Figure they’ve penetrated telegram or someone and are trying to drive people to use compromised messaging? Idk but when Russia and Musk both target Signal that makes me think I should be using it. (But maybe that’s the play lol.)
It’s a phishing campaign. Update signal and don’t give strangers your details. Also the windows desktop app sucks. Due to windows being insecure.
Yep this is, at least so far, a “the bastards can’t crack in from the outside so they’re trying to get you to hand over your account.”
Mildly reassuring but clickbait titles gonna clickbait.
Linux isn’t terrible.
There’s hiccups though. Example. Partner recently redid his chrome book. Wiped it, added some bits, added a Linux setup specific to chromebook hardware.
Earbud pairing: inconsistent.
Little things like that which are normally automatic often require some troubleshooting with Linux. Also Linux: there’s always a patch or fix somewhere.
Mostly though, it’s pretty good. And your machines run better because all the home phone bloat and trash is removed.
For those who still need to run Windows, I recommend that you utilize the Windows 10 LTSC IoT iso (can be found online; make sure you verify it with a checksum from microsoft) as it will receive security updates until 2032. You can debloat the iso significantly using this guide, though be warned that it is very easy to break and you may need to re-modify and re-install it to fix any weird errors that you introduce. Mine works great, totally removed defender, all telemetry I could find, etc, but my BitLocker doesn’t work lol.
If you need help give me a shout. I wont share an ISO because tbh you shouldn’t trust a stranger for that, but if you have questions I’ve done this about 12 times for myself and others
Thanks for this, I’m gonna share this.
The FBI, before Trump and Musk got their grubby little claws into it, warned everyone in the US to switch to E2EE messaging, and they explicitly mentioned Signal by name as one of several options.
This was/is due to the still-ongoing Salt Typhoon hack, and if the government is telling people they need to hide their info—an entity with agencies and bills set up to spy on its citizens— it’s probably something everyone should be doing yesterday.
So yes, you should be using Signal, SimpleX, a Matrix client, etc.
Keep using signal. The article mentions that someone can use a QR code to add a trusted/ linked device to your group of linked devices. They would need physical access to do this. It’s been done by russians, finding devices on the battle field. So make sure and check your linked devices, use disappearing messages appropriately, and continue on your day. Peace out!
In depth review validating the credibility of Signal’s encryption by a Security Engineer who specializes in encryption.
Reviewing the Cryptography Used by Signal by Soatok
The bottom line was in total, no vulnerabilities were found.
Just be sure to not use the default keyboard on your phone, use one that never connects to the internet.
I’d recommend the FUTO keyboard.
What are your thoughts on HeliBoard compared to FUTO?
Personally I’ve never used HeliBoard but from the surface level digging I’ve done it looks pretty similar and is chasing the same goal as FUTO: a good fully offline keyboard app.
I heard about FUTO and tried it’s “voice to text” function and was impressed so I’ve stuck with it. This function for it is also fully offline vs the default GBoard which sends that voice data to Google to store indefinitely.
Nice, I used Heliboard with Futos voice to text.
Fair enough. I tried HeliBoard because it was recommended and stuck with it. I don’t use voice to text, but got swipe texting to work on HeliBoard
Is the US government now a “Russia-aligned threat actor” too? Just wondering.
if you ask me, yes
Not the whole government, but some of it 100% yes.
Thank you kind soul, that really brightened up my day.
Absolutely
Can they update signal so you don’t have to use a phone number?
They have updated it so that you don’t need to use your phone number as the identifier you share with other people so that they can message you. You can now give out a username and your new contact will not be able to learn your phone number.
As for Signal itself knowing what your phone number is, I don’t see that as much of a problem, because they intentionally don’t know anything useful about you. They publish redacted subpoenas and their responses so you can see just how little data they can provide. They don’t know who your contacts are so there’s no social graph to be drawn.
Notably, this device-linking concept of operations has proven to be a low-signature form of initial access due to the lack of centralized, technology-driven detections and defenses that can be used to monitor for account compromise via newly linked devices; when successful, there is a high risk that a compromise can go unnoticed for extended periods of time.
Well, hopefully that gets fixed soon.
I saw elsewhere that Signal has already addressed this problem and issued an update. If your app is up to date as of now, you should be good to go.
Has anyone on Graphene had their signal app want to auto update outside of aurora or F-droid?? My signal app the other day had 2 seperate a few days apart updates from the app itself, outside of both stores. Sketches me out still. How can I make sure it has not been compromised?
Try Molly instead which is a hardened fork of Signal. Molly uses the same servers and is transparent to the operator.
You can install Molly through F-Droid or Accrescent.
