Recent searches
Search options
“That is, the most likely reason why Trump’s entire national security team was using an insecure platform to plan war strikes was to ensure there were no embarrassing records for posterity, a violation of the law.”
Folks, I’m seeing more of this lately so please, stop. Understand what you’re taking about before spouting off. Signal *is* a secure platform and peddling nonsense like this is only going to make people less secure if they believe it and stop using it. What it can’t do is protect you if you’re clueless enough to add someone to your *secure* conversation who shouldn’t be there.
Signal is not a SCIF.
Sure, there's a lot of security, but it is not the level required by law for US national secrets.
@TCatInReality Indeed. So folks should say that instead of making imprecise statements.
| 
| 
| 
@TCatInReality@mastodon.social @aral@mastodon.ar.al Not only "not the level required", its "disappearing message" feature directly contradicts the requirements of government messaging.
Secure - to a point.
Everything has a weak spot, especially with user's errors.
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Feb 19, 2025Ravie Lakshmanan
https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html?m=1
@504DR @aral other people pointed out that phones are not _that_ secure. Who knows, maybe one of these guys could have other apps that they happened to like on there.
Even if they're sandboxed, that's not really the level of security you'd expect here, really you'd expect dedicated devices, at least.
Also i read somewhere another problem is accountability, these conversations _must_ be archived.
@aral But people who don't know what they're talking about authoritatively peddling nonsense is the cornerstone of journalism! The Gell-Mann amnesia effect depends on it!
Signal is insecure in the sense that it is owned by a private entity outside of the state’s control and on private devices outside of a SCIF.
Private devices like these also circumvent requirements to save records of policy discussions like these, which normally occur over hundreds of emails, memos, notes, meeting minutes, etc, and not a couple of group chats set to automatically delete after a set period of time.
@aral The problem Aral is that US news is *searching hard* to demonstrate phishing attacks, keylogging, and backdoors / OS malware as somehow issues with #signal. Just saw an NBC piece that was atrocious where they blamed bogus QR codes as somehow a Signal problem. They'll find #infosec people to either scramble the facts or talk about phishing and be taken out of context.
@aral A secure "system" has to include the endpoints included and the people operating them, not just the server-side. Anyone who regularly handles this kind of information is usually smart enough to _assume their personal phone is already compromised_ and only use secure channels to begin with. How competent do you suppose these dummies are at securing their actual phones...? 
@aral
I was a USAF Communications-Electronics Officer stationed at the NSA Communications Center. You're WAY out of your depth here. Even without the breach involving the "accidental" inclusion of the journalist as a recipient, using Signal for the interchange in question is a standalone crime and everyone involved should be charged.
@aral that looks like something Marcy wheeler posted and she generally knows her subject matter. She wasn’t dissing signal, she was explaining that not using sanctioned us government communications circumvented record keeping and makes fulfilling freedom of information requests avoidable.
@aral "Insecure" is a relative definition. In this case, the creator of the group chat was able to casually add a journalist (from his suggested contact list), while an actually secure platform would be restricted to those who should be in the group.
Signal may be secure for everyone else, but not for anything Top Secret.
@arem Signal’s threat model doesn’t include protecting you from being an idiot, no.