Question about Signal : privacy

[–] poVoq@lemmy.ml 11 points 2 years ago* (last edited 2 years ago)

You are both sort of right. Signal's on device storage is AFAIK only weakly encrypted with your screen-lock password (although you can enable a second weak password in Signal specifically). So if your phone is unlocked and backdoored the attacker can pretty much do what ever they want including reading your Signal messages.

Edit: to make it more clear... someone with a backdoor can just start a hidden application that does the same as the Signal client and open the on device stored messages with out your knowledge. And it is also quite trivial to install a keylogger to capture all passwords including those inside Signal.

[–] Lynda@lemmy.ml 11 points 2 years ago

If a device is compromised, the adversary can do whatever they want: screenshots, keyloggers, fork Signal and install their own client.

[–] Nyaa@lemmy.ml 5 points 2 years ago

If your phone is compromised, anything that you can see they can see as well. Absolutely nothing can protect against that because the only way would be to prevent even yourself from seeing it.

Potentially a really good sandbox and strict permissions could help, but if someone were to backdoor your phone chances are they can get around most software based solutions anyway.

[–] molly@lemmy.ml -1 points 2 years ago

Try molly -- hardened fork of signal. With encrypted keys as soon as you lock it after using the app it shreds itself from ram.

[+] cber_quaternion@lemmy.ml -8 points 2 years ago (1 children)

You can use Molly a fork of signal

[–] Reaton@lemmy.ml 12 points 2 years ago (2 children)

If the phone is backdoored, it would change nothing.

[–] jiaminglimjm@lemmy.ml 0 points 2 years ago (1 children)

😂 u r just a h8r

[–] Reaton@lemmy.ml 0 points 2 years ago

yes of course, I have nothing better to do /s

[–] cber_quaternion@lemmy.ml -3 points 2 years ago (1 children)

The messages are encrypted on the phone

[–] pinknoise@lemmy.ml 3 points 2 years ago (1 children)

But you can view the messages on your phone, so they are decrypted at some point. Then an attacker can steal the key and read them whenever they want. Or they just take screenshots when you use the app if they are lazy.

[–] cber_quaternion@lemmy.ml 1 points 2 years ago (1 children)

Molly has a feature, which prevents screenshots. Also everywhere you are in danger of password stealing, bruteforce attacks, etc.

[–] pinknoise@lemmy.ml 0 points 2 years ago (1 children)

Molly has a feature, which prevents screenshots.

Again, if you can see it on the screen it's possible to steal it. (How easy it is depends on the driver)

Molly (or any app) won't help you if your phone is compromised, unless you set a pin to lock your messages and never unlock it after being compromised. (which is unlikely)

[–] Reaton@lemmy.ml 2 points 2 years ago

They only try to promote their app.

Privacy

A place to discuss privacy and freedom in the digital world.

Some Rules

Related communities

Chat rooms