this post was submitted on 02 Oct 2023
103 points (100.0% liked)

Privacy Guides

16813 readers
3 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] bastion@feddit.nl 0 points 1 year ago (1 children)

True. And although perfect forward secrecy isn't a huge deal, it is potentially useful, if (for example) you have the encrypted messages backed up, then deleted from your phone, and someone gets access to both your backup and secret key (somehow).

If a hacker had access to the private long-term key, though, odds are extremely high that they have access to the message database of decrypted messages that signal keeps around to show your history - so kinda moot at that point. There are some useful niche cases for it, though.

Not a dealbreaker for my by far.

[–] ghazi@mastodon.tn 0 points 1 year ago (1 children)

@bastion > message database of **decrypted** messages that signal keeps around to show your history

What are you talking about ? Where did you get this from ?

[–] bastion@feddit.nl 1 points 1 year ago

There's a physical necessity to keep all of the information necessary to decrypt messages in the app's folder.

Anything the signal app shows you can also be seen by an app with access to Signal's data on that device. This is true of any E2E encrypted messenger service.

Of course, this is disallowed by the OS, but if you have physical access to that device, you have and can access that data. That includes the database of all of your messages on that device, and the key to decrypt them.

PFS prevents someone using the key your device has on it from decrypting earlier cyphertexts. But if they have access to that key, they almost inevitably also have access to the database that signal keeps all of your messages in.

Thus PFS only works in practice if you delete the data from both the sending and receiving devices. PFS is useful, but it's usefulness is fairly limited in typical scenarios. But, if someone sniffed the cyphertext and then you read the message and deleted it/had disappearing messages on, and they later hacked your phone and got the key, you'd be safe and they couldn't decrypt the cyphertext they'd sniffed earlier.

It's just... ..it's a really niche scenario, and most people (except the very paranoid) aren't regularly deleting every message.