According to Elon Musk, Signal has "known vulnerabilities that are not being addressed"

jerm · May 8, 2024, 1:14pm

He obviously lack any proof to back it up, or read some political article about Signal.

But it is true that Signal have known vulnerabilities that are not being addressed

github.com/signalapp/Signal-Desktop

Remove --no-sandbox from Linux builds for better security

signalapp:main ← zx2c4-forks:development

opened 12:48AM - 26 Jun 20 UTC

zx2c4

+0 -13

### Contributor checklist: - [X] My contribution is **not** related to transl…ations. _Please submit translation changes via our [Signal Desktop Transifex project](https://www.transifex.com/signalapp/signal-desktop/)._ - [X] My commits are in nice logical chunks with [good commit messages](http://chris.beams.io/posts/git-commit/) - [X] My changes are [rebased](https://medium.freecodecamp.org/git-rebase-and-the-golden-rule-explained-70715eccc372) on the latest [`development`](https://github.com/signalapp/Signal-Desktop/tree/development) branch - [ ] A `yarn ready` run passes successfully ([more about tests here](https://github.com/signalapp/Signal-Desktop/blob/master/CONTRIBUTING.md#tests)) - [X] My changes are ready to be shipped to users ### Description Remove --no-sandbox from Linux builds for better security Including `--no-sandbox` explicitly reduces security and is very much not recommended by upstream Electron project. This commit removes that part of the patch. Some folks will experience issues because their kernels don't have user namespaces and because that patch also disables the suid sandbox. You have two options for that: shift the burden to package managers to enable the suid bit on the suid sandbox, so that ones without user namespaces can choose to do that, or simply reenable it. Either way, shipping with --no-sandbox is irresponsible. CC @trevp-signal

No sandbox on Linux

Shit Sealed Sender implementation.

Relying on SIM to sign up is always an attack vector How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Topic		Replies	Views
Signal Blog: Quantum Resistance and the Signal Protocol Privacy	1	660	September 22, 2023
Reflecting on Signal after their recent actions Off Topic software	13	883	November 10, 2024
Signal app stores more data than shown in Government Requests Privacy	11	1344	August 16, 2024
A few questions about Signal Questions	5	413	June 17, 2024
Signal bugs Privacy	2	399	February 17, 2024

According to Elon Musk, Signal has "known vulnerabilities that are not being addressed"

Related topics