Privacy

31833 readers

81 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

267

Signal leaked random contacts to me! (feddit.de)

submitted 11 months ago* (last edited 11 months ago) by ErKaf@feddit.de to c/privacy@lemmy.ml

70 comments fedilink hide all child comments

When I press on some message to forward it, it shows me Random usernames of contacts I don't know. And it even shows some Mobile Numbers I don't know. For example, one number starts with +964 that's Iraq. I'm from Europe tho. These contacts and numbers are from all over the place.

Edit: This only happens on Signal Desktop. If I try to forward a message on Android it only shows my Contacts. And none of these unkown ones.

you are viewing a single comment's thread
view the rest of the comments

[–] elias_griffin@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

This is super helpful, I may post this to infosec.exchange. Flathub makes this so much more difficult to find the reason for what looks like a real breach. I don't use Flathub for security reasons so I don't know if you can even isolate the PID? Anyone know?

I don't want you to have to spend a lot of time or troubleshoot over the web but if you see anything that stands out as "wow shouldn't be there/running" when you run these commands come back to us:

ps the PID of Signal or secondarily, Flathub
lsof -p PID
strace
- sudo strace -f -t -e trace=file -p PID
sysctl kernel.randomize_va_space
- pkill/killall Flathub/Signal and restart FH/Signal and see if it still presents the vulnerability