Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.
One may have all the encryption you want, but if the 2FA SMS whispers entry to the hackers, it’s clear that they’re not coming in through the security door but through the broken window…
To be fair, even though they bypassed the 2FA, they did not get access to previous conversations and contact list. That’s the point of the article, right?
Even if the encryption does not collapse, it is still an app full of identifiers. That makes metadata available. An attacker could figure out who contacted whom.
Whenever someone says “Signal is not good enough”, my answer is “what’s your threat model”? For me it’s a pretty damn good compromise given that all my friends and family are on it (as opposed to e.g. using WhatsApp or Telegram 99% of the time and a perfect alternative with one contact). The day I can realistically think about making my contacts move to a better alternative, I’ll do it. In the meantime, that’s the best I’ve got. And it’s not too bad, to be fair.
In the meantime, that’s the best I’ve got. And it’s not too bad, to be fair.
Are you quite certain? Have you looked hard and concluded that Signal is the best alternative available today?
I can tell you that my messenger doesn’t use identifiers, it doesn’t track me, it doesn’t care who my contacts are, it doesn’t ask for my email, phone number, and importantly it does everything Signal does.
What’s your messenger then?
It is the sole messenger that doesn’t use identificators. You cannot get wrong.
No identificators at all? Lol sure, who else is using it with you?
Signal is pretty awesome! Best general messenger for non-techies as well!
My Dog, “hackers hacking a hack”.
Can we please stop using the word “hacker” when we mean “cybercriminals”, “attackers”, “malicious agents”? We have plenty better terms. Like… “cybercriminals”, “attackers”, “malicious agents”: https://rys.io/en/155.html
I mean, I get the need for clickbaity titles and all, but surely we can do better.
First, I did not make the title, I just linked an article.
Second, I get that you wish people did not use the word “hacker” the way they do, but… isn’t it how natural languages work? Words mean what people them for. I wish “crypto” did not mean “cryptocurrencies”, butibn many contexts it does. That’s life.
Talking about clickbaits, what about linking to your blog everywhere you can? It’s completely off topic (the link is about Signal, your blog is about how people misuse a word according to you), but nobody complains, because apparently you thought it was relevant, just like the author thought that calling them “hackers” was fine.
Complaining about use of the word hacker is the tech nerd’s equivalent of complaining about clips vs magazines. It doesn’t matter and everyone understands it anyway, there is absolutely no reason to be bent out of shape by it except in situations where being specific and clear instead of generalising actually matters.
Gun nerds deserve being laughed at for getting upset over it and so do tech nerds.
Gun nerds deserve being laughed at for getting upset over it and so do tech nerds.
People are allowed to ridicule me for nerding out my passion pompously, or any sort of perceived sincerity, for that matter.
I’ve always held that sincerity alone shouldn’t implicitly justify immunity from ridicule, but the ridicule tends to work better if it’s sincere in its own right.
What’s better is using it as a handy way to temper my own zealotry.
Complaining about people complaining does get old fast, however.
