this post was submitted on 18 May 2025
360 points (99.5% liked)
Technology
70173 readers
3455 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Pretty sure Signal does that as well, which is not a security issue.
Signal uses end-to-end encryption (E2EE). The only copies of messages are on the sender’s and recipient’s devices.
https://support.signal.org/hc/en-us/articles/360007320391-Is-it-private-Can-I-trust-it#%3A%7E%3Atext=Signal+conversations+are+always+end%2C%2C+every+call%2C+every+time.
Copies of messages are also known as archives.
Signal does not archive messages on server side
They weren't talking about the server:
Later in the article, it talks specifically about the server-side archives being stored in plain text. That’s why the hacker was able to access messages. This isn’t about the local copies on phones.
Yeah I didn't read past the misinformation
Kinda seems like you're the misinformation.
You're confused, I am not the author of this article. I did not write the statement above, just copied and pasted it here.
I'm not confused, you're intentionally misreading what's happening for some reason.
"Passing through it" pretty clearly refers to the server as that's what was hacked into and had plain text archives.
You're hyper fixating on the fact that the article says "the app" when referring to both the phone and server pieces to try and argue... something.
You are confused. I'm not "intentionally misreading" anything, it was written incorrectly. I'm not trying to argue anything. I'm just reading the (wrong) words used in the article. When I come across a piece of misinformation, I don't continue reading in the hopes that they clear it up later, I write it off and close it.
Someone else cleared this up. There's no reason to continue arguing about it.
I'm still not confused and you're still missing the forest for the trees because you don't like the common practice of including the server infrastructure when talking about apps.
There was a plaintext archive of messages on a remote server. That's a security problem no matter what point you're trying to make about the term app.
I do like common terminology, that's the problem.
Once again, this has already been cleared up elsewhere. Since you seem intent on dragging this out for some reason, you're going to be blocked. Have a nice night.
Maybe you should start reading up on stuff you don't know about before adding nonsense to internet threads.
This is now the third post in the last 24 hours where I stumble into a needlessly long thread because this user is completely obtuse and can't handle being wrong or a different opinion.
Don't know what you mean. I didn't add any "nonsense". Just a direct quote from the article in question.
Totally /s Can't even read your own comments.
It's why Molly has local database encryption.
That doesn't really do anything. Attackers need local access to the device to get the database itself. Chances are, they'll get the key right with it.
Molly encrypts it using a passphrase instead of a locally stored key for exactly that reason.
The passphrase or the unencrypted database are still open in memory. Though that is, of course, a more complicated attack but they could simply read it through the app itself.
You can set it to wipe them from memory on different conditions, including instantly if youre that paranoid, sure its still possible. Its an optional feature most people wont use, but its pretty well thought out.
Sounds great!
The only backup option I see for Signal is through Android, but it’s optional. There is no backup support for iOS or desktop.
https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages