Privacy

803 readers

45 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

307

Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app (theconversation.com)

submitted 6 days ago by florencia@lemmy.blahaj.zone to c/privacy@lemmy.ml

77 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] sqgl 5 points 5 days ago (1 children)

Regarding the trick of an adversary gaining access by emailing or SMS'ing a QR code for adding another device...

Why does the new device not demand the PIN before being added?

[–] Jason2357@lemmy.ca 5 points 5 days ago (1 children)

It does, I tried it. Though, that may have been an addition since the attacks started.

Though, in that specific case - Russian agents conducting espionage via targeted individuals - it's very likely they surveil their targets long enough to catch their device PIN before they nab the phone and return it. In the end, there is very little recourse to defend against this type of Evil Maid attack. Signal is really better at protecting against mass surveillance, but for individuals directly targeted by state espionage? You would need serious opsec, using air-gapped computers kept in safes or guarded by humans 24x7 and other crazy stuff. They have rules about what can be physically done with devices containing top secret information for a good reason.

[–] sqgl 1 points 4 days ago

If they could surveil the device to see the PIN being entered then no app would protect them.

My Signal only asks for a PIN about once per month so that would be a lot of screen surveillance hours to sit through in order to catch that moment.

More likely is that it was fixed since the breach but I cannot find release notes (hard to search on my phone).