Signal privacy club group

Abhi lamba:

It’s privacy club group

Join only if you are serious about privacy

What if I’m not serious? Can I use a decentralized standardized messaging system instead of a proprietary server silo like Signal?


You wanna talk about privacy? and you are asking publicly to for others to join?

If the choices are “secure but alone” and “not secure”… :crying_cat_face:


E2E in groups is abracadabra. By the way, all security audits ever done on Signal, specifically state that their findings apply ONLY to conversations between 2 devices, as group chats present multiple avenues for exploits, which render audits meaningless.

1 Like

why would it be? Don’t they send an 1:1 message from sender to each group member?

There is no documentation on group chats.

Here are 2 problems:

Our model describes key indistinguishability of two-party multi-stage keyexchange protocols. There are other security and functionality goals which Signal may address but which we do not study, including: group messaging properties, message sharing across multiple devices, voice and videocall security, protocol efficiency (e.g. 0-round-trip modes), privacy, and deniability.

The other one, which I can’t find at the moment, is where they talk about out-of-band authentication, which Signal doesn’t implement. Imagine the practicality of this for a group of 100. Without this, they say, a malicious server can impersonate all identities.

Edit: Found it

The trust assumptions on the registration channel are not defined; Signal specifies a mandatory method for participants to verify each other’s identity keys through an out-of-band channel, but most implementations do not require such verification to take place before messaging can occur. Without it, an untrusted key distribution
server can impersonate any agent.

The quotes are from this audit.