|
|
|
|
|
|
by LurkersWillLurk
1847 days ago
|
|
|
TL;DR of article: Signal transfers key material upon migrating to a new device if you use the "transfer messages" workflow. As a result, safety numbers do not change. I don't see how this is a problem at all. This was actually a feature that many Signal users wanted to use - they didn't want to re-verify safety numbers every time that they had to reinstall Signal or switch to a new phone. > We don't want anyone to get hurt by way of trusting privacy guarantees which may be more conditional than they appear from the docs! > If Bob notices the chat safety number with Alice has changed and then Alice sends a bunch of suspect-sounding messages or asks to meet in person and Bob has never met Alice in person before, for example, Bob should be wary. After Alice for example is forced to provide device passcode or unlock their device with their fingerprint or face, Alice's device could be cloned over to a new device by way of quick transfer functionality without Alice's consent, and the messages could be coming from the cloned device rather than Alice's actual device. Respectfully, this doesn't make any sense. Signal provides security from device to device, it doesn't stop someone from pointing a gun to your head and looking at your messages or pretending to be you after stealing your phone. If someone has the physical possession of your phone necessary to perform a device transfer, then you're already screwed. The idea that a safety number change would alert the person on the other end that you're being held hostage is outlandish and is completely divorced from any normal use of Signal. |
|
|
I could ask you for your device under the pretense of making a phone call and then secretly transfer your account to my device. I could then secretly read your chats from my device and no one would be aware of it - until you check the amount of active sessions in settings.