A response to recent reporting in Germany, in service of clarity and accountability:

@expertenkommision_cyberunfall @signalapp To the first question: signal does not have access to your profile name or profile picture.

@davep @signalapp If they handed over verification code and pin then they would have to be seriously daft.

@signalapp I wonder what the motivation behind this attack is. There's no money to be made from stealing Signal accounts, except maybe by extortion.

@davep @signalapp If they handed over verification code and pin then they would have to be seriously daft.

@stagerabbit @ahltorp @davep @signalapp ok maybe, but banks are saying all the time not to give out pin even to bank staff.

@davep @signalapp If they handed over verification code and pin then they would have to be seriously daft.

@jtb Watch what you call the President of the German Parliament! /s

https://api.courthousenews.com/germany-launches-spying-probe-into-signal-attacks-targeting-lawmakers/

@davep @signalapp

For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock). 8/

@ahltorp @jtb @signalapp Indeed

@nuk3 @signalapp I wonder what issue they have with Matrix?! They could just spin up their own sever.

@davep @ahltorp @jtb Typically, I'd agree. But these accounts are some of the highest politicians in Germany. I don't believe it's unreasonable to hold them to higher standards than the average user. They handle confidential stuff. Their decisions and actions concern tens of millions of people.

A response to recent reporting in Germany, in service of clarity and accountability:

First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. 1/

@davep @ahltorp @jtb Typically, I'd agree. But these accounts are some of the highest politicians in Germany. I don't believe it's unreasonable to hold them to higher standards than the average user. They handle confidential stuff. Their decisions and actions concern tens of millions of people.

@stairjoke

As far as I know, the Bundeswehr already uses matrix

We understand the trust that people put in Signal, and how devastating this kind of social engineering can be. While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams. 7/

@energisch_ @signalapp with e2ee?

@jtb @stagerabbit @ahltorp @davep @signalapp Banks and others regularly call me up and ask me to identify myself to them, ie give the unknown caller my credentials. And cannot see the problem in training their customers to comply.

@EarthOrgUK @jtb @ahltorp @davep @signalapp Both my life insurance company and my overseas bank want me to send copies of my passport and proof of address over unencrypted email. When I complain, they say I should password protect the file and send the password in a separate unencrypted email to the same address.

Even if I find a way to send it securely, based on this, I doubt they store it securely.

@MFennVT @signalapp uncheck pin reminder in setting accounts.