Signal itself is not vulnerable. This article needs to correct itself. Signal is only vulnerable if the DEVICE THAT USES IT is compromised. Using devices that can be compromised is the issue here. Do not use that device to discuss anything confidential if you are in the government.
They’re refusing to use government issued devices. They’re all using personals. This was an issue last time around, too. There’s a whole fucking division of the government (that I’m sure they’re hollowing out now) whose job it is to make sure people who need secure devices have them and use them.
When Hillary Clinton used a private email server like her Republican predecessors, it was such an enormous breech of security that it launched numerous investigations (all by Republicans, and none concluding that any crimes occurred, or damage was done), and we are still hearing them whine about it to this day. Yet these dopes use off-the-shelf iPhones for communication, exposing our most precious secrets, and none of them think it’s an issue.
The only reason we know about this was because they reached a spectacular new level of incompetence, and literally invited a reporter to join them. How many times have they done this before, and how many times will they keep doing it? Discussing classified operations over unsecure phones, that is, not inviting reporters to join in. That will never happen again.
Her predecessors didn’t do that. They were literally using Hotmail and Gmail. Making their performative outrage even more absurd.
Clinton’s server wasn’t strictly to the standards of regulation and laws. But it wasn’t a fucking public email server hosting your grandmother’s Viagra spam.
How many times have they done this before, and how many times will they keep doing it? Discussing classified operations over unsecure phones, that is, not inviting reporters to join in. That will never happen again.
We previously didn’t think they were stupid enough to do it once, and yet, they did. “Never” would imply a capability to learn from their mistakes that they do not possess.
What makes me sick is all the centrists and Leftists and low-information idiot voters who fucking believed all that shit about Hillary. Fash gonna fash, I expect them to be liars and hypocrites. But THOSE fucking dumbasses, the “Hillery gives me bad vibe so I vote for orange man” unga-bunga paint sniffers? That’s what makes me sick.
Yeah, their terrible behavior, policies, and plans all make sense when you finally realize that they are all Russian assets. They aren’t acting like Americans charged with the responsibility of protecting and managing our government. They are acting like Russian deep cover operatives charged with dismantling and crashing the American government.
Signal itself is not vulnerable. This article needs to correct itself. Signal is only vulnerable if the DEVICE THAT USES IT is compromised.
I think the description of vulnerability is subjective in this case. It could be that signal is inherently more vulnerable than official channels, as Signal is a private corporation that has no motivation to disclose any failures in their security.
I don’t think the article is trying to blame Signal in any way, it’s just not the proper communication channel and thus utilizing it is an inherent vulnerability no matter how secure their encryption may be.
I think the description of vulnerability is subjective in this case.
No, it really isn’t. The Signal protocol enables E2EE, meaning you don’t have to worry about the server infra (that is, even if you don’t buy that they’re using the FOSS server code they say they are, it’s irrelevant). The Signal protocol is open and has been examined forwards and backwards over and over by security researchers around the world. I can’t emphasize how many eyes are on this protocol because of how prolifically used it is, including by government officials worldwide. The app is FOSS, and like the protocol, it has a ton of eyes on it for the same reason. The app is a reproducible build, meaning that if Signal baited you with a fake app, it would be found out immediately.
It could be that signal is inherently more vulnerable than official channels, as Signal is a private corporation that has no motivation to disclose any failures in their security.
I don’t think the article is trying to blame Signal in any way, it’s just not the proper communication channel
Agreed. But here, I agree it’s not the proper channel 1) because it’s on their personal devices which the person you’re responding to clearly stated and 2) a Signal chat (likely intentionally on their part) bypasses crucial records keeping laws. A known vuln for example is if someone has access to your phone, they can link their own personal device and read your messages as they come up. But again, that requires access to your phone, which becomes problematic if and only if you’re using your own personal device rather than a secure government one.
and thus utilizing it is an inherent vulnerability no matter how secure their encryption may be.
No. Again, that’s not an inherent vulnerability. Using it on their personal devices is, but unless you can come up with a vulnerability in the app itself or the protocol itself, then you’re just agreeing with the person you’re replying to.
Signal is a publicly available app that provides encrypted communications, but it can be hacked. It is not approved for carrying classified information. On March 14, one day before the strikes, the Defense Department cautioned personnel about the vulnerability of Signal, specifically that Russia was attempting to hack the app, according to a U.S. official who was not authorized to discuss the matter publicly and spoke on the condition of anonymity.
One known vulnerability is that a malicious actor, with access to a person’s phone, can link his or her device to the user’s Signal and essentially monitor messages remotely in real time.
This reads to me like Signal has weaknesses. Also, just so everyone is aware:
The Signal Technology Foundation, commonly known as the Signal Foundation, is an American Non-profit organization founded in 2018 by Moxie Marlinspike and Brian Acton. Its mission is to “protect free expression and enable Secure communication through Open source Digital privacy”. Its subsidiary, Signal Messenger LLC, is responsible for the development of the Signal messaging app and the Signal Protocol.
Signal is an open-source, encrypted messaging service for instant messaging , voice calls, and video calls . The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.
Calling it a “vulnerability” that someone with full access to an authorized device can use it to authorize another device is crazy. That’s not Signal’s issue, that’s an issue with your device security. The app has to trust the logged in user; if it doesn’t, then even displaying the data could be a breach.
Signal itself is not vulnerable. This article needs to correct itself. Signal is only vulnerable if the DEVICE THAT USES IT is compromised. Using devices that can be compromised is the issue here. Do not use that device to discuss anything confidential if you are in the government.
This is not Signal’s fault at all.
There is no doubt in my mind that their phones are compromised.
They’re refusing to use government issued devices. They’re all using personals. This was an issue last time around, too. There’s a whole fucking division of the government (that I’m sure they’re hollowing out now) whose job it is to make sure people who need secure devices have them and use them.
That’s nuts. I couldn’t even imagine putting anything gov or company secret into a personal device. Hell at work I even watch what I type into google
When Hillary Clinton used a private email server like her Republican predecessors, it was such an enormous breech of security that it launched numerous investigations (all by Republicans, and none concluding that any crimes occurred, or damage was done), and we are still hearing them whine about it to this day. Yet these dopes use off-the-shelf iPhones for communication, exposing our most precious secrets, and none of them think it’s an issue.
The only reason we know about this was because they reached a spectacular new level of incompetence, and literally invited a reporter to join them. How many times have they done this before, and how many times will they keep doing it? Discussing classified operations over unsecure phones, that is, not inviting reporters to join in. That will never happen again.
Her predecessors didn’t do that. They were literally using Hotmail and Gmail. Making their performative outrage even more absurd.
Clinton’s server wasn’t strictly to the standards of regulation and laws. But it wasn’t a fucking public email server hosting your grandmother’s Viagra spam.
Heh-heh
We previously didn’t think they were stupid enough to do it once, and yet, they did. “Never” would imply a capability to learn from their mistakes that they do not possess.
Valid.
Makes me fucking sick that they get away with this shit, particularly after Hillary Clinton.
Fucking sickening.
🫠
What makes me sick is all the centrists and Leftists and low-information idiot voters who fucking believed all that shit about Hillary. Fash gonna fash, I expect them to be liars and hypocrites. But THOSE fucking dumbasses, the “Hillery gives me bad vibe so I vote for orange man” unga-bunga paint sniffers? That’s what makes me sick.
They are compromised, it doesn’t even matter if the software on their phones is too.
Yeah, their terrible behavior, policies, and plans all make sense when you finally realize that they are all Russian assets. They aren’t acting like Americans charged with the responsibility of protecting and managing our government. They are acting like Russian deep cover operatives charged with dismantling and crashing the American government.
Their cover isn’t as deep as they seem to think it is.
They’re so compromised, they even add Editor-in-chiefs to text chains!
But a presidential administration is required to keep classified records, and records of all meetings in general.
It may take decades of FOIA requests, but those records are SUPPOSED TO BE KEPT, not deleted forever after 7 days.
This regime using Signal is a major red flag and a permanent information black hole.
That’s exactly what he’s saying dude. The app works fine, there is no problem with the app. There is a problem with these people using the app.
Tulsi only gave her device to Russian intelligence to install exclusive games not available in the US.
I don’t see the issue here. Gabbard is known to be trustworthy. Let her play the cool games.
I’m renaming her pushi gobbard after hearing how she spoke to my countrywoman
I think the description of vulnerability is subjective in this case. It could be that signal is inherently more vulnerable than official channels, as Signal is a private corporation that has no motivation to disclose any failures in their security.
I don’t think the article is trying to blame Signal in any way, it’s just not the proper communication channel and thus utilizing it is an inherent vulnerability no matter how secure their encryption may be.
The Signal Foundation is a non-profit. The non-profit owns an LLC under the same name which publishes and develops the apps.
The software itself is open source, and licensed under AGPLv3, the same permissive license as lemmy and mastodon.
Calling them a private company with no motivation to disclose any failures in their security is pretty clearly untrue in whole.
No, it really isn’t. The Signal protocol enables E2EE, meaning you don’t have to worry about the server infra (that is, even if you don’t buy that they’re using the FOSS server code they say they are, it’s irrelevant). The Signal protocol is open and has been examined forwards and backwards over and over by security researchers around the world. I can’t emphasize how many eyes are on this protocol because of how prolifically used it is, including by government officials worldwide. The app is FOSS, and like the protocol, it has a ton of eyes on it for the same reason. The app is a reproducible build, meaning that if Signal baited you with a fake app, it would be found out immediately.
They’re a corporation, sure, but in the sense that they’re a 501©(3), not a for-profit. Signal would have every incentive to disclose a failure in “their security” (where here that means their app or the protocol; again, what’s happening on the servers literally, provably, mathematically doesn’t matter). For a privacy org like this, it’s in their best interest to immediately report any problems that might compromise privacy.
Agreed. But here, I agree it’s not the proper channel 1) because it’s on their personal devices which the person you’re responding to clearly stated and 2) a Signal chat (likely intentionally on their part) bypasses crucial records keeping laws. A known vuln for example is if someone has access to your phone, they can link their own personal device and read your messages as they come up. But again, that requires access to your phone, which becomes problematic if and only if you’re using your own personal device rather than a secure government one.
No. Again, that’s not an inherent vulnerability. Using it on their personal devices is, but unless you can come up with a vulnerability in the app itself or the protocol itself, then you’re just agreeing with the person you’re replying to.
This reads to me like Signal has weaknesses. Also, just so everyone is aware:
The Signal Technology Foundation, commonly known as the Signal Foundation, is an American Non-profit organization founded in 2018 by Moxie Marlinspike and Brian Acton. Its mission is to “protect free expression and enable Secure communication through Open source Digital privacy”. Its subsidiary, Signal Messenger LLC, is responsible for the development of the Signal messaging app and the Signal Protocol.
Signal is an open-source, encrypted messaging service for instant messaging , voice calls, and video calls . The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.
Calling it a “vulnerability” that someone with full access to an authorized device can use it to authorize another device is crazy. That’s not Signal’s issue, that’s an issue with your device security. The app has to trust the logged in user; if it doesn’t, then even displaying the data could be a breach.