The FBI had to disclose their operation at some point for legal reasons. Russian or Chinese APTs are not bound by such rules. How do we know that they haven’t compromised some encrypted messengers already and are reading all communications?
And with Signal making rather questionable crypto decisions lately, how do we know who is currently pulling the strings there?
@WPalant FWIW, Mudge continuing to work there is a decent canary. It's not that he wouldn't work with feds, but he would absolutely walk before agreeing to knowingly weaken something to make anyone other than users' lives easier
Of course he could still be duped and make mistakes, but he has a solid history of giving the finger to anyone trying to pull his strings
A Mastodon instance for info/cyber security-minded people.