The piece itself is relatively ok, apart from the SGX thing.
The problem is the clickbaity title suggesting Signal might not be safe.
Most people only read headlines and the first few paragraphs of articles, and so what they might incorrectly take away from this piece is that Signal's safety is somehow suspect.
It's not. Signal is safe.
This is outright *dangerous* at a time when effective, usable privacy and encryption tools are more important than ever – and under attack globally.
5/🧵/end
@rysiek People who conclude by reading headlines only can't be helped. But it's also dangerous to ask people to uncritically trust a #messenger app that doesn't federate, thus forces them into a closed platform, that has known vulnerabilities (https://arxiv.org/html/2411.11194v4) and that relies on infrastructure based in a country which European services start to see as a security threat.
one reason I don't write articles for outside places:
even if they take my article as-is, voice and all, the headline is always written by the editor.
So, this is a policy set by the site, not the individual author.
Every sensible author knows to put a summary sentence near the top, so I suspect that the editor cut that as well.
@mwl oh no doubt. That's why I called out Proton here, not the author personally.
@rysiek
> Signal is safe.
#signal has long had issues with phone number leaks: even when set to hidden, phone numbers can sometimes be revealed. 🔓
this means that adversaries can get the phone numbers from an entire network of #signal users from just one compromised device. 🛂
this puts real people in real danger, but #signal is such a strong brand now that many would rather blame those who get hurt than take a critical look at their favourite chat app. ⚠️
more info, including links to some relevant #github issues:
https://veganism.social/@pelle/115673510840264510
#signal doesn't take the phone number leaks seriously, and it's not clear to me from their replies whether they've fixed it. 🪲
#deltachat / #arcanechat ( #decentralized #securityaudited #e2ee chat app) avoids accidentally revealing phone numbers by not asking for them. also, allowing for multiple profiles makes it harder for adversaries to track people across different chats, as opposed to #signal with its one profile per device policy. 👥
if #deanonymization is a risk for you, then #signal is not safe. 🥸
unfortunately i had to experience this first hand, which is why i consider »signal is safe« unhelpful advice. 😐
@rysiek Is it about the silent whisper issue?
