Comment Re:Telegram founder bet isn’t slam dunk yet (Score 2) 36
> So headers are actionable?
It wasnt only headers, they had whole threads
There are many ways to get signal content, even outside the scope of cryptography:
* One traitor in the group simply shared all the communications
* They failed to exchange keys in person, got MITM'd by their phone company
* One person's phone had a backdoor app installed, or was remotely exploited, allowing someone to watch the screen remotely
* One person in the group failed to choose a good password (signal doesnt require it) and their phone was inspected at some point
The core problems with signal are not cryptographic. They are:
* Platform is a cell phone, which is unsecurable - especially vs government agencies. Even with lineage or some custom OS, there are enough firmware backdoors to count the platform as unsecurable
* Centralization, which quickly allows discovery of all groups and traffic analysis
* Use of phone numbers ties each account to an individual human identity
To actually stand a basic 101 chance of running a secure communications group you would need
* A secure platform, such as an airgapped linux machine, for each participant
* Decentralized communications channels, which is also anonymous
* Compartmentalized information, communications training, and even group membership