Signal under fire for storing encryption keys in plaintext

Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application. Researchers and app users are raising

You're viewing a single thread.

48 comments

on desktop devices

Kinda should have been in the headline
- It is a super important detail, but it's still unforgivable for an app that expects privacy to be part of its brand identity.
  
  unforgivable
  
  yeah absolutely agreed
  
  This is a big difference between privacy and security.
  
  Agreed
  
  But you can't have privacy without security, and any privacy brand must have security in their bones.
  
  You can't encrypt anything without a key. This is the key. If it wasn't in plaintext then it would be encrypted. Then you'd need a key for that. Where do you put it?
  
  Phone OSs have mechanisms to solve this. Desktop ones do not.

You've viewed 48 comments.