I don’t know if I’m opening a can of worms here, and I’m still trying to backtrack a lot of history where I was tuning everything out. I keep seeing random swipes at Signal (or the representatives (?)), and I was wondering whether they are founded or just lies.Is it another situation like Lemmy where we just “take the technology and move on”? Thanks!
Signal is great, you should use it.
Current problems with signal
Details
Means it’s vulnerable to government pressure, it’s not wrench proof
means you can’t really trust it for sensitive things, like if you were running the french government communication systems it would be foolish to use signal. Signal uses the power of Intel SGX enclaves to keep your private key safe, so your trusting Intel not to sign something bad, your trusting sgx to not have exploits, etc.
Means it’s a walled garden, and not open to self hosting.
Signal is the best main stream e2e out there, but it’s not the last one we will ever see, something will replace it
Your encryption key is stored ON-DEVICE. Not in “the cloud”.
In fact, they just had a big hullabalu about the encryption key being stored in plain-text on their desktop client, which they’ve now resolved.
They now use https://www.electronjs.org/docs/latest/api/safe-storage on the desktop client.
Both on device and in the cloud.
https://signal.org/blog/secure-value-recovery/
That is why when you switch phones and register again with signal using your “pin”, you can send messages to your contacts without your verification number changing.
What the hell, that makes it completely useless?
Yup, it was really big news and everyone was up in arms when they introduced SVR.
You can “opt out” in the settings, your key is still stored in the cloud but with a random BIP32 encoding or somesuch, still not a great practice, and whoever you talk to probably didn’t opt out.
Signal is better then non e2e messengers, but its not the best architecture we could have. If your ok with Intel, and the Signal foundation being in a position to handover your keys to a TLA who then would have the capability to decrypt your messages - then its fine. So sexting is fine, probably prevents business intelligence, but if I was negotiating a MX US trade deal, I wouldn’t use signal to talk about my strategy.
If your running a government communication system, 1,2,3 (But especially point 2) - mean you can’t use signal.
What the hell.
Thanks for the info!
https://github.com/signalapp/SecureValueRecovery2
The method has changed since that blog post.
So you are correct about it being stored in the cloud - they also seem to take much better care of it there, but when it’s on someone elses server, your point stands - they can SAY they do anything. There’s no way to actually test that. So thanks for the correction.
Anytime, I love it when lemmy is a collaborative space!
There is not „your encryption key“ because there is not only one.
The cloud backup (protected by the pin) includes the contact list, NOT your messages. Those are encrypted on device with a key that is on device and can not be recovered by anyone from the cloud.
It’s close enough, its the master key from which all other keys can be derived.
https://signal.org/blog/secure-value-recovery/