ForgottenFlux@lemmy.world to Privacy@lemmy.mlEnglish · 5 months agoSignal under fire for storing encryption keys in plaintext on desktop appstackdiary.comexternal-linkmessage-square258fedilinkarrow-up1513arrow-down130cross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.worldfoss@beehaw.org
arrow-up1483arrow-down1external-linkSignal under fire for storing encryption keys in plaintext on desktop appstackdiary.comForgottenFlux@lemmy.world to Privacy@lemmy.mlEnglish · 5 months agomessage-square258fedilinkcross-posted to: cybersecurity@sh.itjust.workstechnology@lemmy.worldfoss@beehaw.org
minus-squarefuzzzerd@programming.devlinkfedilinkEnglisharrow-up5arrow-down1·5 months agoI was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven’t merged it. Otherwise that’s just inexcusable.
minus-square𝙲𝚑𝚊𝚒𝚛𝚖𝚊𝚗 𝙼𝚎𝚘𝚠@programming.devlinkfedilinkarrow-up7·5 months agoThe PR had some issues regarding files that were pushed that shouldn’t have been, adding refactors that should have been in separate PRs, etc… Though the main reason is that Signal doesn’t consider this issue a part of their threat model.
I was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven’t merged it.
Otherwise that’s just inexcusable.
The PR had some issues regarding files that were pushed that shouldn’t have been, adding refactors that should have been in separate PRs, etc…
Though the main reason is that Signal doesn’t consider this issue a part of their threat model.