Signal should change this, but it’s typical of the traditional desktop OS security model in which applications running under the user’s account are considered trustworthy. Security-oriented software like Signal should take a more hardened approach, but this is not some glaring security hole.
as Electron has no integration with the rest of the system,
You pretty much can use Electron to build an application and use native OS-specific features. It only requires thinking about it and a bit of work, but technically isn’t much harder to do than with anything else. And there are some things useful in windows for that, based on user login credentials.
But ultimately, if the developers didn’t care about doing that, it won’t happen, regardless of them using Electron or writing fully native apps.
I told the guy I buy a certain thing that should be legal in this state from that trusting Signal is a bad idea and he should use some coded language if we were going use it. I do anyway, but I doubt that matters.
Researchers were able to clone a user’s entire Signal session by copying the local storage directory, allowing them to access the chat history on a separate device
This has actually been useful for me in the past when reinstalling my OS lmao. In an ideal world we could reverify by entering a code from our phones to unlock the desktop local storage after moving it. My biggest wish for Signal is more seamless message history movement across devices and ecosystems. Fuck even proper back ups would be nice.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
Signal should change this, but it’s typical of the traditional desktop OS security model in which applications running under the user’s account are considered trustworthy. Security-oriented software like Signal should take a more hardened approach, but this is not some glaring security hole.
I mean if somebody has physical access and is logged in they have your data anyways right?
deleted by creator
removed by mod
You pretty much can use Electron to build an application and use native OS-specific features. It only requires thinking about it and a bit of work, but technically isn’t much harder to do than with anything else. And there are some things useful in windows for that, based on user login credentials.
But ultimately, if the developers didn’t care about doing that, it won’t happen, regardless of them using Electron or writing fully native apps.
Storing stuff as plain text is so hot right now.
Am I missing something? Hasn’t this been known for years now? I think they previously commented on this before.
deleted by creator
According to the article there is a pull request which should fix it.
I told the guy I buy a certain thing that should be legal in this state from that trusting Signal is a bad idea and he should use some coded language if we were going use it. I do anyway, but I doubt that matters.
deleted by creator
I hate hearing shit like this. What are they thinking?
deleted by creator
This has actually been useful for me in the past when reinstalling my OS lmao. In an ideal world we could reverify by entering a code from our phones to unlock the desktop local storage after moving it. My biggest wish for Signal is more seamless message history movement across devices and ecosystems. Fuck even proper back ups would be nice.