Comment by Zak
8 months ago
That's just phishing.
Signal could make the pairing attack impossible by eliminating the device pairing feature, but that would also reduce its appeal and harm its mission of bringing secure communication to a broad audience. It could add steps to setting up a group chat and inviting additional members to make it less likely users will invite the wrong person, but that, too would hurt its popularity.
Security is a process and a spectrum, not a binary that can be guaranteed by using a certain product or service.
The goal of US information security is not making an app more popular. It's keeping secrets safe.
In that view, Signal is the wrong app to use for US Officials.
I agree. There are official channels that already exist for discussing sensitive information, and it does not appear Signal is one of them. These officials using any device or software not approved for that purpose constitutes a serious breach of protocol.
Signal probably shouldn't be approved for that purpose because it does trade some foolproofness for convenience. Secure communication should also be limited to dedicated devices, which probably wouldn't have journalists stored in their contacts.
The CIA was approved to use signal but for certain applications. Probably because it was better than SMS. But not good enough for classified information.
You could see a CIA agent being in Russia needing to use Signal with an informant, e.g. But that wouldn't be the same level of security needed to hold nuclear secrets.
1 reply →