Signal3d ago

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.

Show threadSignal3d ago
These attacks, like all phishing, rely on social engineering. Attackers impersonate trusted contacts or services (such as the non-existent “Signal Support Bot”) to trick victims into handing over their login credentials or other information. To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app.
Show threadSignal3d ago

To protect people from such phishing, Signal actively warns users against sharing their SMS code and PIN.

We also want to emphasize that Signal Support will *never* initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal related code, it is a scam. We make this clear when users receive their SMS code during initial signup.

Show threadSam Izby3d ago

@signalapp

You should add the ability to sign up with email. I'm not sure that Russian users can log in with a code from SMS.

Show thread👊🇺🇸🔥
@izby @signalapp Email registration would turn Signal into a spam and bot cesspool like Twitter, Facebook, Instagram etc.
Mar 10 at 6:43pmWeb
Show threadSam Izby2d ago

@Avitus @signalapp

OK. What about WhatsApp or Telegram?

Show thread👊🇺🇸🔥1d ago

@izby @signalapp I don't really care what happens to them since I rarely use them. It would be better for everyone if the 3B people on WhatsApp and billion on Telegram also used Signal, but that's not currently the case.

WhatsApp has been Zucked since 2016. Constantly screaming about how private and secure it is while not being open-source means it's probably not secure or private, and even more so when it's a Facebook product.

Everything you do on Telegram is stored in plaintext by default on Telegram's servers, it has a long history of sketchy security, was created by a Russian billionaire, and has been banned, unbanned, and could be banned again in Russia. There was a report in October last year that Telegram is very likely an FSB Honeypot: https://rys.io/en/179.html#:~:text=The%20assumption%20seems%20to%20have%20always%20been,this%20is%20much%20less%20of%20a%20consideration.

I have WhatsApp and Telegram, but I don't do much on either but lurk in sports channels.

This is why I stick to Signal for all my communication. They don't have data to hand over because they don't collect it: https://signal.org/bigbrother/

Telegram is indistinguishable from an FSB honeypot

Many people who focus on information security, including myself, have long considered Telegram suspicious and untrustworthy. Now, based on findings published by the investigative journalism outlet ISt

Songs on the Security of Networks
Show threadSam Izby1d ago

@Avitus

What are you talking about and which of my arguments are you trying to argue with?

My position: registration by phone number is too dangerous and is not available in some regions where Signal is really needed.

Your position: registration by phone number saves you from tons of spam.

So I asked the question: did registering by phone number save you from spam on WhatsApp and TG?

What matters is how my counterargument influences your counterargument. That's how discussion works.

Show thread👊🇺🇸🔥1d ago

@izby Your pedantry is unwarranted and unappreciated, so I'm exiting this exchange after my next comment:

There was no way to know wtf you were even asking, so I responded as best I could. I've never had spam on Telegram, nor on WhatsApp. Have a good day.