Keep using signal. The article mentions that someone can use a QR code to add a trusted/ linked device to your group of linked devices. They would need physical access to do this. It’s been done by russians, finding devices on the battle field. So make sure and check your linked devices, use disappearing messages appropriately, and continue on your day. Peace out!
In depth review validating the credibility of Signal’s encryption by a Security Engineer who specializes in encryption.
Reviewing the Cryptography Used by Signal by Soatok
The bottom line was in total, no vulnerabilities were found.
Is the US government now a “Russia-aligned threat actor” too? Just wondering.
if you ask me, yes
Not the whole government, but some of it 100% yes.
Thank you kind soul, that really brightened up my day.
Has anyone on Graphene had their signal app want to auto update outside of aurora or F-droid?? My signal app the other day had 2 seperate a few days apart updates from the app itself, outside of both stores. Sketches me out still. How can I make sure it has not been compromised?
Try Molly instead which is a hardened fork of Signal. Molly uses the same servers and is transparent to the operator.
You can install Molly through F-Droid or Accrescent.
What makes Molly better than the official signal app? It would seem the official would be the best updated and most secure.
Edit: Damn. Molly has some decent options over the base signal app. Neat for sure.
You are right that Molly would lag behind in security updates by one version every time, but Molly is currently the only way to get Signal on tablets/other Droids in one account, effectively, as far as I know.
Notably, this device-linking concept of operations has proven to be a low-signature form of initial access due to the lack of centralized, technology-driven detections and defenses that can be used to monitor for account compromise via newly linked devices; when successful, there is a high risk that a compromise can go unnoticed for extended periods of time.
Well, hopefully that gets fixed soon.
Can they update signal so you don’t have to use a phone number?
They have updated it so that you don’t need to use your phone number as the identifier you share with other people so that they can message you. You can now give out a username and your new contact will not be able to learn your phone number.
As for Signal itself knowing what your phone number is, I don’t see that as much of a problem, because they intentionally don’t know anything useful about you. They publish redacted subpoenas and their responses so you can see just how little data they can provide. They don’t know who your contacts are so there’s no social graph to be drawn.
