this post was submitted on 26 Mar 2025

837 points (99.5% liked)

politics

22630 readers

3619 users here now

Welcome to the discussion of US Politics!

Rules:

Post only links to articles, Title must fairly describe link contents. If your title differs from the site’s, it should only be to add context or be more descriptive. Do not post entire articles in the body or in the comments.

Links must be to the original source, not an aggregator like Google Amp, MSN, or Yahoo.

Example:

Articles must be relevant to politics. Links must be to quality and original content. Articles should be worth reading. Clickbait, stub articles, and rehosted or stolen content are not allowed. Check your source for Reliability and Bias here.
Be civil, No violations of TOS. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
No memes, trolling, or low-effort comments. Reposts, misinformation, off-topic, trolling, or offensive. Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.
Vote based on comment quality, not agreement. This community aims to foster discussion; please reward people for putting effort into articulating their viewpoint, even if you disagree with it.
No hate speech, slurs, celebrating death, advocating violence, or abusive language. This will result in a ban. Usernames containing racist, or inappropriate slurs will be banned without warning

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.

That's all the rules!

Civic Links

• Register To Vote

• Citizenship Resource Center

• Congressional Awards Program

• Federal Government Agencies

• Library of Congress Legislative Resources

• The White House

• U.S. House of Representatives

• U.S. Senate

Partnered Communities:

• News

• World News

• Business News

• Political Discussion

• Ask Politics

• Military News

• Global Politics

• Moderate Politics

• Progressive Politics

• UK Politics

• Canadian Politics

• Australian Politics

• New Zealand Politics

founded 2 years ago

MODERATORS

outrageousmatter@lemmy.world

aidan@lemmy.world

jordanlund@lemmy.world

little_cow@lemmy.world

Theonetheycall1845@lemmy.world

JuBe@lemmy.world

Lasherz12@lemmy.world

837

The Atlantic releases the entire Signal chat showing Hegseth's detailed attack plans against Houthis (apnews.com)

submitted 1 week ago by anon593839@lemmy.world to c/politics@lemmy.world

114 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] TheTechnician27@lemmy.world 18 points 1 week ago* (last edited 1 week ago)

I think the description of vulnerability is subjective in this case.

No, it really isn't. The Signal protocol enables E2EE, meaning you don't have to worry about the server infra (that is, even if you don't buy that they're using the FOSS server code they say they are, it's irrelevant). The Signal protocol is open and has been examined forwards and backwards over and over by security researchers around the world. I can't emphasize how many eyes are on this protocol because of how prolifically used it is, including by government officials worldwide. The app is FOSS, and like the protocol, it has a ton of eyes on it for the same reason. The app is a reproducible build, meaning that if Signal baited you with a fake app, it would be found out immediately.

It could be that signal is inherently more vulnerable than official channels, as Signal is a private corporation that has no motivation to disclose any failures in their security.

They're a corporation, sure, but in the sense that they're a 501(c)(3), not a for-profit. Signal would have every incentive to disclose a failure in "their security" (where here that means their app or the protocol; again, what's happening on the servers literally, provably, mathematically doesn't matter). For a privacy org like this, it's in their best interest to immediately report any problems that might compromise privacy.

I don't think the article is trying to blame Signal in any way, it's just not the proper communication channel

Agreed. But here, I agree it's not the proper channel 1) because it's on their personal devices which the person you're responding to clearly stated and 2) a Signal chat (likely intentionally on their part) bypasses crucial records keeping laws. A known vuln for example is if someone has access to your phone, they can link their own personal device and read your messages as they come up. But again, that requires access to your phone, which becomes problematic if and only if you're using your own personal device rather than a secure government one.

and thus utilizing it is an inherent vulnerability no matter how secure their encryption may be.

No. Again, that's not an inherent vulnerability. Using it on their personal devices is, but unless you can come up with a vulnerability in the app itself or the protocol itself, then you're just agreeing with the person you're replying to.