Has anyone on Graphene had their signal app want to auto update outside of aurora or F-droid?? My signal app the other day had 2 seperate a few days apart updates from the app itself, outside of both stores. Sketches me out still. How can I make sure it has not been compromised?
Try Molly instead which is a hardened fork of Signal. Molly uses the same servers and is transparent to the operator.
You can install Molly through F-Droid or Accrescent.
Can they update signal so you don’t have to use a phone number?
They have updated it so that you don’t need to use your phone number as the identifier you share with other people so that they can message you. You can now give out a username and your new contact will not be able to learn your phone number.
As for Signal itself knowing what your phone number is, I don’t see that as much of a problem, because they intentionally don’t know anything useful about you. They publish redacted subpoenas and their responses so you can see just how little data they can provide. They don’t know who your contacts are so there’s no social graph to be drawn.
In depth review validating the credibility of Signal’s encryption by a Security Engineer who specializes in encryption.
Reviewing the Cryptography Used by Signal by Soatok
The bottom line was in total, no vulnerabilities were found.
Just be sure to not use the default keyboard on your phone, use one that never connects to the internet.
I’d recommend the FUTO keyboard.
What are your thoughts on HeliBoard compared to FUTO?
Personally I’ve never used HeliBoard but from the surface level digging I’ve done it looks pretty similar and is chasing the same goal as FUTO: a good fully offline keyboard app.
I heard about FUTO and tried it’s “voice to text” function and was impressed so I’ve stuck with it. This function for it is also fully offline vs the default GBoard which sends that voice data to Google to store indefinitely.
Nice, I used Heliboard with Futos voice to text.
Fair enough. I tried HeliBoard because it was recommended and stuck with it. I don’t use voice to text, but got swipe texting to work on HeliBoard
Notably, this device-linking concept of operations has proven to be a low-signature form of initial access due to the lack of centralized, technology-driven detections and defenses that can be used to monitor for account compromise via newly linked devices; when successful, there is a high risk that a compromise can go unnoticed for extended periods of time.
Well, hopefully that gets fixed soon.
I saw elsewhere that Signal has already addressed this problem and issued an update. If your app is up to date as of now, you should be good to go.
Is the US government now a “Russia-aligned threat actor” too? Just wondering.
Not the whole government, but some of it 100% yes.
Thank you kind soul, that really brightened up my day.
if you ask me, yes
Figure they’ve penetrated telegram or someone and are trying to drive people to use compromised messaging? Idk but when Russia and Musk both target Signal that makes me think I should be using it. (But maybe that’s the play lol.)
The FBI, before Trump and Musk got their grubby little claws into it, warned everyone in the US to switch to E2EE messaging, and they explicitly mentioned Signal by name as one of several options.
This was/is due to the still-ongoing Salt Typhoon hack, and if the government is telling people they need to hide their info—an entity with agencies and bills set up to spy on its citizens— it’s probably something everyone should be doing yesterday.
So yes, you should be using Signal, SimpleX, a Matrix client, etc.
FBI big mad their backdoors got exposed and it is not a security risk…
It’s a phishing campaign. Update signal and don’t give strangers your details. Also the windows desktop app sucks. Due to windows being insecure.
Yep this is, at least so far, a “the bastards can’t crack in from the outside so they’re trying to get you to hand over your account.”
Mildly reassuring but clickbait titles gonna clickbait.
