The developers of Signal are currently doing a user survey:
I told them that I really like the app but also that I would like:
a) Signal on @fdroidorg
b) a proper desktop client
c) no data stored in "secure enclaves"
Maybe you'd like to tell them, too?
I think that one of the biggest issues with #SecureEnclave|s is being forced to use them, @waterbear.
If they were optional, I would feel less uncomfortable using them. However, the current situation creates a compliance issue when using #Signal in a business environment in the EU, as the highest EU court has ruled that US servers cannot be considered #SafeHabour|s anymore
Think their use isnt as secure as signal suggests either. SGX isnt a secure enclave. Its using root-of-trust signing. If I'm not getting confused all Intel CPUs have keys that can do SGX attestations. If you keep one from getting updated, while watching for and examining any updates they get, may find a way in.
Alternatively just try hard to attack one, maybe an older, less secure design. Or an employee leaks the keys.
Theres a whole load of SGX exploits been developed
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!