Email or username:

Password:

Forgot your password?
Michał "rysiek" Woźniak · 🇺🇦's posts Post Back to profile
Top-level
Michał "rysiek" Woźniak · 🇺🇦

Apart from the consent issue (which I think is major), there is also added risk.

More code means more bugs means more attack surface. #Signal is used by, and in fact it is *marketed at*, people at-risk: journalists, activists, and so on.

Adding such a weirdly unrelated feature adds a bunch of potentially vulnerable code, and also adds a lot of complexity for the user. And, for #InfoSec people who might be responsible for helping that user stay safe using Signal.

7 Nov 2022 at 19:54 | Open on mstdn.social
3 comments
Michał "rysiek" Woźniak · 🇺🇦

Finally, if #Signal insists on getting deeper and deeper into social-network territory, this might expose it to additional regulatory burden.

There are laws and regulations that specifically focus on social networks, but not necessarily on IM systems.

By crossing that line (as blurry as it is), Signal exposes itself to more *legal* risk and potential legal trouble, at a time where plenty of legal challenges already exist for encrypted communication tools (consider #ChatControl).

#InfoSec

7 Nov 2022 at 19:58 | Open on mstdn.social
Michał "rysiek" Woźniak · 🇺🇦

We *need* safe, encrypted, privacy-respecting IM.

For all its flaws (its centralized nature, using phone numbers for identifiers), #Signal has emerged as a kind of standard, reasonably trusted IM in the journalist-activist space.

With all the time and effort put into moving people over to it by activists and #InfoSec professionals like myself over the years, risking that to farm a bit more MAU feels like… betrayal.

I did a "drunken rant" talk about this at #MCH2022
media.ccc.de/v/mch2022-196-sig

We *need* safe, encrypted, privacy-respecting IM.

For all its flaws (its centralized nature, using phone numbers for identifiers), #Signal has emerged as a kind of standard, reasonably trusted IM in the journalist-activist space.

With all the time and effort put into moving people over to it by activists and #InfoSec professionals like myself over the years, risking that to farm a bit more MAU feels like… betrayal.

7 Nov 2022 at 20:09 | Open on mstdn.social
Killab33z O.G.

@rysiek I enjoyed your talk at #MCH2022.

Most people didn't care when #Signal:

1. Started using Google and Amazon servers for their infrastructure.
2. Refused to look into federation resulting in it being blocked in certain countries and people having to run proxies...
3. Refusing to add the app to #FDroid store.
4. Put a #cryptocurrency into it with no public code updates for 1 year. The famous #MobileCon.

How is Signal still trusted at all? And now social media is just 200% lol

@rysiek I enjoyed your talk at #MCH2022.

Most people didn't care when #Signal:

1. Started using Google and Amazon servers for their infrastructure.
2. Refused to look into federation resulting in it being blocked in certain countries and people having to run proxies...
3. Refusing to add the app to #FDroid store.
4. Put a #cryptocurrency into it with no public code updates for 1 year. The famous #MobileCon.

8 Nov 2022 at 0:30 | Open on hispagatos.space
Go Up