412 sats \ 3 replies \ @ek 11 Jul freebie
Encrypting the database key makes encryption at rest more secure but it doesn't prevent exfiltration in all scenarios afaik.
When you open Signal Desktop, your data gets decrypted and thus malware just has to wait until you do that.
I think that's what Whittaker means with "Signal cannot completely protect your data" and why this issue wasn't taken serious:
I can kind of get behind this reasoning but it's still weird that this wasn't implemented until now. It was maybe a UX vs security trade-off?
reply
234 sats \ 0 replies \ @kepford 11 Jul
I co-sign this @ek
I do wonder if the recent spiciness around Signal and its board might be contributing to this stuff. It is hard to separate the technical from the political as we know from the bitcoin world.
reply
100 sats \ 0 replies \ @nout 11 Jul
It's the same thing on the phone. If you caught Pegasus, then using Signal doesn't provide any extra privacy - all your taps or keystrokes can be tracked and exported.
reply
10 sats \ 0 replies \ @wealthcrumb 11 Jul
It also takes a while to open up. IDK if a fix would slow that down even more or not
reply
0 sats \ 0 replies \ @SatsMate 12 Jul
This I see at positive. People should be publicly going after companies with vulnerabilities. If you are creating products, expect people to come back dissecting the flaws. You see change quick then!
I think Signal should have more bug bounties/white hackers though. Companies never want to erode their reputation.
reply