Question: how can they even claim it’s e2ee if they also claim to log all the messages? Or is the claim that they log the messages in encrypted form? In which case any client(s) with the only copy of the keys could delete them, making the logs useless.
how can they even claim it’s e2ee if they also claim to log all the messages?
Who are the various "they"s in that question?
Signal claims that if you use the Signal app, it’s end-to-end encrypted. The Trump admin was using an unofficial Signal-compatible app TM SGNL which probably didn’t make those claims. And, Signal definitely never claimed that TM SGNL was end-to-end encrypted. In fact, it’s likely TeleMessage violated the copyrights and trademarks belonging to Signal with their app.
But, in the end, the messages were still technically end-to-end encrypted. It’s just that as soon as the messages arrived at one of those ends, they were sent to TeleMessage who archived them unencrypted in AWS. It’s still end-to-end encrypted, it’s just that one of those ends is incredibly leaky.
Yeah. The level of incompetence is impressive. Full data and metadata for all customers all dumped together in one datastore, stored in the clear in AWS.
“The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.”
…
"The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia."
…
"“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. "
Question: how can they even claim it’s e2ee if they also claim to log all the messages? Or is the claim that they log the messages in encrypted form? In which case any client(s) with the only copy of the keys could delete them, making the logs useless.
Who are the various "they"s in that question?
Signal claims that if you use the Signal app, it’s end-to-end encrypted. The Trump admin was using an unofficial Signal-compatible app TM SGNL which probably didn’t make those claims. And, Signal definitely never claimed that TM SGNL was end-to-end encrypted. In fact, it’s likely TeleMessage violated the copyrights and trademarks belonging to Signal with their app.
But, in the end, the messages were still technically end-to-end encrypted. It’s just that as soon as the messages arrived at one of those ends, they were sent to TeleMessage who archived them unencrypted in AWS. It’s still end-to-end encrypted, it’s just that one of those ends is incredibly leaky.
oh… mygod.
Yeah. The level of incompetence is impressive. Full data and metadata for all customers all dumped together in one datastore, stored in the clear in AWS.
“The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.”
…
"The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia."
…
"“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. "
"I’ll just put this together as proof of concept. I’ll look at security later.
Okay great, it works, now no need to ever touch it again."
I don’t know how they claim that would work. But it’s important to note that only telemessage makes that claim, not signal.