Summary
Lawmakers from both parties expressed outrage after The Atlantic’s editor-in-chief revealed he was accidentally included in a Trump administration Signal chat discussing Yemen airstrikes.
Rep. Chris Deluzio (D-Pa.) and Rep. Sara Jacobs (D-Calif.) called for investigations and firings, labeling it a serious security breach.
Rep. Don Bacon (R-Neb.) criticized the use of non-secure systems, warning that adversaries like Russia and China could exploit it.
Sen. Mark Warner (D-Va.) condemned the administration’s mishandling of classified information, saying it endangers national security.
“Non-secure systems” uh. No. Systems that aren’t in the US control is what you mean.As @asdfasdfasdf@lemmy.world pointed out, Signal is insecure as in the access to the message wasn’t controlled. It’s like stripping naked in front of an open window with the lights on in your house. Yeah, technically, you are inside your home where it’s private. But if you aren’t pulling the shades everyone gonna see it
I’d absolutely qualify it as non-secure in this context. Signal is E2E encrypted but there are no systems in place where it understands who’s added to a chat and validates access based on ACLs or anything. Authorization policies are critical in securing systems.
Man you’re technically correct.
The best kind of correct. Let me alter my comment and direct them to this, because I didn’t even think that far.
Isn’t that important given the nature of what was being discussed?
Yes. Access control is not in scope of Signal, I updated my comment to correct my statement.
I would however enjoy being a fly on the wall when someone has to explain what application or system scope is to Trump.
given that signal is what the us authorities encouraged citizens to use for privacy i assume that they do in fact have back door access to whatever they want
Well, that would be impressive. Because it’s open source, you can audit it yourself. The cryptography of it is secure. Unless the government has a secret way of breaking these encryption algorithms which we are unaware of, there is no backdoor.
I’ve only dug into the user to user messaging, but I’m group messaging is just as secure.
The only thing that was lacking when I read through it was key transparency. And that’s a problem with every end to end encryption service. HOWEVER I know work is being done on implementing it. That will alleviate the fears of the wrong public keys being used (aka, you’re talking to someone different than you thought).
linux is open source and it’s had countless vulnerabilities. I’m not a security researcher so i wouldn’t be able to spot a vulnerability anyway. I am a student of history and when my government says trust me bro it’s best if you use this one i see red flags.