PSA: This is disingenuous marketing. Signal chats can't be 'monitored' by anyone not in those chats.
Dressing up "joining groups via publicly posted links, then exfiltrating group data" as an offensive 'cybercapability' borders on misinfo, and confuses/scares ppl who rely on Signal for robust privacy.
https://intel471.com/blog/expanding-source-coverage-adding-signal-chats-to-threat-intelligence
@Mer__edith It's like saying photocopiers in libraries are threats to national security.
@wcbdata Don't forget doors! I've heard that if you leave one open and unattended, people can walk out while carrying some classified papers.
@Mer__edith
here has been some discussions of SMS.
if you need alternate app for SMS, here are links. still, try to avoid SMS and MMS.
in my view, it is a good idea to separate signal messages from SMS.
https://github.com/FossifyOrg/Messages
https://f-droid.org/packages/org.fossify.messages/
@Mer__edith
i think intel471 claims are over marketed something. maybe they have access to public channels. i don’t think they have broken the encryption or collect metadata from private conversations.
this is a good time to remind one thing, which might distantly be related.
sometimes is more important to secure underlying platform, like android, ios, windows, linux and others than having a super secure communication protocol. if underlying platform is compromised, then it is basically game over. even super secure coms cannot fix underlying platform’s deficiencies.
@Mer__edith@mastodon.world
It's easy to crack the lock and enter a door! You just need to find the key lying under the mat!
@Mer__edith Seems like these types of claims lacking verifiable proof posted on personal blogs is an attempt to generate new business ahead of reporting quarterly earnings.
@Avitus @Mer__edith I mean, they don't seem to be claiming anything other than "we find groups, join them, and lurk while hoovering up messages." I'd agree this is an OpSec failure on the part of the folks running said groups, and not an issue with Signal, but it's a pretty trivial thing to do and not exactly requiring much burden of proof.
@heretohinder @Mer__edith Their vague description of "monitoring Signal groups" creates an ambiguity to what they're claiming meant to generate publicity. It is the end of the year, after all, and annual earnings reports need juicing.
This is no different from the Musk tweet claiming, with no proof, "There are unaddressed vulnerabilities in Signal."
@Avitus @Mer__edith fair point, I'm going off the article itself and haven't seen other potentially more FUDdy headlines about it.
@Mer__edith they can be in the sense that any node can get popped. That's not a thing Signal could fix, though.