The piece itself is relatively ok, apart from the SGX thing.
The problem is the clickbaity title suggesting Signal might not be safe.
Most people only read headlines and the first few paragraphs of articles, and so what they might incorrectly take away from this piece is that Signal's safety is somehow suspect.
It's not. Signal is safe.
This is outright *dangerous* at a time when effective, usable privacy and encryption tools are more important than ever – and under attack globally.
5/🧵/end
@maiathecyberwitch
#signal lover sikkerhed som de ikke kan holde, specifikt at eens telefonnummer er skjult, selvom det ikke er det.
de indsamler telefonnumre, som de ikke kan holde hemmelige, og at de kun lader een have en enkelt profil per apparat gør at ikke kan hemmeligholde sin aktivistiske profil fra hverdagsbrug.
panserne i danmark har kunnet afsløre identiteterne på mange aktivister ved blot et enkelt konfiskeret apparat.
snart skal jeg i retten delvist på grund af signals sløseri med sikkerheden.
signal tager ikke meldingerne særligt seriøst:
@rysiek
> Signal is safe.
#signal has long had issues with phone number leaks: even when set to hidden, phone numbers can sometimes be revealed. 🔓
this means that adversaries can get the phone numbers from an entire network of #signal users from just one compromised device. 🛂
this puts real people in real danger, but #signal is such a strong brand now that many would rather blame those who get hurt than take a critical look at their favourite chat app. ⚠️
more info, including links to some relevant #github issues:
https://veganism.social/@pelle/115673510840264510
#signal doesn't take the phone number leaks seriously, and it's not clear to me from their replies whether they've fixed it. 🪲
#deltachat / #arcanechat ( #decentralized #securityaudited #e2ee chat app) avoids accidentally revealing phone numbers by not asking for them. also, allowing for multiple profiles makes it harder for adversaries to track people across different chats, as opposed to #signal with its one profile per device policy. 👥
if #deanonymization is a risk for you, then #signal is not safe. 🥸
unfortunately i had to experience this first hand, which is why i consider »signal is safe« unhelpful advice. 😐