Wasn’t the server an actual private server she had setup whereas this is a corporate app that is supposedly private if they are not lying and accessing the data. I mean this is way wore unless they put up a server to run the chat software.
deleted by creator
I don’t think anything can be proven unless you have admin rights to the server at all times. signals are encrypted every time they are sent encrypted. can it be turned off with a flag? does it run in dev without it for troubleshooting and if so is it impossible to enable in prod.
The server can’t decrypt it if it doesn’t have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.
Of course, nobody as part of the linked article did any of that verification, but still, a server doesn’t need to be trusted to be functional.
I think we are more talking about can the server decrypt the data. Not that the data is encrypted.
In the case of signal, it is provable that it cannot. They do not hold the keys to decrypt. The closest risk is the server injecting a new public key into the conversation, which the Signal app will warn about.
Yeah I just don’t get this. How does a person added to a chat get keys then?
Signal does hold the public keys for every user. But having the public key doesn’t let you decrypt anything. You need the private key to decrypt data encrypted with the public key. So in a chat example, if you and I exchange public keys, I can encrypt the message using your public key, but only you can decrypt it, using your private key.
Signal does run the key exchange, which means they could hand a user the wrong public key, a public key which they have the private key for, instead of the other person’s. That is a threat model for this type of communications, however, signal users can see the key thumbprints of their fellow chat participants and verify them manually. And once a chat has begun, any changes to that key alerts all parties in the chat so they know a change has happened. The new key wont have access to any previous or pending messages, only new ones after the change took place.
It’s almost as if they never actually cared about the server but rather were just using it to score points. Not at all like, you know, absolutely everything else.
HUNTER BIDENS LAPTOP
It’s almost like libs don’t actually care about this recent leak but are also just using it to score points.
The lack of self-awareness is stunning.
Ah, I knew there was a good reason I have you tagged as ‘fucking moron’
Just block them.
At Bluesky it’s been astoundingly effective for getting the fucking morons to find somewhere else to waste their time.
I appreciate your advice :)
Which lemmy app does that?
Boost does.
Now I have him tagged as Fucking Moron too.
Thanks for the tip!
Update: wow, this is really helpful!
imagine getting banned from c/noncredibledefense, how pathetic do you have to be for that to happen
The takeaway is that Signal is a bloody good app to use.
Sounds like it’s pretty easy to add the wrong people to your chat.
People are usually the weakest link.
Is that the takeaway?
EDIT: To be 1000% clear, they should not be using personal cell phones for this, which they probably did because everyone in this admin is braindead gutter trash. I’m suggesting that self-hosted Signal over government servers is probably fine for security with potentially some tweaks to the app. Something I neglected to think of however is that this sidesteps record keeping, and probably deliberately so. My contention here was solely about security, but this fact makes Signal use unconscionable in my book because it impedes accountability.
Okay, let’s just be clear here: Signal isn’t just another “private app”; the amount of information they have about your communications is zero (0) with the exception that I believe they can see if you have an account and the last time you connected to the server. Governments absolutely do rely on Signal. The Signal protocol is open and highly robust, the app code is FOSS and has eyes from a shitload of security researchers globally due to its importance, its server code is FOSS (although you don’t have to trust this due to the robust E2EE, and you can even self-host IIRC due to the FOSS server code), and it has reproducible builds.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails. If I had to guess, they’d probably want to self-host the fork the Signal app and make it so that you can only invite people with some form of clearance, but this last thing is total speculation on my part. I’m sure there’s some way to sanely do this. The part about Signal being secure is just objectively true; it’s audited like absolute crazy, both the FOSS app and the protocol. I would trust it more than whatever the US government could homebrew, even.
If you, as a citizen, are looking for secure, private messaging, Signal should be at the very top of your list of possible candidates alongside Matrix, SimpleX, and Session (keep in mind that Element and Session do not yet support forward secrecy, although the Matrix protocol does).
They accidentally added a random guy to a Signal group. Not quite the same as classified documents on a self-hosted email server. I’ve heard US military uses Signal quite officially.
This should, of course, raise concerns that if they like Signal - they might want to self-host it, the client and the server are FOSS. They might even consider paying Signal the company to help them.
Dod specifically disallows Signal by name https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-UseOfUnclassMobileApps.pdf
OK, humans err. And also make mistakes, like being so confident on something they don’t know for sure.
If it’s specifically disallowed, then some people should be locked up.
Like all the people on that signal group chat that work for the government?
It’s always Opposite Day with these clowns GOP. The blame finger is always pointing at them.
Also the disappearing texts are a concern. There’s not much mention of that. And now you have to wonder, how many other conversations have been held there, and with who?
Disappearing texts?
Similar to WhatsApp you can set limits on how long to keep a message
Yeah the main point of using signal to get around the presidential records act, which is very illegal
lock them up!
Where is the accountability from the public? Every redneck 100 mi from me was screaming about her damn emails. They probably didn’t even understand why they were outraged, but the man on the FoX nEwS was angry about it so I am too. They say that the don’t trust the government for legitimate topics like vaccines, and taxes and then when the government gives you a huge reason to actually be concerned, it gets ignored
I’m not sure that pointing out the hypocrisy is even useful. I’m nearing 40 and “but it’s okay when we do it” has always been a core tenant of conservatism. They don’t give a shit that they’re hypocrites, they don’t care, I’ve boxed them in on it before and it always just boils down to “it’s okay for us because I said so”. I think it’s maybe more useful to move past the identification of hypocrisy and start engaging in conversations about accountability. That is, conversations about hypocrisy without conversations about what kind of accountability you’d like to see are moot. So, let’s move past “can you believe this shit? But her emails? Do you feel like the hypocrites you are yet?” to “your boy did something fucking stupid. I don’t care about your excuses, fire him.”
That’s true! We just assume that by pointing out the naughty behavior Someone will Do Something because honest people expect honest reactions.
Dishonest people cannot have honest reactions, their words mean nothing, they respond only to personal suffering and nothing else.
🧈 👨 s
Leonardo DiCaprio pointing at a tv
Summary:
- a journalist was invited
- half an hour before the first takeoff, the takeoff times of planes, drones and cruise missiles were shared
- it was mentioned that an individual terrorist is on sight and his location known
Sadly, none of them will be jailed, like a lay person would be for disclosing military secrets.
However, I would advocate for punishing them with having a mandatory nanny appointed to oversee them for 4 years.
According to Sun Tzus art of war, someone who is that stupid should be put to death.
And here several days later they are still trying to gaslight everyone into believing that it never happened.
It’s almost like that party has no values and sees everything only through the lens of political leverage.
