[Cryptography] Signal chat fallout.
Nico Williams
nico at cryptonector.com
Fri Mar 28 15:15:58 EDT 2025
On Wed, Mar 26, 2025 at 06:41:33PM -0700, Ray Dillinger wrote:
> I have told people time and again that nothing happening on a cell phone
> should be considered private. Cell phones, regardless of how good an
> individual piece of software on them may be, leak like mesh bags full of
> loose shit and unless completely redesigned from the ground up absolutely
> have no place in any security infrastructure. [...]
Supposedly they had Signal on their desktops as well, installed by the
CIA.
It's not just cell phones.
Laptops using only WiFi (as opposed to LTE) and desktops leak less by
not using the cell phone infrastructure, but otherwise they have all the
same problems that cell phones would have, and probably worse.
One very serious problem here is that Signal doesn't do multi-level
authorization or any real authorization at all. You really want a good
authorization solution in a military setting.
Apart from that using Signal almost certainly violates open records laws
unless they were doing something to record their chats (which I bet they
were not). Their excuse is that the CIA insisted they use Signal, which
I guess is somewhat acceptable except that they should have known
better.
Nico
--
More information about the cryptography
mailing list