mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

8.2K
active users

Meredith Whittaker

🛑🤡 PSA: This is disingenuous marketing. Signal chats can't be 'monitored' by anyone not in those chats.

Dressing up "joining groups via publicly posted links, then exfiltrating group data" as an offensive 'cybercapability' borders on misinfo, and confuses/scares ppl who rely on Signal for robust privacy.

intel471.com/blog/expanding-so

Intel 471Expanding source coverage: adding Signal chats to threat intelligenceCybercriminals need easy ways to communicate, connect, and plan, whether they’re trading stolen credentials, rallying hacktivists, or mounting a targeted…

@Mer__edith It's like saying photocopiers in libraries are threats to national security. 🙄

@wcbdata Don't forget doors! I've heard that if you leave one open and unattended, people can walk out while carrying some classified papers.

@nemobis @wcbdata And the fax machines! Any unmonitored machine can be used to send those papers anywhere! Just. Like. That!

@Mer__edith
i think intel471 claims are over marketed something. maybe they have access to public channels. i don’t think they have broken the encryption or collect metadata from private conversations.

@Mer__edith

this is a good time to remind one thing, which might distantly be related.

sometimes is more important to secure underlying platform, like android, ios, windows, linux and others than having a super secure communication protocol. if underlying platform is compromised, then it is basically game over. even super secure coms cannot fix underlying platform’s deficiencies.

@Mer__edith@mastodon.world
It's easy to crack the lock and enter a door! You just need to find the key lying under the mat!
:neoghost_facepalm:

@Mer__edith Seems like these types of claims lacking verifiable proof posted on personal blogs is an attempt to generate new business ahead of reporting quarterly earnings.

@Avitus @Mer__edith I mean, they don't seem to be claiming anything other than "we find groups, join them, and lurk while hoovering up messages." I'd agree this is an OpSec failure on the part of the folks running said groups, and not an issue with Signal, but it's a pretty trivial thing to do and not exactly requiring much burden of proof.

@heretohinder @Mer__edith Their vague description of "monitoring Signal groups" creates an ambiguity to what they're claiming meant to generate publicity. It is the end of the year, after all, and annual earnings reports need juicing.

This is no different from the Musk tweet claiming, with no proof, "There are unaddressed vulnerabilities in Signal."

@Avitus @Mer__edith fair point, I'm going off the article itself and haven't seen other potentially more FUDdy headlines about it.

@Mer__edith they can be in the sense that any node can get popped. That's not a thing Signal could fix, though.