this post was submitted on 26 Nov 2023
303 points (95.2% liked)

Privacy

31894 readers
627 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

When I press on some message to forward it, it shows me Random usernames of contacts I don't know. And it even shows some Mobile Numbers I don't know. For example, one number starts with +964 that's Iraq. I'm from Europe tho. These contacts and numbers are from all over the place.

Edit: This only happens on Signal Desktop. If I try to forward a message on Android it only shows my Contacts. And none of these unkown ones.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

This is super helpful, I may post this to infosec.exchange. Flathub makes this so much more difficult to find the reason for what looks like a real breach. I don't use Flathub for security reasons so I don't know if you can even isolate the PID? Anyone know?

I don't want you to have to spend a lot of time or troubleshoot over the web but if you see anything that stands out as "wow shouldn't be there/running" when you run these commands come back to us:

  1. ps the PID of Signal or secondarily, Flathub
  2. lsof -p PID
  3. strace
    • sudo strace -f -t -e trace=file -p PID
  4. sysctl kernel.randomize_va_space
    • pkill/killall Flathub/Signal and restart FH/Signal and see if it still presents the vulnerability