Oddbean new post about | logout
discoverbtc | 30 days ago (raw) | root | parent | reply | flag +1 
 I thought Signal was fully open source, but maybe not according to Molly? 

Also, I was not aware of this vulnerability in Signal desktop: https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/

It looks like Molly adds a passphrase to protect databases in really old versions of Android that don't have a keystore, but otherwise I'm not sure it's necessary (and users might think it's a nuisance).
calle 👁️⚡👁️ | 29 days ago (raw) | root | parent | reply | flag 
 This isn't really a vulnerability imo. A bit overblown news.
discoverbtc | 29 days ago (raw) | root | parent | reply | flag 
 I travel with my laptop, so it can be stolen rather easily. The thief can then read all of my private messages at their leisure. I expected better security from Signal. Sure, I can take additional steps to protect myself, but I didn't know I needed to with Signal.
calle 👁️⚡👁️ | 29 days ago (raw) | root | parent | reply | flag +1 
 Encrypt your hard drive?!
discoverbtc | 29 days ago (raw) | root | parent | reply | flag 
 I already use encrypted vaults, but I guess I need to encrypt the whole partition/drive too. My point is this should not be necessary for a security-focused app like Signal.
discoverbtc | 29 days ago (raw) | root | parent | reply | flag 
 Edit: I should have said "privacy-focused" in the previous post.