Also saddened that Signal has this large remote attack surface due to limitations in WebRTC. https://bugs.chromium.org/p/project-zero/issues/detail?id=1936 …
-
-
I would love to reduce the attack surface here however I can. Afaict, the same attack surface you’re concerned about in Signal is present at the OS/Play level for every Android user by default. I’m asking if you all did something to secure that which we can apply to Signal.
-
I don’t know much about Duo (though it’s next on my list now), but I don’t think it’s default-on for every Android user. Don’t people have to at least open the app once and sign in before other users can start RTP sessions with them?
- 3 more replies
New conversation -
-
-
I had to resort to an extension to prevent chrome from leaking my internal ip via webrtc. Wish I could’ve disabled that. I desire it.
-
Off-topic, but we fixed this several weeks ago through a new mechanism for handling IP addresses. You shouldn't need the extension anymore.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
