David Penfold 
@davep@infosec.exchange
Too old to rock and roll, too young to die. Vegan and anarchism curious.
Likes permaculture, infosec, Tranmere Rovers. But mainly bad jokes stolen from https://www.justthetalk.co.uk/thehaven/17468/urgent-i-need-a-good-joke-right-now
Officially not right in the noggin #ʘ‿ʘ
Posts
Latest notes
@lxo @feld @rysiek And the first article seems confused. He says "it's good to know that Signal leaders are aware of the leaky nature of the devices they force users to use to start using Signal." in relation to the agentic AI on Windows raised by Meredith Whittaker.
Nobody is forced to use this platform to start using Signal.
@lxo apparently there are secure enclaves behind the pin so your data is protected. It's pretty clever.
@lxo @feld @rysiek Are you implying Signal shares your information with third parties? Or that they even can?
I understand your desire for autonomy, which is cool. That doesn't mean you have to throw shade where it's not needed. The issue here yesterday for Signal was resilience, not access to your data.
@lxo @feld @rysiek
I agree with the centralisation risk. But those articles have nothing to do with needing a telephone number. They're more of an indictment of Windows and tend to back up Signal's worry about LLMs embedded into the OS.
If your endpoint is compromised, anything you read is also compromised.
As for the "magic" comment, it's just that they encrypt basically all the metadata that the likes of WhatsApp don't. And with the double ratchet protocol they can't decrypt that data. They *could* make logs of who called or messaged who, but don't. If this were decentralised, what's to stop a bad actor logging such information? Just curious. It may need a rethink of the whole architecture (I'm not saying that's a bad thing by the way).