• @[email protected]
    link
    fedilink
    English
    84 months ago

    “The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide,” responded the Signal employee.

    Tl:dr Signal is ‘insecure’ in the same way your mail is ‘insecure’ after you’ve opened it and it’s sitting on your counter. What, you don’t keep you mailed locked up inside you own house just in case someone breaks in?

    • @[email protected]
      link
      fedilink
      English
      74 months ago

      I actually manually hash every letter I receive using a rotating cypher kept in a secure vault. Always rough when the letters include images… Had to invest in a storage unit for the pixel-by-pixel encryption of last year’s Christmas cards.

      • @[email protected]
        link
        fedilink
        English
        24 months ago

        This is why I refuse to communicate sensitive information outside of telepathy. Know what I mean? 😵‍💫

        • @[email protected]
          link
          fedilink
          English
          24 months ago

          Yeah I do, but please stop sending me unsolicited dick 'paths. Just because they’re secure doesn’t mean they’re wanted.

  • @[email protected]
    link
    fedilink
    English
    0
    edit-2
    4 months ago

    The comment about waiting until there’s twitter drama to fix something is spot on. It took them a few days to fix this and it could’ve saved them the bad publicity for such an obvious fix.

    Others have been asking for a password prompt for years too. Using the local keychain is good, though a user-defined password is a good option too. However, many people have terrible opsec and would probably opt for horribly weak passwords.

    At least something has finally been done.

    Anti Commercial-AI license