undefined | Better HN

0 pointsjancsika10mo ago0 comments

> Signal’s encryption algorithm is fine.

At least in the case of the leak the culprit was the UX, no?

Suppose a user wants the following reasonable features (as was the case here):

1. Messages to one's contacts and groups of contacts should be secure and private from outside eavesdroppers, always.

2. Particular groups should only ever contain a specific subset contacts.

With Signal, the user can easily make them common mistake of attempting to add a contact who already is in the group. But in this case Signal UI autosuggested a new contact, displaying initials for that new contact which are the same initials as a current group member.

Now the user has unwittingly added another member to the group.

Note in the case of the leak that the contact was a bona fide contact-- it's just that the user didn't want that particular contact in that particular group. IIRC Signal has no way to know which contacts are allowed to join certain groups.

I don't know much about DoD security. But I'm going to guess no journalist has ever been invited to access a SCIF because they have the same initials as a Defense Dept. employee.

0 comments

aftbit10mo ago

My understanding was that the journalist's phone number was accidentally added to the existing contact of a trusted user through the following process:

1. Journalist emailed trusted user seeking comment on something. This email contained the journalist's cell phone number in the signature block.

2. The trusted user forwarded this email to the fool with Signal.

3. The fool's iPhone suggested adding the journalist's cell phone number to the trusted user's contact.

4. The fool accepted this, perhaps blindly.

sudahtigabulan10mo ago

You are right. Here's the discussion from a month ago:

https://news.ycombinator.com/item?id=43601213

This iPhone feature exists probably to save a few taps when people text you their new phone number.

But it fails to account for the fact that this is not the only reason phone numbers happen to be in texts.

acdha10mo ago

Definitely - that kind of context is critical. Signal, iMessage, etc. are designed to let you securely connect to people you just met and don’t share much with other than a phone number. The DoD has the opposite problem: they have a list of people they trust enough to have access and blocking anyone not on that list is a major feature. Beyond the fact that both are sending messages, these problems are less alike than they seem at first.

j / k navigate · click thread line to collapse