this post was submitted on 29 Nov 2023
127 points (97.7% liked)
Technology
59622 readers
3195 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Interesting, thanks for that.
The first link you posted states that the master key is stored. It also states that the information on the page doesn't match the official blog from Signal, but that they've gathered their information from the source code, so I assume it's correct. It does make me wonder why Signal doesn't say that they store the master key though ๐ค
You don't have to trust blogs, do the experiment yourself, make a new signal account, send a message, set a pin, delete the app, reinstall, recover from pin, and send a message again.. the signing key doesn't change. That is proof the key is in the cloud.
Signal DOES say its in the cloud, but they use the Corporate partial truth..... SVR is for "personal data" ... which the key is. They don't emphasis it, because its such a bad idea, when they implemented this there was a big security online outrage... which seems to have died down.
Signal is a good enough protocol for daily use, but not good enough for nation states, or the truly security conscious. Signal is a step in the path to federated democratic private communication but not the destination.