this post was submitted on 03 Sep 2022
25 points (100.0% liked)

Security

5010 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
25
submitted 2 years ago* (last edited 2 years ago) by jonesv@lemmy.ml to c/security@lemmy.ml
 

Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] cypherpunks@lemmy.ml 2 points 2 years ago* (last edited 2 years ago) (1 children)

Signal's "sealed sender" metadata protection is a farce.

Their use of phone number identifiers is a gift to police and other violent adversaries around the world, including those that amazon doesn't cooperate with. When one person's phone gets seized or otherwise compromised, that adversary gets a list of the phone numbers - aka strong selectors in intelligence lingo - of all of the victim's contacts.

Signal's initial growth was funded with millions of USD from the US government, ostensibly for use by dissidents in places like China and Iran. The former requires ID to obtain a phone number, and the latter requires fingerprints. Even people who support the US's soft power efforts to aid dissidents in those countries should be disturbed by the promotion of the use of phone numbers for "secure communication" in those contexts.