Community Notes Viewer

2024-07-06 01:52:34
NNN. Recently, a vulnerability was discovered in Signal’s desktop client where the encryption keys were stored on a user’s computer in plain text. This vulnerability goes back to at least 2018. [Link]
NEEDS_MORE_RATINGS(7-0-1)
Author

2024-07-06 15:59:46
NNN, while Signal does store messages encrypted on the disk, the encryption key is stored in plaintext, defeating the purpose of the encryption. [Link]
NEEDS_MORE_RATINGS(2-0-1)
Author

2024-07-07 13:35:10
It's unclear what is meant by "known vulnerabilities", however Signal denies this: [Link] Signal's software is documented and open-source, allowing for anyone to verify these claims: [Link] [Link] Signal's latest software versions have no known vulnerabilities in the CVE system: [Link] [Link]
NEEDS_MORE_RATINGS(0-1-1)
Author

2024-07-07 15:46:49
Signal's desktop apps encrypt local chat history with a key stored in plain text and made accessible to any process. This leaves users vulnerable to exfiltration. Although, the issue was reported in 2018, it still hasn't been addressed.
NEEDS_MORE_RATINGS(1-0-1)
Author

2024-07-09 13:27:38
Note not needed. Multiple developers found the desktop app "keeps the data in a directory accessible to any process. No elevated access is required, no password, no sudo" [Link]
NEEDS_MORE_RATINGS(1-0-1)
Author