Convincing people to use apps such as Signal is hard work and most can’t be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?

The problem is these people use Signal on Android/IOS which can’t be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone’s push notifications and they do this as mass surveillance.

So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there’s the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.

So I don’t think I feel comfortable sending messages in Signal but it’s better than Whatsapp.

These were some thoughts to get the discussion started and set the context.

    • unskilled5117@feddit.org
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      2 months ago

      That is an iMessage exploit, nothing to do with push notifications. He might be referring to this, which allows associating an account with an identity, but it’s not what he is claiming (content decryption) either. So as long as no sources are provided he is just spreading FUD

      • Lemongrab
        link
        fedilink
        arrow-up
        3
        ·
        2 months ago

        I was referring to the OP’s comment on “iOS having a backdoor”. I am not saying I agree with OP, just was trying to see if there was something like a backdoor.

        • unskilled5117@feddit.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          Oh sorry about that! Somehow missed that. Still weird by OP to claim systems are insecure just because vulnerabilities are discovered. That‘s the case for every system out there. Vulnerabilities are discovered and fixed. And mobile operating systems typically have stricter security features and permission management than Desktop OS.

          • Lemongrab
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            This is true. I still agree that closed source OSes are not private or as secure as if they were open source. Something like deblobbed AOSP (DivestOS) is better because it has strong sandboxing, full system MAC policies, and vastly reduced attack surface to google Android (or Apple). Desktop does not have a strong enough threat model, wish it was better.