0 repeats
       
       I mean, it was likely funded by the CIA:https://www.kitklarenberg.com/p/signal-facing-collapse-after-ciahttps://yasha.substack.com/p/signal-is-a-government-op-85eHow else would they be able to support that infrastructure? I wouldn&#39;t recommend using the official Signal App if you do use it. Molly is open source and has an F-Droid repository that allows for easier updates if you don&#39;t use any Google Services.