|
|
|
|
|
|
by maqp
283 days ago
|
|
|
>Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key The exfiltration of which is as easy as exfiltration of database on device. You're not running an IDS scanning 100% of your device LTE traffic in case that happens. >isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy? It's opt in. And again exfiltrating the backup key is as easy as exfiltrating your messages from your device. >You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it You can't know if you're talking to an informant or if your contact is running Android that's receiving security updates or if it's a zero-day on wheels, either. Tech doesn't solve human problems. |
|
|