Comment by remus
8 months ago
If you're part of the US government, with access to the most sensitive information which will put people's lives at risk if compromised, then yes this is a vulnerability because "russian GRU agent nicks your phone and scans your signal QR code" is a real threat.
If you're part of the US government, you're not supposed to use signal to discuss this kind of stuff.
Bringing in a phone with decryption keys for this conversation is a risk, then, not just Signal's featureset...
I agree it could be hardening to allow users/organizations to disable this feature, and also other features such as automatic media decoding and other mechanisms that are trade-offs between security and usability, but simply does not meet the definition of a vulnerability (nobody will assign this a CVE number to track the bug and "resolve" it)