How in the fuck are people actually defending signal for this, and with stupid arguments such as windows is compromised out of the box?
You. Don’t. Store. Secrets. In. Plaintext.
There is no circumstance where an app should store its secrets in plaintext, and there is no secret which should be stored in plaintext. Especially since this is not some random dudes random project, but a messenger claiming to be secure.
Edit: “If you got malware then this is a problem anyway and not only for signal” - no, because if secure means to store secrets are used, than they are encrypted or not easily accessible to the malware, and require way more resources to obtain. In this case, someone would only need to start a process on your machine. No further exploits, no malicious signatures, no privilege escalations.
“you need device access to exploit this” - There is no exploiting, just reading a file.
Isn’t Ubuntu Pro basically just an extended support for a set of universe packages for their LTS versions and free for private use?
How is making enterprises pay for extended LTS because of corporate no-update-just-insert-coin mentalities even remotely close to ransomware?
Like I get everyone who doesn’t like Ubuntu for various reasons, but this sounds completely dumb to me.