this post was submitted on 05 Apr 2025
549 points (97.1% liked)

Technology

68864 readers
4665 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
549
The Signal and the noise: Why the messaging app is great for privacy but not for war plans. (thebulletin.org)
submitted 1 week ago by Tea@programming.dev to c/technology@lemmy.world
54 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] JiminaMann@lemmy.world 2 points 1 week ago (1 children)

What security vulnerabilities does signal have?

[–] kittenzrulz123@lemmy.blahaj.zone 5 points 1 week ago (2 children)
[–] sugar_in_your_tea@sh.itjust.works 5 points 1 week ago* (last edited 1 week ago) (1 children)

The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That's incredibly unlikely for a regular citizen, but it's a lot more likely for an important position like the head of the Department of Defense or something.

NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.

[–] kittenzrulz123@lemmy.blahaj.zone 3 points 1 week ago (1 children)

Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)

[–] sugar_in_your_tea@sh.itjust.works 3 points 1 week ago* (last edited 1 week ago) (1 children)

Same. I'm just generally pretty cyber-security curious, and have read a bit on this topic.

I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.

BTW, thanks for providing the CVEs, I hope that answers a few peoples' questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).

[–] kittenzrulz123@lemmy.blahaj.zone 3 points 1 week ago

Thats why the Linux kernel has a massive amount of CVEs, its extensively audited and researched.

[–] JiminaMann@lemmy.world 3 points 1 week ago

Hmm, last cve was in 2023...