Viewing a single comment thread. View all comments

5thvoice t1_ja0wsaz wrote

Of course Signal encrypts data at rest. Why would they want other apps installed on your phone to be able to snoop on your messages?


Prestigious_Push_947 t1_ja1fuo9 wrote

You should look deeper into the app. It has been reported repeatedly that content is available on the endpoint either in cleartext or in a way that can be trivially recovered. Signal themselves have repeatedly stated that they do not intend to be secure against someone in control of the device. Their encryption on the device is not hardened, and it's not meant to be. They recommend using robust full-disk encryption to secure your messages at rest.


spektre t1_ja2m0hx wrote

What they are saying is that they can't protect against someone for example forcing you to unlock it, installing a keylogger, or taking screenshots of your conversations. Because that would be a pretty hard problem to solve.


Prestigious_Push_947 t1_ja4nxer wrote

This really depends on a lot of scenarios. For example, if you use Signal for desktop on a Windows system without Bitlocker, your message content can be recovered easily without forcing you to unlock the device or installing any kind of keylogger. If you have FDE enabled, but your device is unlocked, then your message content can be retrieved. No keylogger or additional tooling is necessary. Signal is as secure as your device is, it provides no additional security for your messages. They have repeatedly classified bug reports for weak local security as "Won't fix" because they are up front about the fact that their intent is ONLY to secure messages in transit.