Email or username:

Password:

Forgot your password?
Meredith's posts Post Back to profile
Top-level
Hugo 雨果

@Mer__edith I am deeply worried by how you are trying to misrepresent and distort this situation. Your words are damaging my trust in Signal a lot more than the actual security issue at hand.

You claim that the attack "requires full access" (it only requires read-only access), that it cannot be avoided (other messaging clients protect against this particular scenario), and that is was disclosed irresponsibly (the issue was mentioned and circulated on twitter a year or two ago).

9 July at 13:08 | Wall-to-wall | Open on fosstodon.org
2 comments
jntesteves

@whynothugo @Mer__edith There is no such thing as read-only access to a computer. To read and exfiltrate data, you must have control of the machine. Control is full access, the terms are used interchangeably.

9 July at 14:58 | Open on fosstodon.org
Hugo 雨果

@jntesteves An attacker might have access to backups, or might be able to run code as an unprivileged user. These two (and countless others) scenarios grant an attacker read data without being even close to "full access".

9 July at 16:58 | Open on fosstodon.org
Go Up