this post was submitted on 05 Aug 2023
1288 points (98.6% liked)
Technology
60112 readers
3138 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m not leaving Signal until someone implements keeping data at rest encrypted on both ends and requires multi factor unlock (bio+pin is my choice).
So sick of E2E clients that leave the data in plaintext on the devices and then back it up in plaintext to the cloud.
Does Signal back up in plaintext in the cloud? (If so that doesn't sound like E2E encryption… unless the 'ends' are uh… also constituted as the cloud itself which is… defeating the purpose).
Where do the pub/ private keys live, exactly, tbh. (Assuming it is asymmetric encryption that they use?)
No, signal does not do cloud backups. The keys live on the end users devices.
Signal doesn't store any of your chats at all. They're all on-device by design
Hm... If they're not being stored on the cloud, that means offline users would never receive messages, unless Signal is purely P2P. I haven't looked at the project, or the source, but I find it hard to believe -- you can't really do user lookups without some sort of middleware in the cloud.
All the data they have on any specific user is the account creation date, and the last online timestamp. They've already done loops around this topic in the DOJ.
And I thought it should be obvious that an online service doesn't work if you're offline
Yeah, but messengers, such as WhatsApp for instance, will send you missed messages once you're back online. That's what I was referring to.
You're right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I'm oversimplifying it for accessibility.
Sending a message to
Bob
Send
.Bob
.Bob
- this means Signal's server can see its a unique user, but not what their name is.See their blog post about Private Contact Discovery, they've spent a long time figuring out how to engineer a method to know as little as possible about you.
Thanks for the explanation.