I've been traveling so forgive me for not posting this yesterday, but: That Signal clone app for archiving messages that Mike Waltz has been using, TeleMessage? It's unlicensed. Signal was unaware of its existence until they saw it in that Reuters photo. There's no known security vetting. - ThreadSky

kevincollier.bsky.social • 22 hours ago

I've been traveling so forgive me for not posting this yesterday, but: That Signal clone app for archiving messages that Mike Waltz has been using, TeleMessage? It's unlicensed. Signal was unaware of its existence until they saw it in that Reuters photo. There's no known security vetting.

Comments

lesliead717.bsky.social•20 hours ago

and Trumps entire cabinet is using it….great

camerontalley.bsky.social•21 hours ago

Didn't someone track the TeleMessage app to a company in Israel?

sagastar.bsky.social•21 hours ago

yup

123simco.bsky.social•20 hours ago

Bingo!

pathofshrines.bsky.social•21 hours ago

Blacklist-based security policies strike again

ohioirishgal30.bsky.social•20 hours ago

The Rosenbergs have entered the chat. 🤷🏼‍♀️🤦🏼‍♀️

jcwill324.bsky.social•20 hours ago

Oh, it has been “security vetted”. It has the Mossad seal of approval.

Of course what’s good for Israel is good for America.

Putin is pissed that Bibi beat him to this one. No need to cultivate intelligence agents when you have access to all their comms.

https://www.dropsitenews.com/p/mikewaltz-tech-israel-nationalsecurity-signal

steviez65.bsky.social•20 hours ago

Meh. You can't go wrong assuming every bit of our intel including current happening are going into Putin, Xi, and the Ayatollah's inbox within seconds of these 4th ReichClowns including Hair Furor FatFuck getting their treasonous filthy mitts on it.

storygrrl.bsky.social•17 hours ago

So Waltz is storing his unsecured classified messages in an even less secure App.

Brilliant.

h-lr.bsky.social•21 hours ago

paul-e24.bsky.social•18 hours ago

Unbelievable

lloyd-frombriz.bsky.social•20 hours ago

Imagine the screams for blood oft Biden had done that...

scassian.bsky.social•20 hours ago

Waltz probably got it from a really friendly Russian or Chinese guy he met at Mar A Lago.

1rmctldy.bsky.social•24 minutes ago

We no longer need national security because it’s all been given away.

redwineandtacos.bsky.social•21 hours ago

Stupid question alert—if a hacker was to gain access to that app on his phone, would there be a way for the hackers to listen in on what’s being discussed in that meeting?

pecunium.bsky.social•19 hours ago

Probably.

We know there are ways to mirror a signal conversation, so if you can get that you can probably get notifications for conversation starts and then archive.

redwineandtacos.bsky.social•19 hours ago

JFC. Thank you.

2names1scott.com•21 hours ago

Good thread here

fuzzyblumonster.bsky.social•20 hours ago

I know this sounds naive and optimistic, but are we so sure Walz, who was Special Forces awarded four Bronze Stars, (including two for valor) did not *intentionally* ignore his security/opsec training to include Goldstein, archive Signal, and let this be seen on camera?

trashmale.bsky.social•20 hours ago

Personal conspiracy theory: using insecure communications is their way of feeding intel to parties that backed them without directly handing it over.

Other theory: they really are this fucking stupid and failed upwards their entire lives.

smithtodda.bsky.social•19 hours ago

Yeah, it’s a tough call, isn’t it?

libbyget.bsky.social•20 hours ago

Neither answer is a good one. 😡

rome73.bsky.social•19 hours ago

But both are plausible

fuzzyblumonster.bsky.social•15 hours ago

The bronze stars with valor are the only thing that give me pause.

I guess all this is one thing that historians will write about long after we've died peacefully of old age...or disease that would have been prevented but for RFK JR...or been massacred by Rubio. 🤷🏻‍♀️

jaysartcorner.bsky.social•14 hours ago

I’m going to say that the odds of his phone being hacked just skyrocketed.

landers0203.bsky.social•7 hours ago

I’m just now realizing the stupid gulf of america hats are sitting in front of each person on the table 🤦‍♀️🤦‍♀️ how is this our reality??

donjorizzy.bsky.social•11 hours ago

@wired.com

kdkildal.bsky.social•19 hours ago

Israel now has the next DLC pack for Putin to update to.
Too bad he’ll first have to restart, then more than likely have to do system update.

generationalize.bsky.social•20 hours ago

“But it’s not Signal, and everyone is complaining about Signal, so it’s okay.”

— Mike Waltz, probably.

cayloe.bsky.social•19 hours ago

TeleMessage is used by pretty much every major financial institution to enable compliance with broker-dealer communication retention. SignalGate was a massive breach, but this smells of fear mongering.

eclecticcyborg.bsky.social•14 hours ago

hammancheez.bsky.social•10 hours ago

there's no fucking way he's the only one doing this shit

midnight-ninja.bsky.social•17 hours ago

Uh-oh. 👀

madeline-megs.bsky.social•16 hours ago

Somehow I didn't think this could get any worse... however,

zakalwe.plasmatrap.com.ap.brid.gy•17 hours ago

@[email protected] These clowns **_absolutely do not understand operational security_**. To them it's a lot of procedural nonsense that gets in their way. **Even after** facepalm fiascos like Signalgate.

blueshift24.bsky.social•20 hours ago

Lol?

dawnpatrol1918.bsky.social•19 hours ago

Looks more like porn to me, keep your hands above the table Mike

ceindeed.bsky.social•15 hours ago

Next, the Trump Administration will be using MySpace for secure messaging.

winstonsmith2024.bsky.social•20 hours ago

Signal-like? Is that also security-like? Seems so.

nartistnioshii.bsky.social•20 hours ago

Signal-ish, security-ish. So close.

winstonsmith2024.bsky.social•20 hours ago

Missed it by that much! 🤣

matty-lynn.bsky.social•17 hours ago

Anyone who cares, can see our country is in serious trouble. This clown car administration are not following the rules or regulations that are meant to protect our national security.

mytfinn.bsky.social•18 hours ago

And what’s with the hats?

sukarma2.bsky.social•13 hours ago

Did he check in with Putin for an alternative recommendation?

strangernalps.bsky.social•17 hours ago

Incredible

canhawk1.bsky.social•19 hours ago

Surely the people who were outraged over a certain somebody's email server and another guy's laptop will take this transgression seriously, right?

phill.hallambaker.com•21 hours ago

Since Signal app is open source, it is licensed under their open source license. Whether TM is in compliance with the license requirements is another issue.

hongpong.bsky.social•9 hours ago

we have a new report out tonight about this https://bsky.app/profile/unicornriot.bsky.social/post/3locn6jh7o22z

eldred-kuqui.bsky.social•21 hours ago

Sometimes I wonder if using unsecured apps is intentional. They're leaving the backdoor open. Sounds paranoid, but these are the times.

plannedtheride.bsky.social•21 hours ago

Info about Israel's connection
https://bsky.app/profile/plannedtheride.bsky.social/post/3lo6vmny47s22

bluememe.bsky.social•21 hours ago

If the app archives messages, Congress should be able to get them.

neurodivergentlman.bsky.social•21 hours ago

‘Could’

123simco.bsky.social•20 hours ago

I think you are on to something here?

scottpal.bsky.social•20 hours ago

Fucking IDF owns our government. Great

soso008.bsky.social•20 hours ago

Security, what’s that?

bradwenner.photo•16 hours ago

"unlicensed" is inaccurate for code released under GPL3

logan8r.bsky.social•16 hours ago

They blatantly hate anything that resembles security. OPSEC is for libs I guess.

kevincollier.bsky.social•22 hours ago

Signalgate was a little confusing in that there were multiple things to be outraged about. Some thought Signal itself was insecure, when the evidence doesn't suggest that. Using an unauthorized Signal knockoff? That's actual cause for concern.

born2.besilly.online•20 hours ago

they’ve all been Pegasus-ed

every last one of them

warrenterra.bsky.social•19 hours ago

And of course Signal could be God's perfect app, but using it to transmit classified information on your personal phone that does all sorts of other things is extremely bad.

wafflecut.bsky.social•9 hours ago

Especially if you take it out and open app in front of news photographers

dustinducane.bsky.social•14 hours ago

Gossiping military intelligence is the primary issue then it’s layers of not using secure comms, using an iPhone, being drunk as DoD sec, adding a journalist, lying about it and what is classified information.

Second level is using signal requires a smartphone or PC, neither of which are secured

notintofascism.bsky.social•18 hours ago

It would be funny if it wasn't so damaging to our national security.
If it's true that he did that, it's so incredibly STUPID!

phill.hallambaker.com•21 hours ago

Signal is not end-to-end secure. It offers end to end encryption but Signal provides the PKI that publishes the keys, end users have no practical means of authenticating the keys they rely on.

It is fine for most people's needs, definitely not sufficiently secure for National Defense Information.

natecardozo.bsky.social•17 hours ago

What’s your opinion of WhatsApp’s AKD?

mothproofrepose.bsky.social•20 hours ago

Omg citations desperately needed

phill.hallambaker.com•19 hours ago

The issue is the Public Key Infrastructure delivering the keys.

Alice sends a message to Bob by encrypting it under Bob's public key. Confidentiality of the message is ensured provided that

1) The encryption algorithm is secure
2) Alice really did encrypt under Bob's key.

phill.hallambaker.com•19 hours ago

The second is the problem of PKI and it is a problem I have spent most of my working life focused on. You might have heard of the company we started to build PKI technology to solve that type of problem, its called VeriSign.

phill.hallambaker.com•19 hours ago

If Alice wants to call Bob on Signal she can use Bob's telephone number or now his account name. And then she can *T*R*U*S*T* Signal to provide his public key to her client.

Ten years ago, that was entirely acceptable for consumer security because the alternatives are worse.

phill.hallambaker.com•20 hours ago

As it happens, this is an issue I identified several years back and have just published an Internet draft with a fix:

groverhtx.bsky.social•20 hours ago

📌

phill.hallambaker.com•20 hours ago

The goal here is that users should own their own accounts and be able to:

* Change their service provider any time they choose without switching costs.

* Communicate with any user regardless of their service provider.

* Control their own private keys.

* Control the public keys they rely on.

phill.hallambaker.com•20 hours ago

The technical mechanism is an extension to JSContact which is what we are replacing vCard with plus a bit of simple cryptography to provide mostly authentication.

The idea is you dump ALL your communications addresses and the public keys corresponding to your private keys into a JSContact object.

phill.hallambaker.com•20 hours ago

Anyone who you pass the JSContact card to can now establish end-to-end secure communications with you. The communication is as secure as the source of the JSContact.

Not just OpenPGP, S/MIME but SSH, Git, Code signing, etc. etc.

wonkish.bsky.social•20 hours ago

Though my understanding was that half the issue with using it for this stuff is that Signal has no way to ensure a person's actual device is secure itself. Even if the encryption in transit was perfect, once a message arrives on your device, it's got to be decrypted to be viewable.

phill.hallambaker.com•20 hours ago

I don't do end-point security, my thing is PKI :-)

It all depends on what they are going to use the comms for. The GOP attacks on HRC were ignorant, stupid and evil, I am not going to change my position just because its the fascists doing stuff. I will point out the hypocrisy.

phill.hallambaker.com•20 hours ago

Using Signal with an archiving feature to meet compliance requirements for non-classified conversations is sub-optimal but almost certainly not criminal.

The big question for me is did the chuds take advice from the NSA and follow it or having blundered, did they go their own way again?

wonkish.bsky.social•20 hours ago

Sure, but that's my point, it's about endpoint as well.

phill.hallambaker.com•20 hours ago

Not disputing that. Just saying that is the one area my work doesn't cover.

That said, giving every government official a separate locked down mobile device for government business makes excellent sense.

I would do that and I would get the Hatch act fixed so they can use them for any communication

billstewart.bsky.social•20 hours ago

The other really big issue is that Signal doesn't keep records of your calls/texts, which is good, unless you're a Federal employee who's REQUIRED to keep those records, which all the Signalgaters except Goldberg were,
plus of course it's not specifically NSA-approved.

andkenbrbr.bsky.social•14 hours ago

I know that I'm being replyguyish, but I would argue that even random people without access to top secret documents should be careful with Signal and not trust it 100%. Specially if you are mentioning things like banking data, passwords and id.

phill.hallambaker.com•13 hours ago

I think we fix it.

And if Signal won't, we move to a new protocol that delivers the security we need.

frankenmizer.bsky.social•18 hours ago

Thank you for this sub-thread. 🙇

phill.hallambaker.com•18 hours ago

You are welcome. The reason I have been focused on this work is that I have been looking at a way to add end to end secure messaging to first Mastodon and then BlueSky/ATprotocol.

So being exceptionally pedantic is part of the territory.

nachyocheese.bsky.social•18 hours ago

Signal is only secure if you use it in a secure environment

seasick63.bsky.social•20 hours ago

Some people never learn, never!

greatshrike.bsky.social•21 hours ago

Can we subpoena the archive?

aozora-aonami.bsky.social•20 hours ago

Subpoena? You could probably get chatGPT to write you a script to download it in ten minutes!

billstewart.bsky.social•20 hours ago

Only if you file a court case. Start with a FOIA request, which will of course get denied.

mikethemadbiol.bsky.social•22 hours ago

📌

peg-texan.bsky.social•20 hours ago

And now he’s going to be in the UN. In NYC. What ELSE could possibly go wrong?!

mollynme.bsky.social•21 hours ago

I'd be shocked if there were.

ubermenchies.bsky.social•19 hours ago

It's apparently made by an Israeli company. How much do you want to bet it's a spy app and Waltz has been essentially handing all their chats to Israeli intelligence?

profusional.bsky.social•21 hours ago

Yep, kinda easy to see this stupidity w these clowns. My take yesterday:

https://bsky.app/profile/did:plc:dq524joqiimrsvysibyotymq/post/3lobe5bbwkc2l

kieranhannon.bsky.social•20 hours ago

But her emails…🤦‍♂️

broghan76.bsky.social•13 hours ago

I hope the Democrats are loading up on questions when he comes in for confirmation. Not one single softball question.

motown.bsky.social•21 hours ago

HAHAHAHAHAHAHAHA

looks like SignalGate isn't over

dumb motherfuckers

supersaiga.bsky.social•22 hours ago

imagine being so bad at your job that you're indistinguishable from a spy

If Trump didn't have a long history of only managing to get incompetents to work with him then I'd be sure this was intentional

wiredfire.spacecookies.co.uk•21 hours ago

The other thing this highlights is what I’ve had issues with for a while - there are QoL features many want from Signal that it’s just not doing. For example I use the unofficial Signal app “Molly” so I can have it active on my Android tablet and my iPhone which is necessary for my use.

politicallyint.bsky.social•14 hours ago

"The app was founded in 1999 in Israel before it was acquired by the Portland, Oregon-based company Smarsh in a two-year process that closed in 2024. TeleMessage maintains an office in Israel."

cracked-pepper.bsky.social•14 hours ago

So... Basically an app that directly funnels all encrypted "signal" type messaging apps straight to Israel?

politicallyint.bsky.social•14 hours ago

Looks that way.

cracked-pepper.bsky.social•14 hours ago

So then the question becomes

Was this done unknowingly or is he an active agent for Israel?

cmalvica.bsky.social•14 hours ago

Is it a backdoor for Pegasus?

rambleratx.bsky.social•13 hours ago

This really is the Clovis episode of Veep

ravenna-roanoke.bsky.social•21 hours ago

i really hate seeing those dumbass hats everywhere. they just need to give in and wear the damn swastika armbands already and stop pretending.

jenniedp.bsky.social•20 hours ago

👀

alimack13.bsky.social•19 hours ago

I'm sorry but, smarsh!? Is that a bad James Bond copy of a 3rd party engaged in skulduggery and general bad things, possibly run by a foreign power? Going away to giggle a bit in a Sean Connery accent.

lukasz.bsky.social•19 hours ago

Is there a licensed/ official way of archiving Signal chats in a way that can comply with records requests? Heard that sigtop can be used for that, but it requires desktop

lindamtka.bsky.social•17 hours ago

Oh great! So if Signal isn’t actually safe/allowed for govt use, snd its clone app is completely unregulated, he DOD and who knows how many others are just talking on a big old party line. I feel so secure.

boldstatement.bsky.social•21 hours ago

📌

brisers.bsky.social•20 hours ago

https://bsky.app/profile/brisers.bsky.social/post/3lo5yu6hi322e

up2nullgood.com•20 hours ago

The article seems to imply that Vance and a few others are using the same app. Might as well just open everything for all to look at

dermotsmith.bsky.social•20 hours ago

Unclear - I would expect this rogue Signal client app would speak to any Signal user but perhaps someone persuaded them all that this was “better”.

up2nullgood.com•20 hours ago

So the guy is stupider than I thought. Using a clone app made by got know who is definitely not a wise chose. I guess Truth hasn’t implemented chat yet 😂

jamesschilf.bsky.social•14 hours ago

At least he's not jerking off to porn at the meeting
I mean Jeffrey Toobin would never do that

olivesided.bsky.social•20 hours ago

They are so fucking out of control.

smithtodda.bsky.social•19 hours ago

That’s really the best way to describe it. Whether fully intentional, or just flat out incompetent, they are fucking out of control.

chofualum.bsky.social•17 hours ago

🤦‍♀️

contractjames.bsky.social•20 hours ago

These guys are more worried about making sure they have control over purging the record of their government communication than they are about security. I’m sure our adversaries won’t take advantage of them.

joeyvazquez.bsky.social•20 hours ago

If you were part of the Trump administration and wanted plausible deniability as you passed along information to your foreign paymasters, wouldn't you use relatively easily hacked apps and unsecured cell phones and internet connections to communicate that info and claim ignorance if you're caught?

joecamel.bsky.social•19 hours ago

Probably to talk with the Russians.

polyparadigm.bsky.social•17 hours ago

This administration is no fan of vetts

mattortega.com•14 hours ago

The source code, including credentials, are public on Github. Absolutely nuts.

johntubeman.bsky.social•13 hours ago

There's always a debate if security is better served by open or closed source libraries/applications. Many argue open source is better, because it allows more people to find potential leaks that can then be fixed.

johntubeman.bsky.social•13 hours ago

The biggest problem with using Signal or an alternative on your phone is that the phone itself (Android or iPhone) is the weak spot.

swelljoe.bsky.social•5 hours ago

There are many big problems here. The third party Signal client seems very likely to be insecure in a variety of ways, both intentional and accidental. The user in this case is clearly not capable of using the tools in a secure way even if they aren't intentionally or accidentally insecure.

felker.dev•19 hours ago

It's funny we were previously concerned that his Signal use would avoid government transparency. But it's transparent to every other government!

rst.bsky.social•20 hours ago

The Signal client is open source - anyone can write another, or produce an altered version of theirs, without letting them know first. And the same goes for fourth-party security audits of the result. They may or may not have happened, but it being an alternate client doesn't prevent it.

chrisnesselrode.bsky.social•20 hours ago

Let’s make this idiot UN Ambassador!

kishwoman1.bsky.social•13 hours ago

Only the most qualified, right?? 😡😡

pissedoffoldytdude.bsky.social•13 hours ago

Somebody tell these idiots calling the GULF OF MEXICO what is on that hate are members of a cult.

thedailysusan.bsky.social•21 hours ago

Smh

Comments

Posting Rules

Reply