• Dem Bosain@midwest.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    Why is Signal almost universally defended whenever another security flaw is discovered? They’re not secure, they don’t address security issues, and their business model is unsustainable in the long term.

    But, but, if you have malware “you have bigger problems”. But, but, an attacker would have to have “physical access” to exploit this. Wow, such bullshit. Do some of you people really understand what you’re posting?

    But, but, “windows is compromised right out of the box”. Yes…and?

    But, but, “Signal doesn’t claim to be secure”. Fuck off, yes they do.

    But, but, “just use disk encryption”. Just…no…WTF?

    Anybody using Signal for secure messaging is misguided. Any on of your recipients could be using the desktop app and there’s no way to know unless they tell you. On top of that, all messages filter through Signal’s servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      But, but, “just use disk encryption”. Just…no…WTF?

      So not encrypting keys is bad, but actually encrypting them is bad too? Ok.

      Any on of your recipients could be using the desktop app and there’s no way to know unless they tell you.

      Another applefan? How it THIS supposed to be in scope of E2EE? Moreover, how having a way to know if recepient is using desktop app is not opposite of privacy?

      On top of that, all messages filter through Signal’s servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.

      Indeed. This is why I use Matrix. Also, fuck showing phone numbers to everyone(I heard they did something about it) and registration with phone numbers.

      • Dem Bosain@midwest.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        Any “secure” so that relies on someone else for security is not secure.

        Fuck the scope of E2EE. Signal makes a lot of claims on their website that are laughable. The desktop app is their main weakness. Attachments are stored unencrypted, keys in plaintext. If they were serious about security, they would depricate the windows app and block it from their servers.

        WTF does Apple have to do with anything?

        • uis@lemm.ee
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          6 months ago

          Any “secure” so that relies on someone else for security is not secure.

          Fuck the scope of E2EE.

          When someone has FSB/NSA agent behind them reading messages, no amount of encryption will help. Biggest cybersecurity vulnreability is located between monitor and chair. When you are texting someone else, that someone else’s chair-monitor space is also vulnreable.

          Signal makes a lot of claims on their website that are laughable.

          Well, maybe. I didn’t read their claims, nor I use signal.

          Attachments are stored unencrypted, keys in plaintext.

          Is OS-level encryption plaintext or not? If yes, then they are encrypted, provided user enables such feature in OS. If not - nothing if encrypted fundamentally.

          If they were serious about security, they would depricate the windows app and block it from their servers.

          WTF does Apple have to do with anything?

          You just used applefans’ argument. Yeah, I wonder what.