Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nxobject 4 hours ago

Sadly, they still got to her Signal on her Desktop – her sources might still be compromised. It's sadly inherent to desktop applications, but I'm sad that a lot more people don't know that Signal for Desktop is much, much less secure against adversaries with your laptop.

tadzikpk an hour ago | parent | next [-]

> I'm sad that a lot more people don't know that Signal for Desktop is much, much less secure against adversaries with your laptop

Educate us. What makes it less secure?

digiown 39 minutes ago | parent [-]

The key in the desktop version is not always stored in the secure enclave, is my assumption (it definitely supports plaintext storage). Theoretically this makes it possible to extract the key for the message database. Also a different malicious program can read it. But this is moot anyway if the FBI can browse through the chats. This isn't what failed here.

mrandish an hour ago | parent | prev | next [-]

I would have thought reporters with confidential sources at that level would already exercise basic security hygiene. Hopefully, this incident is a wake up call for the rest.

stronglikedan 3 hours ago | parent | prev | next [-]

If people don't have Signal set to delete sensitive messages quickly, then they may as well just be texting.

AdamN 3 hours ago | parent [-]

That's a strong statement. Also imho it's important that we use Signal for normal stuff like discussing where to get coffee tomorrow - no need for disappearing messages there.

tptacek 2 hours ago | parent | next [-]

Not if you're using Signal for life-and-death secure messaging; in that scenario it's table stakes.

aschobel 2 hours ago | parent | prev [-]

I'm weird, i even have disappearing messages for my coffee chats. It's kind of refreshing not having any history.

zikduruqe 37 minutes ago | parent [-]

I'm an inbox zero person... I keep even my personal notes to disappear after 2 days. For conversations 1 day.

NewsaHackO 3 hours ago | parent | prev | next [-]

Yea, I also would want to question the conclusions in the article. Was the issue that they couldn't unlock the iPhone, or that they had no reason to pursue the thread? To my understanding, the Apple ecosystem means that everything is synced together. If they already got into her laptop, wouldn't all of the iMessages, call history, and iCloud material already be synced there? What would be the gain of going after the phone, other than to make the case slightly more watertight?

pbhjpbhj 3 hours ago | parent | prev [-]

Did she have Bitlocker or FileVault or other disk encryption that was breeched? (Or they took the system booted as TLAs seek to do?)

bmicraft 2 hours ago | parent | next [-]

There was a story here the other day, bitlocker keys stored in your Microsoft account will be handed over.

3 hours ago | parent | prev | next [-]
[deleted]
MoonWalk 3 hours ago | parent | prev [-]

breached