'People can link Signal messaging to a desktop application.' he said. 'This means that Signal data is being delivered to potentially multiple desktop and laptop computers where it isn’t being stored in a phone’s secure enclave. That data is then at risk from commodity malware on the system.'"
Previous statements were generalizations from people who clearly have no inside information.
This paragraph is detailed enough to make me doubt the expertise of the author.
"phone's secure enclave", the implication that a phone is more secure than a PC is naive. Maybe an iphone because of their rather wise policy of using full drive encryption without making users jump through too many hoops.
Otherwise nonsense, an off the shelf android phone from samsung has no automatic encryption around app storage or much else nor are phones generally immune from spyware anymore than PCs. In both cases spyware is either baked in (somebody tampered with the OS installation), or it was let in by the user.
Whether the OS encrypts the messages or not, the signal app certainly can. Does it?
It certainly can:
   await sql.initialize({
     appVersion: app.getVersion(),
     configDir: userDataPath,
     key,
     logger: getLogger(),
   });
You can look where they get the key from, it is a chromium user secret where possible.
In my experience what government workers do is they take something off the shelf, poke at it for a while, declare it acceptable (possibly with a bunch of bribes and 10 layers of useless clueless middlemen), and then force it onto government setup devices.
I wouldn't be surprised if the government's idea of a secure messaging system is a fork of Signal, I also wouldn't be surprised if its an ancient piece of shit program that still has COBOL in it, once having been perfect and efficient but now after being adapted to modern hardware environments 20 times has just as many "security vulnerabilities" as Signal with a hundred times the maintenance effort.
Since we're obviously not going to find some secret government apps that may or may not exist on github this comparison has reached its endpoint.
Suffice to say Signal, in the hands of experts, would have been secure; and the greatest efforts of the Pentagon would have failed to keep this information out of the news after having invited a blabbing journalist to participate.
No this doesn't have much to do with anything, it just irks me when people throw in baseless implications. *posh accents* "Oh Signal, so pedestrian, not like our highly professional cyberwarfare division, haven't they seen movies? There are cool user interfaces any with lots of maps and everything!"
BS, look at what happened with the obamacare website.
Todd Park, the U.S.Â
chief technology officer, initially said on October 6 that theÂ
glitches[
clarification needed]Â were caused by unexpected high volume when the site drew 250,000 simultaneous users instead of the 50,000-60,000 expected. He claimed that the site would have worked with fewer simultaneous users.
These are our "experts"? You tell a nation of 300 million that something great is about to be accessible and assume that less than 0.083% would look at the same time?
That's not even the real issue, the real issue is that correctly written software responds to over-volume by failing to respond to all requests, not by introducing errors. I know with absolute certainty that they simply failed to design and implement a stable API / Database.
They paid $1.7 billion for this. I have been on teams of five that could have delivered better in a year. If only I knew who to bribe *sigh*
If so, I don't understand why anyone would assume that this is the only time they would ever engage in this.
It's not a structure though, it's information. Releasing some doesn't compromise the rest.
... and yea if it was intentional that implies that they would be willing to do it again, but under that conditional who cares?
The only point of classification is to keep a secret at POTUS discretion, if he or his underlings think there is an advantage in a pretend leak or open declassification what of it?
So because nothing interfered with the operation, nothing could have interfered with it and it was never dangerous.
That argument is wrong (and not one I made), but the conclusion could be true for all you know; and that was my point.
If the leak did result in problems that would be a reason to believe it was not intentional, but since it did not; that remains a possibility.
My problem with this is what we know it wasn't false and we don't know if it was useless.
We don't know a lot.
If you want to argue that it's beneficial to do this
Misdirection is certainly beneficial in war. I am simply saying we don't have enough information to distinguish an idiotic Trump admin from an age old tactic at this point.
I don't think it's valuable to the government to set a standard that there are active leaks in the system by creating new holes in it.
Again with the hole analogy. If it was intentional it's not a hole. More information isn't going to just keep flowing out of it. For all you know that "hole" led to a bucket which was carefully filled for a reason.
As for whether it benefits a government to appear weak in some way, that depends. When attempting to negotiate with enemies with threats and allies with promises the appearance is a disadvantage, but when in active contest appearing weak where you are strong is ideal.
