Email or username:

Password:

Forgot your password?
Top-level
Meta

@alextecplayz
The issues you linked are about Signal storing stuff unencrypted. The only real new issue that came up with mysk imo is that you can clone a session. That's not in the issues and should have been a responsible disclosure.

Providing the option for a custom encryption password is something Signal *should* do. It's the same for mobile, which is why I'm using Molly. But it's not something they *must* do, as you imply. It's a valid feature request, not a bug.

The only thing Meredith said is impossible is to protect against full system access. I agree that it's a bit mialeading, but it is reasonable to assume that if someone can read your files, they can also read your screen. And Signal can't protect against that.

1 comment
AlexTECPlayz

@metacolon Okay, the cloning session thing might be new, I haven't looked up on that. But I'm mostly talking about the attachment encryption issue here.

Yes, it's not something that Signal must do, but they should, considering they're always up talking about how privacy and security are so important. It's not a good look for a project dedicated to this, to ignore such a feature.

Apparently they did the data encryption at-rest for Signal on Android (before it was removed? and added back? by Molly) because Android didn't have "usable" FDE at the time.

And, come on, if WhatsApp has data encryption at-rest, I think it would be almost necessary for Signal to have it too, just because WA would be superior in this specific regard otherwise.

" but it is reasonable to assume that if someone can read your files, they can also read your screen" - this would depend on the OS. Linux has Wayland to prevent this, Android allows apps to prevent screen captures (screenshots would be blacked out).

@metacolon Okay, the cloning session thing might be new, I haven't looked up on that. But I'm mostly talking about the attachment encryption issue here.

Yes, it's not something that Signal must do, but they should, considering they're always up talking about how privacy and security are so important. It's not a good look for a project dedicated to this, to ignore such a feature.

Go Up