Hacker News new | past | comments | ask | show | jobs | submit login

> we were able to get a fix out very quickly.

Is 6 months really what Signal considers quick for a bug that leaks private data?




Selective quoting?

"As soon as we were able to pick up a scent, it was all we worked on, and we were able to get a fix out very quickly."


It's not at all selective. This should have been "all they worked on" from the moment they got several confirmations, not from the moment people beat them over the head with data. If they couldn't fix it they should have pulled the app.

This is a company that aggressively markets itself to people needing privacy, and mistakes can ruin lives. And before you say it, they have tens of millions of dollars in funding.


Well yes, maybe they should have put more people on it, from day one. But even though they have solid funding, doesn't mean they can throw it out the window.

And non reproducible bugs can be hard, even when you throw money at them.

But your quote was almost a textbook example of selective quoting, because you said, that they said they did a quick fix, when it really took over 6 months. But they did not say this - they said "once they pick up the scent" they delivered a quick fix. This is something very different.


"But even though they have solid funding, doesn't mean they can throw it out the window."

This is a product which is advertised as private, marketed extensively toward people requiring privacy. Knowing they're accidentally sending images to the wrong people is a HUGE, priority 1 problem.


"Knowing they're accidentally sending images to the wrong people is a HUGE, priority 1 problem."

It is. But I have no insight in all the other problems and bugs they have. Do you? There is never a guarantee of total safety. So focusing all the ressources on one problem that happens extremeley rarely and miss out a bigger problem, that affects millions? But I don't know if this was the case here. Might also be neglect or not wanting to spread the image of Signal as being non-secure, while in a path of growth.


Does it change anything tho? They prolonged investigating this issue for months and only put mayor work behind it when they "pick[ed] up a scent on it". Although they knew about it from day one (one Signal staff replied on the same day the issue was posted).




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: