The title "Signal Desktop grants RCE to Signal developers" is clickbait. A less hyperbolic title would be "Signal Desktop offers no option to disable automatic updates"
As a user, I prefer to be notified of updates and given an opportunity to not update or postpone it (the latter is possible with the former by just declining).
One point that doesn’t seem to be considered so far in the comments is that updates, at least on the desktop, can be heavy in terms of size. How can a software developer (even that of a free one) decide unilaterally to force an update on the user without knowing what connection the user is using, the cost of downloads, how slow it is and how this auto-update affects other important things the user may be in the midst of? Some security patches may be critical and require an urgent update, but it’s certainly not all updates that would be so. If Signal thinks of itself as the private and secure platform for people who are struggling against systems in which they live, this must be a big consideration for the application.
Signal advertises itself as secure software or security focused software. So it’s also of utmost interest for at least some users to know what’s coming in an available update before the update is downloaded.
This is about user freedom. I hope the Signal developers take this issue with the right perspective and solve it.
This isn't a bug, this is a request to change behavior.
Ignoring the snarky tone of the author, this request hits at a fundamental compromise we make when using computers: We have to trust the software we run. there's no reasonable way for us to manually review every line of code that's running on our computer.
Should Signal make this change? I personally don't see how allowing users to manually disable automatic updates makes a product any more secure. We normally consider installing updates periodically part of good security, so disabling what is considered a good security practice in order to have security just seems like a contradiction.
Agree with everything you've said here except for:
> I personally don't see how allowing users to manually disable automatic updates makes a product any more secure
There's tangible security benefits allowing users to update at will, not everyone lives in the same world or faces the same threats, a gay peace activist in Azerbaijan doesn't live the same life as a software developer in Atherton, CA.
A simple notification of security updates is sufficient for the most part to ride ahead of the never-ending wave of vulnerabilities.
Having the simple choice to do so is quite desirable for many people.
this is almost literally word for word duplicate text from a similar complaint made about Bitwarden, another application that has auto-update functionality.
I agree that we should be able to defer updates and if the client must be disabled until updated then we should be able to use it to access the local data. I'm going to have to take the new code at some point, but maybe I want to delete some really sensitive messages first.
Speaking of trusting code: We need some way to automatically prove that the update our system just downloaded is the same as the one everyone else got. And it would be helpful if other parties could sign off or raise warnings on updates as well and we could see that info before and after deciding to install or defer.
Software updates are going to be abused for "legal access" at some point. It is not a matter of if but when. Some kind of mitigation will be needed.
