Technology @lemmy.world Sunshine (she/her) @lemmy.ca 3d ago

Signal no longer cooperating with Ukraine on Russian cyberthreats, official says

therecord.media Signal no longer cooperating with Ukraine on Russian cyberthreats, official says

The encrypted messaging app Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyberthreats, a Ukrainian official claimed, warning that the shift is aiding Moscow’s intelligence efforts.

Buy European @feddit.uk Bondar @lemmy.world 2d ago

This is why you go European even if the company is open-source

therecord.media /signal-no-longer-cooperating-with-ukraine

27 18

You're viewing a single thread.

60 comments

The app?
- The encrypted messaging app Signal
  
  Yes.
- Yes.
  
  Damn... Hmm are they part of the US government?
  
  The article explains everything. The gist is Russians are targeting Ukrainians with phishing attacks via Signal. There also is the suggestion they're exploiting the linked devices functionality, though I'm not sure how.
  
  Appreciate this, I don't click links lol
  
  Apparently if they can get you to scan some bogus qr code they can get you add their device to your account.
  
  Why signal not cooperating tho? Following us government?
  
  ...I don't click links...
  
  I strongly suggest doing so if you want to understand what the article is about
  
  Comment section is all I need
  
  Because they can't without backdooring the software? Just like they also refuse to co-operate with Swedish government and threatened to leave the market should Sweden try to force them.
  
  You know Russian spies can also use TOR onion routing and so on.
  
  As for phishing there is nothing Signal can do about someone scanning a signal contact sharing QR and adding it to their contracts list beyond informative "hey are you really sure, really really sure you want to add this contact". If user trusts someone they shouldn't, no amount of app policy protections help. Or maybe they manage to shish them to scan and approve "share account to another device". Again nothing Signal can do about that.
  
  As long as there's a clear confirmation dialog.
  
  Not sure. Might be political tension. Might be that phishing attacks are typically user error, and Signal feels like at a certain point it's not their responsibility. Hard to say beyond conjecture, and I didn't see a clear reason given in the article.
  
  That's not how anything works

60 comments