undefined | Better HN

0 pointsmaqp6mo ago0 comments

>Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key

The exfiltration of which is as easy as exfiltration of database on device. You're not running an IDS scanning 100% of your device LTE traffic in case that happens.

>isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?

It's opt in. And again exfiltrating the backup key is as easy as exfiltrating your messages from your device.

>You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it

You can't know if you're talking to an informant or if your contact is running Android that's receiving security updates or if it's a zero-day on wheels, either. Tech doesn't solve human problems.

0 comments

elvisloops6mo ago

It's not opt in: signal protocol for a group chat is eliminated if one person in the group chat turns this on, whether or not you do. Communicating with someone who acts adversarially is different from Signal itself adding features that are adversarial.

j / k navigate · click thread line to collapse