> Even if you avoid MITM or other attacks, a message sent via Signal today [...]
That's not the threat model. The threat model is that Signal is a tiny LLC making an app on behalf of a foundation and open source software project. It's a small group of human beings.
Small groups of human beings can be coerced or exploited by state-level actors in lots of ways that can't feasibly be prevented. I mean, if someone walks up to you and offers $2M (or blackmails you with whatever they found in your OneDrive, etc...[1]) to look the other way while you hand them your laptop, are you really going to say no to that keylogger? Would everyone?
At scale, there are auditing techniques to address this. The admins at e.g. github are (hopefully) not as vulnerable. But Signal is too small.
[1] Edit: Or, because let's be honest that's the scale we're playing at: straight up threatens to Novichok you or your family.
There’s a million threats. These are not particularly bright people. They are busy and not aware of or concerned with much beyond limiting their own accountability for when they inevitably get burned by their bosses.
You and I know that. So do the adversaries. The biggest issue for them is going to be not tripping over the intelligence collecting agencies (or corps) already on their devices.
That's not the threat model. The threat model is that Signal is a tiny LLC making an app on behalf of a foundation and open source software project. It's a small group of human beings.
Small groups of human beings can be coerced or exploited by state-level actors in lots of ways that can't feasibly be prevented. I mean, if someone walks up to you and offers $2M (or blackmails you with whatever they found in your OneDrive, etc...[1]) to look the other way while you hand them your laptop, are you really going to say no to that keylogger? Would everyone?
At scale, there are auditing techniques to address this. The admins at e.g. github are (hopefully) not as vulnerable. But Signal is too small.
[1] Edit: Or, because let's be honest that's the scale we're playing at: straight up threatens to Novichok you or your family.