“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”

This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍

  • @ttmrichter
    link
    English
    -31 year ago

    Signal is a great secure private messenger app until you realize that the keyboard is a third-party piece of software and is thus easily compromised. This is doubly so for people in CJK space where third-party IMEs are absolutely essential; Signal doesn’t provide its own keyboard under its control and it certainly doesn’t provide IMEs. So any keyboard/IME can phone home with everything you type into your “secure” app.

    • @iturnedintoanewt
      link
      English
      11 year ago

      Signal’s duty never included input methods. Moreover, if you force a keyboard that doesn’t cover everyone’s keyboard tastes AND language AND typing methods, you suddenly are blocking people from using their own choices. Suddenly you are force-feeding a possibly bad keyboard implantation to many, and taking away interest from the app.

      And, finally, there’s already plenty of free open source and privacy-friendly keyboards. There’s no need to reinvent the wheel for one single app. This is, all in all, a really poor idea.

      • @ttmrichter
        link
        English
        21 year ago

        If your claim is:

        Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.

        Yes, there is in fact a duty to at least warn people that their very means of input is an attack vector. Yet the Signal App public-facing messaging says nothing of the sort. Instead it says:

        State-of-the-art end-to-end encryption (powered by the open source Signal Protocol) keeps your conversations secure. We can’t read your messages or listen to your calls, and no one else can either. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.

        You have to go pretty damned deep in the documentation before you finally get the tepid warning about keyboard apps. Like really deep. With no actual mitigation suggestions or recommendations. Almost as if, you know, they don’t actually give a damn.

        If your target market is security professionals, this is barely forgivable since they would presumably know about attack vectors like this. This, however, is what Signal seems to view their target market as:

        And I, for one, think there’s a responsibility when security pros market to normies. A responsibility which Signal App has been actively dodging (they’ve had their feet held to the fire for this from multiple sources!) for years now.

        Almost as if, you know, they don’t actually give a damn.

        Almost.

        • @iturnedintoanewt
          link
          English
          -11 year ago

          Sorry, but Signal is still a messenger app. They didn’t set to make a keyboard app. You are barking at the wrong tree.

        • @iturnedintoanewt
          link
          English
          -11 year ago

          Sorry, but Signal is still a messenger app. They didn’t set to make a keyboard app. You are barking at the wrong tree.