@dredmorbius@toot.cat@Dhmspector That thought had definitely occurred to me. I'd not been aware of and/or forgotten that Signal auto-deletes content, in violation of US gov't data retention laws.
Thanks.
@dredmorbius @Dhmspector @briankrebs the auto delete is an optional setting in signal. But signal is one of the more secure messengers available, end to end encrypted and without a possibility of a backdoor. I see why they'd use that.
@dredmorbius@Wolfi As I've seen discussed elsewhere, there are other problems presented:
Smartphones themselves are conspicuously insecure, and even the use of secure protocols and apps leaves other avenues of attack on the device open.
Signal apparently has provisions for sharing or forwarding conversations, and at least one of the discussion participants was in Russia at the time of the discussion, which ... raises further concerns.
Features which would be desirable for secure comms (e.g., ACLs, or ensuring that all members of a given discussion have specific security clearances) are missing from the app. If one could, say, issue invites to a group of people and only permit those with specific certifications / security clearances from participating, joining, or even being notified of the discussion the picture would be improved, though other issues (mentioned above or otherwise) could still present themselves.
Casual observations from public use / use outside SCIF could present information leaks.
OpSec is exceedingly poor here.