i’ve just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).
if this is true, then i have a few questions:
-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.
-how to explain it to my friends who use signal because i recomended?
-what this means for other apps in general?
The thing if someone has memory access Signal doesn’t need to store anything, transiting data is now available. For example all of your contacts when doing contact discovery. It used to be a simple hash, something for which you could build a rainbow table in a few hours, at the worst. It’s lightly better now, but still.
Don’t take it from me, take it from Moxie:
https://signal.org/blog/private-contact-discovery/
It also doesn’t really matter if the software itself can easily be tampered with in memory by the hypervisor. Like I said, they are putting a lot of trust in Intel SGX.
And let’s not even get into the digital sovereignty issues, and financing of right wing billionaires. Yes, running on AWS is an issue. It’s multiple issues even.
deleted by creator
… Providing you trust Intel SGX (and AWS for giving them access to actual SGX and not just emulating a compromised instruction set)
deleted by creator
What conspiracy? CPU bugs aren’t a conspiracy, they are just a fact. Amazon’s involvement with American three letter agencies isn’t a conspiracy, it’s a fact.
Yea but if you worry about CPU bugs there is no such thing as trust, no matter who owns the infrastructure. Any software can have critical bugs and any system that can be accessed remotely can be compromised. Personally I’d trust the people at Signal that they have made a reasonable architecture section to balance availability and privacy