this post was submitted on 06 May 2025
129 points (100.0% liked)
Pulse of Truth
947 readers
226 users here now
Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
See this reveals the flaw with privacy and security. The "protocol" may be safe and impenetrable but the app and server can do other things that are not covered by the protocol.
You can have everyone fooled by pointing at the protocol and the independent audits of it, but that's not the entirety of the communication process.
The signal protocol might allow e2e but what the app and server does, is completely a different scenario.
Remember this, when you call an app "safe" next time.
Well this isnt the fault of the Protocol or Signal, since Signal is open source everyone can modify it howerever they like.
This means you could just "break" the client by deleting 100 random lines of code and recompiling so that it doesnt start up anymore (which again isnt the App fault, but you modifying the code)
In this way, the Isreali company changed the code of the App, effectively creating a new app that has the BASE of Signal, but is not the same.
Since the client needs to be able to read the message, it has to decode the mesaage and if you extract the data there by modifying the code, nobody can prevent that because its just bad practice