This story being true or not, please internalize this; The state will not let us have mobile encrypted comms. period. (BIS was the last victim.)
Phones are all remote ownd.
We need simpler, p2p devices for sensitive conversations.
https://video.twimg.com/ext_tw_video/1696273294754775041/pu/vid/464x848/XLakT78CZ-og5f5m.mp4
nostr:note17gpw2pmugy0ymvgngs3ays3yh0xlu0wpnfg4vg8h0wa79a27knus5snynt Imagine if messaging apps supported Bitcoin message signing (very low lift), they could start offering tap sign with TAPSIGNER tomorrow for your more sensitive comms.
This still leaves us with the phone UI being comprised when it shows you the message. But, at lease you could remove the in-transit issues.
I don't think that pplication security/encryption is the issue. Rather the phone is comprimised by design (Google, Apple specific hardware and software) that allows for reading data before app encryption and decryption.
Once these "backdoors" exists, it is just a matter of time until government agencies gain access to it in some fashion.
Hence, US (home to Google and Apple and other systemic IT companies for that matter) does not seem too worried by end-to-end encryption, but other goverment are.
This really looks like an attack on his whole phone (Pegasus-like attack) or an Apple backdoor (assuming he uses iphone) they are known to cooperate with three-letters ag**cies) not a signal issue per se.
This.
I think at best, intel agencies get metadata off of the SGX enclosures on the contacts connecting algos. From there, with a #, they can target for full remote exploitation (via 0 clicks). Then simply collect while unencrypted.
I doubt Signal encryption is compromised.
For more secure comms, there's a new option around: https://www.numbersstation.app/
Colin's blog posts are right on spot.
The only secure comms are ones you build yourself from essential parts and audited code. The most secure comm is in-person and unrecorded, this is why things like satscard and ecash are necessary.
Privacy is essential for any commerce and any handling of intellectual property not just black or gray market transactions.
Any thoughts on SimpleX?
