>Yes. Signal's only selling point is privacy. Both of these bugs are huge privacy breaches that kill its value proposition.
Absolutely agree. However, you should always look at the bigger picture
a) How was the issue handled? What was the priority? Did they try to downplay it? Was the type of vulnerability patched altogether?
b) If a) merits for change, what's the alternative that has better overall security, UX, existing userbase, and track record.
Personally, I'd rather take a product with good public incident handling track record, than one without anything on public record.
>One of the main worries with companies having access to your unencrypted private data is that no matter how careful they are with it, it can still end up in the wrong hands. Signal is directly sending your data into the wrong hands.
Categorical label of "wrong hands" is unnecessarily ominous. Company with access to your private data can lead to that data being sold, or stolen by nation states / organized crime. You sending nudes / sensitive documents to your friend on Signal is less dangerous, although it can be much more embarrassing. Your peer probably isn't going to sell it to the highest bidder (or was it the case the recipient could be any Signal user? IIUC that was not the case)
Absolutely agree. However, you should always look at the bigger picture
a) How was the issue handled? What was the priority? Did they try to downplay it? Was the type of vulnerability patched altogether?
b) If a) merits for change, what's the alternative that has better overall security, UX, existing userbase, and track record.
Personally, I'd rather take a product with good public incident handling track record, than one without anything on public record.
>One of the main worries with companies having access to your unencrypted private data is that no matter how careful they are with it, it can still end up in the wrong hands. Signal is directly sending your data into the wrong hands.
Categorical label of "wrong hands" is unnecessarily ominous. Company with access to your private data can lead to that data being sold, or stolen by nation states / organized crime. You sending nudes / sensitive documents to your friend on Signal is less dangerous, although it can be much more embarrassing. Your peer probably isn't going to sell it to the highest bidder (or was it the case the recipient could be any Signal user? IIUC that was not the case)