Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
Figure they've penetrated telegram or someone and are trying to drive people to use compromised messaging? Idk but when Russia and Musk both target Signal that makes me think I should be using it. (But maybe that's the play lol.)
It's a phishing campaign. Update signal and don't give strangers your details. Also the windows desktop app sucks. Due to windows being insecure.
Yep this is, at least so far, a “the bastards can’t crack in from the outside so they’re trying to get you to hand over your account.”
Mildly reassuring but clickbait titles gonna clickbait.
Linux isn’t terrible.
There’s hiccups though. Example. Partner recently redid his chrome book. Wiped it, added some bits, added a Linux setup specific to chromebook hardware.
Earbud pairing: inconsistent.
Little things like that which are normally automatic often require some troubleshooting with Linux. Also Linux: there’s always a patch or fix somewhere.
Mostly though, it’s pretty good. And your machines run better because all the home phone bloat and trash is removed.
The FBI, before Trump and Musk got their grubby little claws into it, warned everyone in the US to switch to E2EE messaging, and they explicitly mentioned Signal by name as one of several options.
This was/is due to the still-ongoing Salt Typhoon hack, and if the government is telling people they need to hide their info—an entity with agencies and bills set up to spy on its citizens— it's probably something everyone should be doing yesterday.
So yes, you should be using Signal, SimpleX, a Matrix client, etc.
Keep using signal. The article mentions that someone can use a QR code to add a trusted/ linked device to your group of linked devices. They would need physical access to do this. It's been done by russians, finding devices on the battle field. So make sure and check your linked devices, use disappearing messages appropriately, and continue on your day. Peace out!
In depth review validating the credibility of Signal's encryption by a Security Engineer who specializes in encryption.
Reviewing the Cryptography Used by Signal by Soatok
The bottom line was in total, no vulnerabilities were found.
Can they update signal so you don’t have to use a phone number?
They have updated it so that you don’t need to use your phone number as the identifier you share with other people so that they can message you. You can now give out a username and your new contact will not be able to learn your phone number.
As for Signal itself knowing what your phone number is, I don’t see that as much of a problem, because they intentionally don’t know anything useful about you. They publish redacted subpoenas and their responses so you can see just how little data they can provide. They don’t know who your contacts are so there’s no social graph to be drawn.
Notably, this device-linking concept of operations has proven to be a low-signature form of initial access due to the lack of centralized, technology-driven detections and defenses that can be used to monitor for account compromise via newly linked devices; when successful, there is a high risk that a compromise can go unnoticed for extended periods of time.
Well, hopefully that gets fixed soon.
I saw elsewhere that Signal has already addressed this problem and issued an update. If your app is up to date as of now, you should be good to go.
Has anyone on Graphene had their signal app want to auto update outside of aurora or F-droid?? My signal app the other day had 2 seperate a few days apart updates from the app itself, outside of both stores. Sketches me out still. How can I make sure it has not been compromised?
Try Molly instead which is a hardened fork of Signal. Molly uses the same servers and is transparent to the operator.
You can install Molly through F-Droid or Accrescent.
