I don’t know if I’m opening a can of worms here, and I’m still trying to backtrack a lot of history where I was tuning everything out. I keep seeing random swipes at Signal (or the representatives (?)), and I was wondering whether they are founded or just lies.Is it another situation like Lemmy where we just “take the technology and move on”? Thanks!
Your encryption key is stored ON-DEVICE. Not in “the cloud”.
In fact, they just had a big hullabalu about the encryption key being stored in plain-text on their desktop client, which they’ve now resolved.
They now use https://www.electronjs.org/docs/latest/api/safe-storage on the desktop client.
Both on device and in the cloud.
https://signal.org/blog/secure-value-recovery/
That is why when you switch phones and register again with signal using your “pin”, you can send messages to your contacts without your verification number changing.
What the hell, that makes it completely useless?
https://github.com/signalapp/SecureValueRecovery2
The method has changed since that blog post.
So you are correct about it being stored in the cloud - they also seem to take much better care of it there, but when it’s on someone elses server, your point stands - they can SAY they do anything. There’s no way to actually test that. So thanks for the correction.
Anytime, I love it when lemmy is a collaborative space!