Gregory's Server
I want to make it clear that it is theoretically possible to prevent this attack, that many other messaging clients prevent against it, and even alternative clients to Signal's network prevent it.
Flare (an alternative Signal client) DOES protect against this specific attack: https://gitlab.com/Schmiddiii/flare/
Your claims of "This is not something that Signal [...] can protect against" is complete BS.
@whynothugo @Mer__edith The quote you’ve cut short is:
The reported issues rely on an attacker already having *full access to your device* — either physically, through a malware compromise, or via a malicious application running on the same device. This is not something that Signal, or any other app, can fully protect against. Nor do we ever claim to.
I understand that to mean that Signal can not stop an attacker taking over your system. Which is true.
The rest of the thread mentions that Signal are looking at implementing at-rest mitigations.
Should Signal have done this from the start? Yes, I believe they should. And criticism that they didn’t is also valid.
Raising a PR that fixes the issue would have been even better.
@whynothugo @Mer__edith The quote you’ve cut short is:
The reported issues rely on an attacker already having *full access to your device* — either physically, through a malware compromise, or via a malicious application running on the same device. This is not something that Signal, or any other app, can fully protect against. Nor do we ever claim to.