547
TLDR: some government/military official added a reporter to a Signal group were some high profile people were discussing and sharing war plans. The app's encryption is perfectly fine. It's just clickbait.
Its not click bait, its a great layman's terms explanation of the app and what it does. This is the kind of article I would send to my parents who are basically tech illiterate when this topic inevitably arises. It also clarifies points that were poorly reported by other outlets, which is necessary to call out, especially in our current informational climate.
They weren’t war plans. They were attack plans. /s 🤦♂️
genocide assisting murder plans
What about it is clickbait? That title is really upfront about signal's encryption being fine.
Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump would reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
What security vulnerabilities does signal have?
Hmm, last cve was in 2023...
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That's incredibly unlikely for a regular citizen, but it's a lot more likely for an important position like the head of the Department of Defense or something.
NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
Same. I'm just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
BTW, thanks for providing the CVEs, I hope that answers a few peoples' questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).
Thats why the Linux kernel has a massive amount of CVEs, its extensively audited and researched.
Yeah- that is a bit odd. Who and if not intentional, how?
Good to know! I wanted to plan a war but looks like I need to use a diffrent app 😔
I usually use Genocide Palestine. It's actively developed and supported on all major platforms, in pretty much all countries.
4chan is what you need
WarThunder forums has the highest experts apparently
Nah, too much moderation, go with one of the many more niche *chans, or even just one of the 8chan clones.
Battle plans you use Signal, war plans your going to want Threema, Session, or SimpleX.
Very informative article. By most measures, it is pretty terrific at encrypting messages and protecting your privacy, just not when it's wielded by idiots.
Ok, let's pick the correct App for planning the rebellion.
Truth Social. That way, nobody will ever see the plans
And if anyone magically finds them, they'll dismiss it as a crazy conspiracy
Bluesky, Lemmy, Revolt, Ghost, Spark, & Flashes apps. Diaspora, Zen Browser, & Raindrop too
Those each cover a different aspect that will empower everyone. We need a US Community on Revolt too not just Lemmy
We need a US Community on Revolt too not just Lemmy
Never heard of it before.
What's the elevator pitch?
Alright here
- Reddit➡️Lemmy
- Twitter➡️Bluesky
- Discord➡️Revolt
Its an even better thing than Discord.
(They have an alternativeto.net entry that explains a lot more about them too. Also, AlternativeTo is a great resource to find more open-source (But you have to check online if it's community-made or corporation owned) platforms/apps/websites/etc to switch to. Recommend using that too)
Positives:
- Values Privacy, Community, Collaboration, Discussions, & Freedom
- Open-Source
- Community-Made
- Allow you to have different profile pics per community you are in
- Can use bots without needing Premium
- There's more once you use it to experience it and read their site
I say we make a U.S. Server on there to inform each other, inspire each other, take action, collaborate, & coordinate
That would be a great way for all of us to really get things going in real life & online. Also, to have different sections of the server dedicated to various issues:
- This whole mess with GOP fighting back on every level
- Making Protests Fun, & Effective. Connecting Social Events to Them, & having Goals for Each Protest (Get to know others to work with, building out better infrastructure, gettings things done, etc)
- Homelessness
- Walkable/social/fun/bikeable/transit infrastructure for cities and towns
- Building and Maintaining Community
- Collaboration with Allies
- Etc Etc
I would do it but don't know how to run a community, & server
I understand how the public key encryption works when you are messaging person to person. Does anyone know how it works with group chats?
Each participant is sent a separate copy of each message encrypted with their own key.
This is one way that signal differs from WhatsApp e2e in groups. In WhatsApp the server replicates the message out to all clients. It can't read the message but it knows the recipient list. In Signal your phone sends the message several times, so only members of the group know who is in the group.
The encryption still works roughly the same, the difference is mostly visible metadata.
Multiple bundles of encrypted message + decryption key & recipient tag for 1 person, or one bundle of the encrypted message and then keys for multiple people & recipients which the server can separate out when relaying the message
(message keys are encrypted to each recipient's keypair*)
*simplified because I can't be bothered to explain how deniability is implemented. Just look up the Signal protocol's ratchet
this post was submitted on 05 Apr 2025
547 points (100.0% liked)
Technology
68495 readers
3394 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS