233
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative (www.theregister.com)
submitted 1 week ago by throws_lemy@reddthat.com to c/technology@lemmy.world
48 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] XLE@piefed.social 44 points 1 week ago

mSzyfr was touted by the government as "the first secure instant messenger fully under Polish jurisdiction."

It does, however, rely on multi-factor authentication (MFA) provided by US megacorps. Microsoft is the recommended option...

Why?

users [can] retain access to messages even after logging out of the platform

This sounds great. Nothing bad could happen here. I'm sure the people developing this are competent.

An FAQ document for mSzyfr states that the messenger is built with a privacy-by-design philosophy, and explicitly notes that neither WhatsApp nor Signal fits this description.

Extremely competent, saying Signal is not private by design.

[-] HailHydra@infosec.pub 13 points 1 week ago* (last edited 1 week ago)

Extremely competent, saying Signal is not private by design.

While very disingenuous, it's not technically incorrect.

Signal is secure by design, and is extremely good at that with a very well designed and vetted cryptographic protocol.

But privacy isn't one of their primary goals, nor should it if it comes at the cost of security; for example, for the longest time you needed to share your phone number with everyone you wanted to talk to, and everyone in every group chat you are a part of could see it.

[-] XLE@piefed.social 4 points 1 week ago

Really?! Based on their website, I'd say privacy is their primary goal, and personally I'd say they've done a great job at it

[-] fullsquare@awful.systems 7 points 1 week ago* (last edited 1 week ago) 
users [can] retain access to messages even after logging out of the platform

This sounds great. Nothing bad could happen here. I’m sure the people developing this are competent.

the article says:

Further, if users want to retain access to messages even after logging out of the platform, they must set up a recovery key, which the installation manual suggests storing in a password manager.

this is standard matrix thing. if you log out of matrix and don't do that, you're greeted with Unable to decrypt message after next login. this is because it's on-prem matrix instance (or instances) with mandatory 2fa (freeotp is an option) and registration process tying matrix identity to national id, and it's intended only for public administration internal use. you can't just walk up and register you have to work there, and as their threat model is about phishing, this does make sense

this post was submitted on 18 May 2026
233 points (99.2% liked)

Technology

84965 readers
3988 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws