Figure they’ve penetrated telegram or someone and are trying to drive people to use compromised messaging? Idk but when Russia and Musk both target Signal that makes me think I should be using it. (But maybe that’s the play lol.)
It’s a phishing campaign. Update signal and don’t give strangers your details. Also the windows desktop app sucks. Due to windows being insecure.
Yep this is, at least so far, a “the bastards can’t crack in from the outside so they’re trying to get you to hand over your account.”
Mildly reassuring but clickbait titles gonna clickbait.
Linux isn’t terrible.
There’s hiccups though. Example. Partner recently redid his chrome book. Wiped it, added some bits, added a Linux setup specific to chromebook hardware.
Earbud pairing: inconsistent.
Little things like that which are normally automatic often require some troubleshooting with Linux. Also Linux: there’s always a patch or fix somewhere.
Mostly though, it’s pretty good. And your machines run better because all the home phone bloat and trash is removed.
For those who still need to run Windows, I recommend that you utilize the Windows 10 LTSC IoT iso (can be found online; make sure you verify it with a checksum from microsoft) as it will receive security updates until 2032. You can debloat the iso significantly using this guide, though be warned that it is very easy to break and you may need to re-modify and re-install it to fix any weird errors that you introduce. Mine works great, totally removed defender, all telemetry I could find, etc, but my BitLocker doesn’t work lol.
If you need help give me a shout. I wont share an ISO because tbh you shouldn’t trust a stranger for that, but if you have questions I’ve done this about 12 times for myself and others
Thanks for this, I’m gonna share this.
Signal desktop app just sucks. On Linux too.
The FBI, before Trump and Musk got their grubby little claws into it, warned everyone in the US to switch to E2EE messaging, and they explicitly mentioned Signal by name as one of several options.
This was/is due to the still-ongoing Salt Typhoon hack, and if the government is telling people they need to hide their info—an entity with agencies and bills set up to spy on its citizens— it’s probably something everyone should be doing yesterday.
So yes, you should be using Signal, SimpleX, a Matrix client, etc.
In Russia they seem to be trying to make it so that everyone uses either VK or TG for communication. Life is in TG, so.
WhatsApp has not been banned yet, but WhatsApp stores metadata Signal doesn’t. Signal is technically banned, but one can use it proxying it via Tor or something else.
OK, too many words.
I think it’s safe to assume all power-hungry people with their hands on opportunity to spy on others are class allies, regardless of their country. That includes companies and that includes politicians and that includes bureaucrats. So - it’s also safe to assume that Russian and American special services might exchange surveillance data. Police services do that when it’s about criminals and criminal organizations. No reason this wouldn’t work the same for 3-letter services - for some people being a honest person is a crime.
So the common wrong wisdom that it’s safer for a US citizen to use TG than FBM, say, and that it’s safer for a Russian citizen to use FBM than TG, is kinda useless. Power doesn’t work this way, they are not eternal enemies.
What I really wanted to say is that Russian-aligned or not doesn’t matter much here. Just that communications should be protected, and those trying to creep to power should have their heads broken so gruesomely that a few generations would remember how tyranny must be fought. OK, these are emotions, in fact they’ll likely succeed and the planetary digital concentration camp will happen.
I could write a fucking book here and I had to delete about a chapter just to get to the point here so this would be readable.
The current Russian and US gov’ts are forces for evil in the world. If they say jump, I’m looking for a shovel.
You’re not wrong that corporations are also a real problem—they are the surveillance arm of world governments. That doesn’t really intersect with what I was trying to say.
Until recently, I had the luxury of knowing my government doesn’t give a shit if I have queer kids. But now they do, at the same time that there is a push against encrypted communication. And I’m really paying attention to the signals (hah!) they are sending, because I’m mentally preparing for shit to turn really dark, really fast, and I don’t want to be caught with my pants down.
Keep using signal. The article mentions that someone can use a QR code to add a trusted/ linked device to your group of linked devices. They would need physical access to do this. It’s been done by russians, finding devices on the battle field. So make sure and check your linked devices, use disappearing messages appropriately, and continue on your day. Peace out!
In depth review validating the credibility of Signal’s encryption by a Security Engineer who specializes in encryption.
Reviewing the Cryptography Used by Signal by Soatok
The bottom line was in total, no vulnerabilities were found.
Just be sure to not use the default keyboard on your phone, use one that never connects to the internet.
I’d recommend the FUTO keyboard.
What are your thoughts on HeliBoard compared to FUTO?
Personally I’ve never used HeliBoard but from the surface level digging I’ve done it looks pretty similar and is chasing the same goal as FUTO: a good fully offline keyboard app.
I heard about FUTO and tried it’s “voice to text” function and was impressed so I’ve stuck with it. This function for it is also fully offline vs the default GBoard which sends that voice data to Google to store indefinitely.
Nice, I used Heliboard with Futos voice to text.
Fair enough. I tried HeliBoard because it was recommended and stuck with it. I don’t use voice to text, but got swipe texting to work on HeliBoard
Is the US government now a “Russia-aligned threat actor” too? Just wondering.
if you ask me, yes
Not the whole government, but some of it 100% yes.
Thank you kind soul, that really brightened up my day.
Absolutely
Can they update signal so you don’t have to use a phone number?
They have updated it so that you don’t need to use your phone number as the identifier you share with other people so that they can message you. You can now give out a username and your new contact will not be able to learn your phone number.
As for Signal itself knowing what your phone number is, I don’t see that as much of a problem, because they intentionally don’t know anything useful about you. They publish redacted subpoenas and their responses so you can see just how little data they can provide. They don’t know who your contacts are so there’s no social graph to be drawn.
Notably, this device-linking concept of operations has proven to be a low-signature form of initial access due to the lack of centralized, technology-driven detections and defenses that can be used to monitor for account compromise via newly linked devices; when successful, there is a high risk that a compromise can go unnoticed for extended periods of time.
Well, hopefully that gets fixed soon.
I saw elsewhere that Signal has already addressed this problem and issued an update. If your app is up to date as of now, you should be good to go.
Has anyone on Graphene had their signal app want to auto update outside of aurora or F-droid?? My signal app the other day had 2 seperate a few days apart updates from the app itself, outside of both stores. Sketches me out still. How can I make sure it has not been compromised?
Try Molly instead which is a hardened fork of Signal. Molly uses the same servers and is transparent to the operator.
You can install Molly through F-Droid or Accrescent.
