zlacker

[return to "Signal app downloads spike as US protesters seek message encryption"]
1. matheu+X2[view] [source] 2020-06-05 02:30:43
>>pera+(OP)
I hope one day apps like Signal will be the default for everyone, not just protesters in a time of crisis.
◧◩
2. senect+a3[view] [source] 2020-06-05 02:33:45
>>matheu+X2
will only happen if phone manufactures ship them by default rather than the unsecure by default ones they ship atm.

Sounds crazy when I say it outloud...

◧◩◪
3. RL_Qui+36[view] [source] 2020-06-05 03:01:16
>>senect+a3
iMessage is end to end encrypted by default. Perhaps not as strongly, but it's a good default to begin with.
◧◩◪◨
4. sfifs+ib[view] [source] 2020-06-05 03:56:42
>>RL_Qui+36
Whenever key management is centralized, there is basically no security from the legal authority in the jurisdiction that the messaging vendor is located in. The vendor can always push you an MITM key. They can even show you the "correct" recipient key when you physically verify but use a different one for the actual message transfer and this would be a trivial easy to obfuscate switch in the program binary.

E2E with centralized key management is primarily to protect you from casual/private threats (vendor employees, snoopers in your or your recipients network) not from legal authority.

◧◩◪◨⬒
5. TheSpi+xg[view] [source] 2020-06-05 05:08:21
>>sfifs+ib
The Signal Foundation is based in Mountain View and both Moxie Marlinspike and Brian Acton are US nationals...

What’s stopping some US government agency from forcing them to insert code that causes the Signal app to a indicate it is behaving correctly but isn’t?

And don’t say “laws”.

If your threat model includes advanced persistent threats all bets are off.

[go to top]