A response to recent reporting in Germany, in service of clarity and accountability:

@nuk3 @signalapp I wonder what issue they have with Matrix?! They could just spin up their own sever.

@davep @ahltorp @jtb Typically, I'd agree. But these accounts are some of the highest politicians in Germany. I don't believe it's unreasonable to hold them to higher standards than the average user. They handle confidential stuff. Their decisions and actions concern tens of millions of people.

A response to recent reporting in Germany, in service of clarity and accountability:

First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. 1/

@davep @ahltorp @jtb Typically, I'd agree. But these accounts are some of the highest politicians in Germany. I don't believe it's unreasonable to hold them to higher standards than the average user. They handle confidential stuff. Their decisions and actions concern tens of millions of people.

@stairjoke

As far as I know, the Bundeswehr already uses matrix

We understand the trust that people put in Signal, and how devastating this kind of social engineering can be. While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams. 7/

@energisch_ @signalapp with e2ee?

@jtb @stagerabbit @ahltorp @davep @signalapp Banks and others regularly call me up and ask me to identify myself to them, ie give the unknown caller my credentials. And cannot see the problem in training their customers to comply.

@EarthOrgUK @jtb @ahltorp @davep @signalapp Both my life insurance company and my overseas bank want me to send copies of my passport and proof of address over unencrypted email. When I complain, they say I should password protect the file and send the password in a separate unencrypted email to the same address.

Even if I find a way to send it securely, based on this, I doubt they store it securely.

@MFennVT @signalapp uncheck pin reminder in setting accounts.

For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock). 8/

@GOKUSHRM @MFennVT @signalapp why would you want to do that?

@stagerabbit @ahltorp @davep @signalapp ok i withdraw my remark as I didn't see the dialog. If it said "verify pin" someone might have done that without thinking

@EarthOrgUK @jtb @ahltorp @davep @signalapp Both my life insurance company and my overseas bank want me to send copies of my passport and proof of address over unencrypted email. When I complain, they say I should password protect the file and send the password in a separate unencrypted email to the same address.

Even if I find a way to send it securely, based on this, I doubt they store it securely.

@stagerabbit @EarthOrgUK @jtb @ahltorp @signalapp
That is awful practice.

@davep @EarthOrgUK @jtb @ahltorp @signalapp We're talking about the sector that holds our life savings and limits passwords to 8-12 alpha numeric characters and until recently no form of 2FA. Not sure why this surprises you. (If this isn't the case elsewhere, it's still the case in Japan, where I live. Not super impressed by my Canadian banks either, tbh.)

A response to recent reporting in Germany, in service of clarity and accountability:

First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. 1/

For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock). 8/

@skaphle @olliausstuhr @signalapp @Chantology
Nice strawman, but I did not claim any immunity against scams. I explicitely said, I just don't had the influence to frame it as a hack, if it happened.

Is there any OFFICIAL statement in GERMAN?

@signalapp