this post was submitted on 27 Mar 2025
661 points (99.6% liked)

Technology

68244 readers
5698 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
661
Signal downloads spike in the US and Yemen amid government scandal | TechCrunch (techcrunch.com)
submitted 1 week ago by JOMusic@lemmy.ml to c/technology@lemmy.world
90 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 15 points 1 week ago (1 children)

vulnerability

My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.

This is completely fine for personal use since the average person isn't going to be a target, but for classified information, that's unacceptable. This isn't unique to any messenger, any app that stores data on the phone is open to it.

[–] Squizzy@lemmy.world 2 points 6 days ago (1 children)

Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.

[–] sugar_in_your_tea@sh.itjust.works 3 points 6 days ago

They do seem to have experimental support for local encryption, but I don't think it's quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn't likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.

It's a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.