Comment by sroussey
17 hours ago
Employees at Signal must be getting bribes as well, or even threats of violence since they can get nation state Secret communications these days.
Got to make it so employees can’t do anything nefarious. This helps protect them.
How would employees of Signal access the encrypted messages?
Employees can't get access to encrypted messages.
But they can look the other way about flaws in their Electron client.
Or any client.
They don’t need to.
Under specific conditions, the client can communicate with malware already on device, save data locally for other software to pick up, or downright stream the decrypted software to a third party.
Most likely is to introduce a flaw in the client that can be used by other walware on the client.
Clearly no red team members on HN these days.
Indeed, it is what TeleMessage does.
Roll out an update that defeats the end to end encryption in some subtle way that wouldn't go noticed for a few days. They'd be told when to do it for maximum effect, and if the window is small enough it might even go unnoticed for far longer when another uncompromised update overwrites it. They have no duty to report such things to relevant authorities even if it was discovered internally, so you could be looking at some corporate coverup that while not in on it, seeks to minimize liability/embarrassment.
Really, can you possibly tell if your Signal messages were compromised? Now that iPhones aren't really jailbreakable, you can't even see inside your own device.