| What good is a seatbelt if the person sitting next to you can stab you? The blog post makes a point of this not being secure if the person you're messaging is malicious and that's not what it's for. I think these two comments make good points: I just had an interesting conversation with a friend who was recommending that I use Telegram/Wickr, and I told him that Signal was where it's at. Then he asked me if it had self-destructing messages, and I said "Why bother? That can be easily circumvented". His reply was that in some countries phones had been confiscated, and even though one person had enabled local encryption, the user with the confiscated phone had not enabled it; thereby implicating everyone who had communicated with that person (even though the messages were delivered secure over the network). So while self-destructing messages are in many ways a flawed guarantee of privacy, they can perform a very useful function in cases where the users are not malicious, but rather are security ignorant (i.e. most people with a phone). https://whispersystems.discoursehosting.net/t/automatically-... I've always been thinking that the critique of such a feature is based on a false underlying premise. Yes, it's true that the recipient can make a screenshot of the message. But the recipient in the absolute majority of cases is not a "threat" in a classical sense, not someone with bad intentions or someone who is not supposed to know the contents of that message. After all, the sender trusts the recipient, as he is the one sending the message to the recipient in the first place. The usual scenario is a recipient who is not that security-aware and doesn't think about those things that much if at all. Personally, I'd say most of my contact are that way. The sender might send this recipient a message containing something especially critical, say, a user name and a corresponding password, and doesn't want to see that information in the wrong hands if e. g. later on, the recipient loses their phone, the phone gets stolen, etc. Also note that this kind of recipient is unlikely to use a general passphrase for Signal as this lessens convenience. So what's essentially happening here is a security-minded sender taking security measures for or in place of a thrustworthy, albeit forgetful, non-security-minded, etc recipient. https://whispersystems.discoursehosting.net/t/automatically-... |
Great job on the app! It's one of the few apps I use every day.