This seems a bit too nitpicky tbh.
The author is correct, Signal is not “perfect”, because the weakest link is always the endpoint device and the end user. Which is kind of the whole point of this article; The issue is not that Signal was used, as it’s reasonably secure, it’s that the people using it are not secure at all.
Oh, I’m definitely picking nits. I agree and said as much in my last comment. But the way the article presented it made it feel like there is a clear and present danger from Chinese and Russian threat actors against the protocol.
Right, those shouldn’t be conflated (the protocols vs the phone/persons security properties).I think anyone actively targeted by a major govt power is probably fucked though. Pegasus has taught us that, so while signal is probably a pretty secure protocol, phones definitely have a lot of vulnerabilities.
And this is very much not limited just to signal. No matter what software, protocol or any other way you use to communicate, both you and the receiving entity/entities are the weakest link by a long shot. I don’t expect even my closest friends to hold our everyday conversations secret if for whatever reason their wellbeing was threated in any way. And even if I did there’s always other options, like targeted social engineering, to get trough pretty much any reasonable safety concerns on digital communication.
Of course in everyday life if our chat histories were publicly available it would not be too big of an issue, but it’s still something worth keeping on mind when interacting over any digital or any other written medium.
This seems a bit too nitpicky tbh.
The author is correct, Signal is not “perfect”, because the weakest link is always the endpoint device and the end user. Which is kind of the whole point of this article; The issue is not that Signal was used, as it’s reasonably secure, it’s that the people using it are not secure at all.
Oh, I’m definitely picking nits. I agree and said as much in my last comment. But the way the article presented it made it feel like there is a clear and present danger from Chinese and Russian threat actors against the protocol.
Right, those shouldn’t be conflated (the protocols vs the phone/persons security properties).I think anyone actively targeted by a major govt power is probably fucked though. Pegasus has taught us that, so while signal is probably a pretty secure protocol, phones definitely have a lot of vulnerabilities.
Indeed. So are digital hygiene practices.
And this is very much not limited just to signal. No matter what software, protocol or any other way you use to communicate, both you and the receiving entity/entities are the weakest link by a long shot. I don’t expect even my closest friends to hold our everyday conversations secret if for whatever reason their wellbeing was threated in any way. And even if I did there’s always other options, like targeted social engineering, to get trough pretty much any reasonable safety concerns on digital communication.
Of course in everyday life if our chat histories were publicly available it would not be too big of an issue, but it’s still something worth keeping on mind when interacting over any digital or any other written medium.