Privacy

31905 readers

442 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

483

Signal under fire for storing encryption keys in plaintext on desktop app (stackdiary.com)

submitted 4 months ago by ForgottenFlux@lemmy.world to c/privacy@lemmy.ml

258 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] uis@lemm.ee 0 points 4 months ago (1 children)

But, but, "just use disk encryption". Just...no...WTF?

So not encrypting keys is bad, but actually encrypting them is bad too? Ok.

Any on of your recipients could be using the desktop app and there's no way to know unless they tell you.

Another applefan? How it THIS supposed to be in scope of E2EE? Moreover, how having a way to know if recepient is using desktop app is not opposite of privacy?

On top of that, all messages filter through Signal's servers, adding a single-point-of-failure to everything. Take away the servers, no more Signal.

Indeed. This is why I use Matrix. Also, fuck showing phone numbers to everyone(I heard they did something about it) and registration with phone numbers.

[–] DemBoSain@midwest.social 0 points 4 months ago (1 children)

Any "secure" so that relies on someone else for security is not secure.

Fuck the scope of E2EE. Signal makes a lot of claims on their website that are laughable. The desktop app is their main weakness. Attachments are stored unencrypted, keys in plaintext. If they were serious about security, they would depricate the windows app and block it from their servers.

WTF does Apple have to do with anything?

[–] uis@lemm.ee 0 points 4 months ago (1 children)

Any "secure" so that relies on someone else for security is not secure.

Fuck the scope of E2EE.

When someone has FSB/NSA agent behind them reading messages, no amount of encryption will help. Biggest cybersecurity vulnreability is located between monitor and chair. When you are texting someone else, that someone else's chair-monitor space is also vulnreable.

Signal makes a lot of claims on their website that are laughable.

Well, maybe. I didn't read their claims, nor I use signal.

Attachments are stored unencrypted, keys in plaintext.

Is OS-level encryption plaintext or not? If yes, then they are encrypted, provided user enables such feature in OS. If not - nothing if encrypted fundamentally.

If they were serious about security, they would depricate the windows app and block it from their servers.

WTF does Apple have to do with anything?

You just used applefans' argument. Yeah, I wonder what.

[–] DemBoSain@midwest.social 0 points 4 months ago

Well, maybe. I didn't read their claims, nor I use signal.

Your opinions are invalid.