top | item 42782116

(no title)

I just sent a feature request[1] to Signal with the following text:

    I understand that Signal does not consider this
    https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 to be
    a valid security bug, but it would be helpful to at least be able to
    mitigate it.

    Please add an option in settings to disable automatically downloading
    attachments.

    That should be enough to change the attack from 0-click (just opening the
    conversation) to 1-click (click the attachment). Most people won’t care
    about this, but for some every little bit of privacy is important.

[1]: https://support.signal.org/hc/en-us/requests/new

discuss

LWIRVoltage|1 year ago

Hold on, someone else in this thread noted this does exist

" You can disable the auto-download. Settings > Data and storage > Media auto-download, you can choose what to auto download for mobile data/wifi/roaming."

So, that part is there, but my question is, it's still aissue when they manually download the image, right? Unless something never accepts images from someone they aren't expecting, who 's number or unique created ID has never been seen before

danielparks|1 year ago

Oh, nice. I looked under Settings > Privacy and didn’t see anything. For me it was under Settings > Data Usage.

Yes, this still an issue if you manually download an attachment, but that’s a lot better than automatically when you open a conversation.