• ☆ Yσɠƚԋσʂ ☆
    link
    fedilink
    arrow-up
    23
    arrow-down
    13
    ·
    edit-2
    6 months ago

    I’m always amazed how people come out of the woodwork to defend Signal any time any criticism of it comes up. It’s become a sacred cow that cannot be questioned. Whatever you may think of Telegram should bear zero weight on your views of Signal.

    The reality is that developers of Signal have close ties to US security agencies. It’s a centralized app hosted in US and subject to US laws. It’s been forcing people to use their phone numbers to register, and this creates a graph of real world contacts people have. This alone is terrible from security/privacy perspective. It doesn’t have reproducible builds on iOS, which means you have no guarantee regarding what you’re actually running. These are just a handful of things that are publicly known.

    And then we know stuff like this happens. NSA suggested using specific numbers for encryption that it knew how to factor quickly. The algorithm itself was secure, but the specific configuration of how the algorithm was implemented allowed for the exploit https://thehackernews.com/2015/10/nsa-crack-encryption.html

    These kinds of backdoors are very difficult to audit for because if you don’t know what to look for then you won’t have any reason to suspect a particular configuration to be malicious. Given the relationship between people working on Signal and US government, this is a real concern.

    The same kind of scrutiny people apply to Telegram and other messaging apps should absolutely be applied to Signal as well.

    • devraza
      link
      fedilink
      arrow-up
      7
      ·
      6 months ago

      I’d just like to add that you can use a temporary phone number service to sign up to Signal as you only need a phone number to register, not to actually use Signal.