Comment by jfyi

Comment by jfyi a day ago

3 replies

View on Hacker News

Those are the breaks though when catering to a large audience with wildly differing threat models. Do you throw away users that are looking for a vague sense of security so they run off somewhere else less secure because you lack some feature?

If you are just looking for "secure(TM)[X]", you are making a mistake somewhere anyway.

If your life or livelihood depends on it, you learn what the impact of every choice is and you painstakingly keep to your opsec.

Somewhere between the two user action becomes a necessity. You need to judge where that point is for you and take responsibility for it because nobody else can guarantee it.

C4K3 20 hours ago

At the very least they should have excluded any chats with disappearing messages enabled from being included in backups.

With disappearing messages off it was already reasonable to assume that a compromise of a counterparty's phone would result in exposure of all previous messages, so enabling backups wouldn't expose you to new risk.

That would cater to those who want to keep their chat history forever without exposing those with disappearing messages enabled to new risk.

Reply View 0 replies
elvisloops a day ago

The history of Signal has been to provide the security properties we're talking about without users having to think about it or understand. To suddenly remove forward secrecy is a very big change, and it isn't one that they seem to have acknowledged or documented. Like this blog post: they are making an announcement that they have a "post-quantum ratchet," when they have effectively removed the ratchet. It's theater.

Reply View 1 reply
  • jfyi a day ago

    I think you missed the point entirely. You can't have security without thinking about it. You can have vague sense of security, which is the theater you are talking about.

    Show me a company anywhere that can provide security without user thought and deliberate action. It's a fantasy to believe anything you don't have to think about isn't theater. Hell, if you aren't thinking about it, you're one of the actors in that theater.

    Reply View 0 replies