Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.

  • JonesOP
    link
    fedilink
    42 years ago

    This seems completely off-topic to me. I never said I have nothing to hide. The Signal client app (i.e. the part that you can audit, compile and run, not the server) provides a lot of privacy already: e2e encryption via the excellent Signal protocol, private profile, private groups, sealed sender. So in terms of metadata, the Signal server never knows what you write, who is in which group, and to whom you are writing. Again, from the client code that you can audit yourself before you run it.

    On top of that, leveraging the secure enclaves, the Signal server (tries to) guarantee(s) the private contact discovery (based on the hashes of your contact list). Which means that if you trust the SGX enclave, all that the Signal server knows is your phone number. If you don’t trust the enclave, then you can assume that the server got access to your contacts when you did the discovery (i.e. when you installed the app).

    That’s very, very, very far from saying I have nothing to hide.

    • @linzilla@lemmy.ml
      link
      fedilink
      02 years ago

      Signal introduced closed-source server side code last November. The founder and CEO stepped down from his position this January… End of story to me about Signal

      • JonesOP
        link
        fedilink
        22 years ago

        Signal introduced closed-source server side code last November.

        What? I’m not aware of that. Source?

      • bkrl
        link
        fedilink
        2
        edit-2
        2 years ago

        Oh yeah bro. You have my thumbnail up. Seems only a detail but freedom defenders (Signal) have their backs sitted in California…