ForgottenFlux@lemmy.world to Privacy@lemmy.mlEnglish · 1 year agoSignal under fire for storing encryption keys in plaintext on desktop appstackdiary.comexternal-linkmessage-square258fedilinkarrow-up1512arrow-down130cross-posted to: privacy@lemmy.worldtechnology@lemmy.worldfoss@beehaw.org
arrow-up1482arrow-down1external-linkSignal under fire for storing encryption keys in plaintext on desktop appstackdiary.comForgottenFlux@lemmy.world to Privacy@lemmy.mlEnglish · 1 year agomessage-square258fedilinkcross-posted to: privacy@lemmy.worldtechnology@lemmy.worldfoss@beehaw.org
minus-squarefuzzzerd@programming.devlinkfedilinkEnglisharrow-up5arrow-down1·1 year agoI was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven’t merged it. Otherwise that’s just inexcusable.
minus-square𝙲𝚑𝚊𝚒𝚛𝚖𝚊𝚗 𝙼𝚎𝚘𝚠@programming.devlinkfedilinkarrow-up7·1 year agoThe PR had some issues regarding files that were pushed that shouldn’t have been, adding refactors that should have been in separate PRs, etc… Though the main reason is that Signal doesn’t consider this issue a part of their threat model.
I was just nodding along, reading your post thinking, yup, agreed. Until I saw there was a PR to fix it that signal ignored, that seems odd and there must be some mitigating circumstances on why they haven’t merged it.
Otherwise that’s just inexcusable.
The PR had some issues regarding files that were pushed that shouldn’t have been, adding refactors that should have been in separate PRs, etc…
Though the main reason is that Signal doesn’t consider this issue a part of their threat model.