If anyone is curious I highly recommend exploring the desktop app implementation. So many of security guarantees that Signal ostensibly provides are gone in desktop environments where any app you have installed can read ~/Library/Application Support/Signal to and see all your contacts and messages in using the encryption key stored in cleartext in config.json.
Wow. Didn't know this. Signal's got a lot of user warnings when doing anything that breaks the security model. I don't remember Desktop giving a "Your chats are essentially unencrypted on this platform" warning.
If you can see a plaintext decoded message you should assume that it is system-readable if you don’t have some kind of guarantees about a memory-secure enclave. Use a secure system if you care about this.
If anyone is curious I highly recommend exploring the desktop app implementation. So many of security guarantees that Signal ostensibly provides are gone in desktop environments where any app you have installed can read ~/Library/Application Support/Signal to and see all your contacts and messages in using the encryption key stored in cleartext in config.json.
https://vmois.dev/query-signal-desktop-messages-sqlite/
Wow. Didn't know this. Signal's got a lot of user warnings when doing anything that breaks the security model. I don't remember Desktop giving a "Your chats are essentially unencrypted on this platform" warning.
If you can see a plaintext decoded message you should assume that it is system-readable if you don’t have some kind of guarantees about a memory-secure enclave. Use a secure system if you care about this.