this post was submitted on 05 Apr 2025
552 points (97.1% liked)

Technology

69041 readers
3406 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
552
The Signal and the noise: Why the messaging app is great for privacy but not for war plans. (thebulletin.org)
submitted 2 weeks ago by Tea@programming.dev to c/technology@lemmy.world
54 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] kittenzrulz123@lemmy.blahaj.zone 36 points 2 weeks ago* (last edited 1 week ago) (2 children)

Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump would reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.

[–] piecat@lemmy.world 4 points 2 weeks ago

Yeah- that is a bit odd. Who and if not intentional, how?

[–] JiminaMann@lemmy.world 2 points 1 week ago (1 children)

What security vulnerabilities does signal have?

[–] kittenzrulz123@lemmy.blahaj.zone 5 points 1 week ago (2 children)
[–] sugar_in_your_tea@sh.itjust.works 6 points 1 week ago* (last edited 1 week ago) (1 children)

The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That's incredibly unlikely for a regular citizen, but it's a lot more likely for an important position like the head of the Department of Defense or something.

NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

[–] kittenzrulz123@lemmy.blahaj.zone 3 points 1 week ago (1 children)

Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)

[–] sugar_in_your_tea@sh.itjust.works 3 points 1 week ago* (last edited 1 week ago) (1 children)

Same. I'm just generally pretty cyber-security curious, and have read a bit on this topic.

I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.

BTW, thanks for providing the CVEs, I hope that answers a few peoples' questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).

[–] kittenzrulz123@lemmy.blahaj.zone 3 points 1 week ago

Thats why the Linux kernel has a massive amount of CVEs, its extensively audited and researched.

[–] JiminaMann@lemmy.world 3 points 1 week ago

Hmm, last cve was in 2023...