> I'm sad that a lot more people don't know that Signal for Desktop is much, much less secure against adversaries with your laptop
replyEducate us. What makes it less secure?
In addition to what the other person who replied said, ignoring that iOS/Android/iPadOS is far more secure than macOS, laptops have significantly less hardware-based protections than Pixel/Samsung/Apple mobile devices do. So really the only way a laptop in this situation would be truly secure from LEO is if its fully powered off when it’s seized.
replyThe key in the desktop version is not always stored in the secure enclave, is my assumption (it definitely supports plaintext storage). Theoretically this makes it possible to extract the key for the message database. Also a different malicious program can read it. But this is moot anyway if the FBI can browse through the chats. This isn't what failed here.
replyAlso last time I looked (less than 1 year ago) files sent over Signal are stored in plain, just with obfuscated filenames. So even without access to Signal it's easy to see what message attachments a person has received, and copy any interesting ones.
replyIf people don't have Signal set to delete sensitive messages quickly, then they may as well just be texting.
replyThat's a strong statement. Also imho it's important that we use Signal for normal stuff like discussing where to get coffee tomorrow - no need for disappearing messages there.
replyI'm weird, i even have disappearing messages for my coffee chats. It's kind of refreshing not having any history.
replyI'm an inbox zero person... I keep even my personal notes to disappear after 2 days. For conversations 1 day.
replyNot if you're using Signal for life-and-death secure messaging; in that scenario it's table stakes.
replyStrong and accurate. Considering non-disappearing messages the same as texts is not the same thing as saying all Signal messages ought to be disappearing or else the app is useless.
replyTelegram allows you to have distinct disappearing settings for each chat/group. Not sure how it works on Signal, but a solution like this could be possible.
I would have thought reporters with confidential sources at that level would already exercise basic security hygiene. Hopefully, this incident is a wake up call for the rest.
replyYea, I also would want to question the conclusions in the article. Was the issue that they couldn't unlock the iPhone, or that they had no reason to pursue the thread? To my understanding, the Apple ecosystem means that everything is synced together. If they already got into her laptop, wouldn't all of the iMessages, call history, and iCloud material already be synced there? What would be the gain of going after the phone, other than to make the case slightly more watertight?
replyNot if she’s smart.
replyDid she have Bitlocker or FileVault or other disk encryption that was breeched? (Or they took the system booted as TLAs seek to do?)
replyThere was a story here the other day, bitlocker keys stored in your Microsoft account will be handed over.
replyThis has been known for a while, though I don't know if your typical layperson was aware until recently. People need to remember that any access a company has to a device, so does LE with a warrant. Even moreso once you get into federal resources and FISA courts.
replyWhich windows does by default and makes it hard to turn off
replyBitlocker isn't secure, for several reasons, that I won't get into on here.
replydeleted
reply