A fresh install of Signal takes up 410MB, blowing both Firefox and Chromium out of the water - eviltoast

… and I can’t even continue the chat from my phone.

  • JoeyJoeJoeJr@lemmy.ml
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    5 months ago

    Using an E2E chat app in your browser necessarily makes the keys and decrypted messages available to your browser. They would have the ability to read messages, impersonate users, alter messages, etc. It would defeat the purpose of a secure messaging platform.

    • alyth@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      5 months ago

      I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?

      • JoeyJoeJoeJr@lemmy.ml
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        edit-2
        5 months ago

        “They” is the browser/browser maker. The browser, acting as the client, would have access to the keys and data. The browser maker could do whatever they want with it.

        To be clear, I’m not saying they would, only that it defeats the purpose of an E2E chat, where your goal is to minimize/eliminate the possibility of snooping.

        • Socsa@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          You realize that your kernel which loads keys into memory can also access all this right? So can anything which shares memory space on the platform.

          • Natanael@slrpnk.net
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            The bigger risk is browser exploits, not just who develops it. There’s more attack surface and more ways to exfiltrate data

      • mexicancartel@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        I think the encrypted messages are not saved in the server. You probably have to backup from phone and restore it on pc. “They” is the other programs running on browser