Post by joernchen :cute_dumpster_fire: (@joern@threatactor.club)

I smell quite some FUD about the alleged Signal 0day.

The recommendation is to turn off link previews, however link previews are generated on the sender side. Just tested, with link previews turned off you’ll still receive them from a device that sends those.

I think this would mean either:

Turning off link previews isn’t a sufficient mitigation

or

The vuln is triggering on the sender side that means someone needs to convince you to create a message containing a malicious link

or

The whole thing is fake and just a nice troll

Open thread

nathan fain @nat@kitty.town

@joern have you heard ANYTHING from a knowledgeable source? because I've only been getting it through activist circles which makes me think its some false flag or a well intentioned privacy suggestion (don't reveal your IP, turn off previews) that turned into its own monster

Open thread

joernchen

@joern

@nat only rumours so far

Open thread