On the other hand, #MLS includes "Group Integrity", which means that all members in a group see the same state. This means all members see the same list of members, same message transcript, same message order, etc. #Signal Protocol does not guarantee Group Integrity. I think this is an important property, but I wonder how much this was actually abused in the real world with other protocols? 3/
This is actually one of the most important improvements over the Signal protocol. The scalability is great, but from a pure security point of view, group integrity is the real news.
@rene_mobile In theory, it sounds great. I'm still curious to see how much it will affect real world communications. I haven't really heard about exploits to Signal's lack of Group Integrity.
I wonder if there would be a way to effectively detect comprises, though.
@rene_mobile I can't think of a technical measure to detect any compromise, but it would surely be possible to detect compromise using other evidence. For example, someone suspects foul play, they ask group members they trust to let their devices be forensically inspected. Then any differences between the group transcripts should be clear upon visual inspection, and probably provable based on an export of Signal history from the devices. This kind of investigation caught NSO's #Pegasus
@eighthave it is not about if it is abused or not but the ability to know if it is abused or not. Up to MLS, I could not trust any group chat...