Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://troet.cafe/users/pixelschubsi/statuses/113999846291269859">pixelschubsi (pixelschubsi@troet.cafe)'s status on Friday, 14-Feb-2025 11:24:50 JST</a><a href="https://troet.cafe/@pixelschubsi" title="pixelschubsi@troet.cafe"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="pixelschubsi" style="position: absolute; left: 0; top: 0;">pixelschubsi</a><div><a href="https://hachyderm.io/@dalias/113999748481227961" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/38311" title="lauren@mastodon.laurenweinstein.org">Lauren Weinstein</a></li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li><li><a href="https://gnusocial.jp/user/137163" title="monocles@monocles.social">monocles</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://infosec.space/@kkarhan">@kkarhan</a> <a href="https://mastodon.world/@signalapp">@signalapp</a> <a href="https://monocles.social/@monocles">@monocles</a> <a href="https://mastodon.laurenweinstein.org/@lauren">@lauren</a> </p><p>Some people like to make bold statements without verifying first.</p><p>The server *can* do malicious things (even targeted, so it maybe already is happening without anyone known) that result in exactly an "undetected breakage of privacy properties". Here's an issue about this, closed with the comment that privacy features are only best-effort with no guarantee: <a href="https://github.com/signalapp/Signal-Android/issues/13842" rel="nofollow noreferrer">https://github.com/signalapp/Signal-Android/issues/13842</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4562328#notice-8932051">In conversation</a><time datetime="2025-02-14T11:24:50+09:00" title="Friday, 14-Feb-2025 11:24:50 JST">about 3 months ago</time> <span>from <span><a href="https://troet.cafe/@pixelschubsi/113999846291269859" rel="external" title="Sent from troet.cafe via ActivityPub">troet.cafe</a></span></span><a href="https://troet.cafe/@pixelschubsi/113999846291269859">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/signalapp/Signal-Android/issues/13842">Signal silently falls back to "unsealed sender" messages if server returns 401 when trying to send "sealed sender" messages · Issue #13842 · signalapp/Signal-Android</a></h5><div></div></header><div>Guidelines I have searched searched open and closed issues for duplicates I am submitting a bug report for existing functionality that does not work as intended This isn't a feature request or a di...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
pixelschubsi (pixelschubsi@troet.cafe)'s status on Friday, 14-Feb-2025 11:24:50 JSTpixelschubsi
in reply to
@dalias @kkarhan @signalapp @monocles @lauren
Some people like to make bold statements without verifying first.
The server *can* do malicious things (even targeted, so it maybe already is happening without anyone known) that result in exactly an "undetected breakage of privacy properties". Here's an issue about this, closed with the comment that privacy features are only best-effort with no guarantee: https://github.com/signalapp/Signal-Android/issues/13842
In conversationabout 3 months ago from troet.cafepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Signal silently falls back to "unsealed sender" messages if server returns 401 when trying to send "sealed sender" messages · Issue #13842 · signalapp/Signal-Android
  Guidelines I have searched searched open and closed issues for duplicates I am submitting a bug report for existing functionality that does not work as intended This isn't a feature request or a di...

Public

Embed Notice

HTML Code

Corresponding Notice