• BearOfaTime@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    7 months ago

    I just read the post (you linked) by signal. Note the use of the word “plaintext”.

    we don’t have a plaintext record of your contacts, social graph, profile name, location, group memberships, groups titles, group avatars, group attributes, or who is messaging whom.

    Whenever someone qualifies a statement like this, without clarifying, it’s clear they’re trying to obfuscate something.

    I don’t need to dig into the technical details to know it’s not as secure as they like to present themselves.

    Thanks. I didn’t realize they were so disingenuous. This also explains why they stopped supporting SMS - it didn’t transit their servers (they’d have to add code to capture SMS, which people would notice).

    They now seem like a honeypot.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      7 months ago

      They are very much not. Anyone who tells you this is a state influencer or someone who believed a state influencer.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Saying something has the capabilities of a honeypot, is the correct thing to do when we’re assessing our threat model.

        Is it a honey pot? I don’t know. It’s unknowable. We have to acknowledge the the actual capabilities of the software as written and the data flows and the organizational realities.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          My concern is people stay away from Signal in favor of unencrypted privacy nightmares. It happened with DDG a while back where I knew people who used Google because DDG had privacy issues. It sounds dumb but it is a true story.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 months ago

            Sure. I still encourage people to use signal. Most people don’t have a threat model that makes the honey pot scenario a viable threat. In this thread we are talking about its downsides, which is healthy to do from time to time. Acknowledging capabilities is a good exercise.