Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/
Comments
Log in with your Bluesky account to leave a comment
I'll be honest, you could have the basis of a defamation lawsuit if the reports of them saying Signal was 'hacked' happened and were, as usual, not factual, but rather less in an attempt to cover up their own incompetence...
@signal.org please this. Please show that you will not be defamed and that they added him to the group chat or be honest about the hack if it did truly happen. I want business to stand up to these bullies to
Signal has end to end encryption, but that means absolutely nothing when it’s your phone that is compromised. And we know that at least a few of them, if not all of them, were using their unsecured personal phones.
. @signal.org
It's not just the APP or the "Plans".
My understanding the APP can't even be installed on an APPROVED device.
So they downloaded the APP onto their PERSONAL Samsung or iPhone or whatever and then used the PUBLICLY available cell/wifi/blutooth (?), none of which are secure.
It's far, far more credible that, as someone pointed out, people in the chat assumed JG, that is how Jeffrey Goldberg appeared in the chat, was Jamieson Greer, US Trade Representative.
Signal is as secure as the dumb drunk fingers groping the contact list. For some. it's COMPLETELY SECURE. For others, I'm not going to get into the details...
I understand the basic word association between the question and the news, but the question doesn't seem to have a purpose, or it seems to misunderstand what Signal is.
Signal was never the problem. It's ignoring security protocols, taking highly classified national security conversations outside appropriate gov't communication channels. In using an otherwise secure app, one added a contact from their phone to the conversation: impossible on internal gov't system.
Or you’re sitting in the Kremlin texting with your besties about US war plans and those sneaky hidden cameras they’ve got placed everywhere Zoom in on your phone while a Russian spy casually looks over your shoulder.
If Putin can get in, it stands to reason our government can too. And that seems like a security vulnerability. I would like to have some clarification on that.
As I understand it the risk from a phone being physically in Russia is that the phone itself is at risk, not that anyone can “get in” to access messages en route or via some other means.
Thank you. That is helpful. If the phone is compromised, whoever compromised it has access to everything on it, including Signal? So, Signal can’t protect privacy if the government has a backdoor with Apple, basically?
It’s end to end encrypted, which means your messages are encrypted on your device and then sent in an encrypted state across the internet. They cannot be read in this state. The only person that can read them is the recipient. Capturing the traffic doesn’t get you anything.
Signal messengers were installed on devices that could have been compromised (private phones of the perpetrators). Don't pretend that even in this case your software would provide secure communications.
The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 3/
Phishing isn’t new, and it’s not a flaw in our encryption or any of Signal’s underlying technology. Phishing attacks are a constant threat for popular apps and websites. 4/
Phishing isn’t new but letting bad actors use and exploit “linked devices” without trying to kybosh it sucks. It’s like Signaling folks how secure your app is to get folks with a need for such, and then letting them be exploited. You know damn well what Russia is doing and you are letting it.
In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. 5/
As someone who does phishing simulations, I'm just here to say people are still falling for it no matter the safeguards you put in. Hegseth and associates strike me as the types who fall for phishing lol. They shouldn't be using a commercial app on private phones for govt business, period.
Signal is open source so our code is regularly scrutinized in addition to regular formal audits. We constantly monitor security@signal.org for any new reports & act on them quickly while working to protect the people who rely on us from outside threats like phishing with warnings and safeguards. 7/
The vulnerability is that you’re a private vendor who wasn’t vetted for security when they decided to use you to avoid a paper trail.
Also, FU for trying to make this about your brand
Signal is one of the most important tools we have right now for pushing back. It’s a non-profit that solely exists to create a user friendly secure (as long as you don’t accidentally invite journalists to your group chat) way of communicating. Putting down Signal is pure tech illiteracy, period.
The “vulnerability” I’ve heard thrown around is the user device itself being compromised with key logging malware. This is true of any device and software and has nothing to do with Signal.
As I always say, if you have nation states actively in your threat model you’re gonna have a bad time.
Signal is NOT the problem, nor the issue. The issue is the deviation from established protocols (not tech. protocols, govt. protocols ) for secure communication, the evasion of accountability and avoidance of FOIA. Signal is solid. Our government? Not so much.
Anyone angry at Signal right now, is beyond stupid.
Having safe op-sec isn't as simple as just "using encryption" if you invite whistleblowers, people with dodgy op-sec, and idiots to your conversation, your information is bound to be leaked. What happened is Hegseth and crew are idiots.
If you let someone have access to your messages in any messaging app, they have access to your messages. Pretty simple concept here, encryption doesn't protect against simply texting sensitive information to dodgy fucks.
Cyber security isn't even what apps your using, it's how you use them.
Like, you can't get mad at a lock company, if someone breaks into your house after you gave them a key, told them your work schedule, and did a tour of your home listing the value of all your belongings.
All information on private devices share similar vulnerabilities. One can attempt to mitigate them by adding extra layers of security, from extra passwords, needing to enter passwords repeatedly, screen diffusion, two stage authentication, and this is why government phones don't allow those apps.
they're not doing that, they just explained that signal is still secure and that the "vulnerabilities" people have been talking are just phishing aka "giving that prince from nigeria your bank account details" type thing
They are doing that by putting out a statement. It is illegal for the government to use an app that deletes messages. They should have included that in the statement. That puts the onus back on an inept administration.
Right. It's meant to be used for casual conversations by normal people, and has security measures appropriate for that.
But it is still a commercial program that was never designed to discuss national secrets, so the people using it for that purpose are misusing it, and they are the ones at fault.
But normal people should use secure channels: You never know what seemingly innocuous thing gets you into trouble later, like talking about getting an abortion. And the more people use secure comms, the better the protection for those that really need it.
Sure, but there are plenty of secure comms which have far less security measures than Signal does which are fine for normal conversations, but probably aren't fine if you're, for example, planning a mass protest against unjustified deportations, they aren't fine and Signal is much more necessary.
There's no reason to use anything else. Signal is end-to-end encrypted by default, and the average person doesn't have to know what that means. They're just protected by default, and it takes 10 seconds to set up.
But we should be. Instead, we’re talking about the world’s largest military being run by incompetents with the mental and emotional development of middle schoolers. And that ain’t Signal’s fault.
Signal is a tool. It's not their fault what people decide to use it for, even less so their fault if idiots idiotically leak national security secrets by inviting journalists to their chats.
I thought they were being pretty straightforward about it. There is certainly a lot of misinformation going around about this, especially on other platforms. Lots of people don't really get what Signal does.
Thank you. This is the description I was searching for …“incompetents with the mental and emotional development of middle schoolers“…
That is a perfect description, but still might be unfair to middle schoolers.
„total waste of space“ was coming to my mind first
How about if the secretary of defense, the vice president and a bunch of cabinet members decide to form a group chat as they are about to launch an attack against Yemen. Is there any chance for sophisticated players from other countries to access that message.
The only thing that matters here is that Signal is no substitute for the secure, official, and auditable channels through which all such classified communications should happen by law. All this CYA palavering on your part is neither here nor there.
To which I guess I should add that I don't actually hold your platform responsible for the egregious way in which these drunken assclowns who are now in charge of our national security abused it, but if you seriously try to represent yourselves an alternative to those official channels, fuck you!
What ppl wld REALLY appreciate it yall were HONEST about how unsafe it really IS for Governments to use it, then work on it for the rest of us schlubs.. Ppl respect honesty bro 🤔🤦🏻♀️
I wouldn’t worry about your stock prices, Signal. Nobody’s mad at you, except maybe the Republicans, who are looking for someone — anyone — to blame, but themselves.
Thx for ur reply. I admit to not knowing much about these things. Can u tell me if the text messages are truly gone after the assigned period of time (i.e. 1 week) or can the high ups at Signal always retrieve them if subpeonad?
What you need to do, Signal, is rewrite the application in open source code, and distribute the software. That way, thousands of people can review how secure it is.
If you already did this, my bad. Been out of IT security for a long time.
From my job as a mugger, this sort of post is known as unsolicited promise. I did not ask if your stuff is secure, the fact that you are telling me is probably a lie.
Example: Dude knocks on a woman's front door, asks to use the phone, says "I won't hurt you." The last part is probably a lie.
I’m sorry you’re taking so much heat. I do think it’s important to outline why 3rd party apps are less secure than homegrown, but this isn’t about Signal’s shortcomings, which are few and far between.
There are clearly defined expectations of when and where they can discuss war plans. I agree that some aspects of government are antiquated, but using a public application (regardless of the perceived safety), is not the place to discuss such sensitive matters. It’s not about you at all.
There are clearly defined expectations for sedition, treason, insurrection, and staging coups, yet we're two months into the construction of the Trump dictatorship.
there isn't pretty much anything that can be done without compromising privacy, even if they did introduce some scanning AI thing that is perfect all bad actors + regular people that care about privacy would simply move to a different platform that doesn't do it
They're not claiming to be. Regular people use the app because it's encrypted. It's not their fault that the idiots in this administration are sloppy & don't follow protocols. The problem wasn't the journalist. It's the morons using personal phones & a commercial app that's the problem.
There has been focus on Signal in several news articles, not to mention a warning from the Pentagon & this website. It's not a SCIF during use or doesn't stop lazy DefSec from using his personal cell in the first place. Signal didn't do anything wrong. Every govt agent involved in that call did.
Aside from the technical stuff, though, everyone should have access to secure, private communications for personal use. However, using a private channel like Signal (no matter how secure it is) for this sort of planning is a clear federal crime, and one that the GOP has been yelling about for years.
I stand corrected and even though I sideload stuff on Android all the time that slipped my mind. However, and bear with me here, if it's legislated then it becomes a crime... Wouldn't that work? Take the onus off of Signal and put it back on the individuals?
OMG, this is an absolutely ridiculous thread. National security and military operations discussions should not take place on Signal. Period. None of what you're saying matters in that context.
Regardless of how desperate you are to protect your app, there is NOTHING you can POSSIBLY say that would make national security information being passed back and forth on your app ANYTHING but a disgustingly flagrant disregard for national security. Stop being obtuse. 🙄
No one said that. Like, you made up the idea that someone did, and then got mad about the idea. But it never happened.
There ARE people arguing that Signal is the problem, though, not our stupid govt. Signal is saying that their program works as intended. They carefully make no comment on the prez.
Can we all just agree that this conversation had no business being on Signal to begin with. Period. Signal shouldn’t have to defend itself against this shit. It’s not exactly the appropriate platform for the conversation at hand. These people need to face consequences!
While defending the security of your platform, you should probably add the caveat that it’s still incredibly inappropriate to for government officials of any nation to make war plans on the app
Agreed the chat group is ultimately responsible, but Signal might want to try to avoid lawsuits for claims that it turn over chat logs that it will say it doesn’t have leading to lawsuits that it is in violation of the presidential records act leading to laws prohibiting it from deleting messages
That’s cool, but kinda not the point. Apple recently dropped data encryption entirely for everyone in the EU because the EU demanded backdoor access to the data. If the US government demands access to all chat logs for US users from Signal in order to operate here, what will they do?
It does not matter if you delete your messages or not. Signal does not have them. They fight court orders all the time and even when they lose, all the info they have is who chatted who at what time, no message content.
Regarding the presidential records act, they are as liable for the violation
They’re also naming intelligence agents, which could lead to them being killed. None of this should be happening out of governmentally sanctioned secured channels
The countries who posed the greatest threat to our intelligence officials (Russia, China, North Korea) are now Trump allies. He will have his own intelligence officials who are not working in our national security interest--only in Trump's interests. Again, this is no longer our government.
This Trump govt is plotting the enslavement and death of many of us. I’d like it to be as inefficient and leaky as possible. If intelligence officials aren’t loyal to Trump they will have kill orders run thru more private channels.
That's...not remotely what they said, and it's still not suitable anyway because its not compliant with government record keeping requirements (a concern completely removed from how secure it might be).
Something they don't contest because they have no reason to, it's a matter of law.
Signal absolutely shouldn't be used for that and they didn't say that it should. That said, it's about as secure as is possible for a communication system that isn't airgapped. All their code and whitepapers are public; I highly suggest you read them. They're legitimately quite interesting.
Are you stupid or just willfully obtuse? You are acting like Signal is saying it's ok to use their system to send CUI. They aren't. They're saying that the memo being referenced misrepresented the problem. Which is a fact.
There's more of a chance that it was the fault of the user. Person could have just as plainly messaged it from Instagram or Facebook. Incompetence takes much less effort than being thoughtfully deliberate.
Are the mobile phones secure?
The app can transmit the information savely.
But if only one out of 20 or so phones is compromised…
If the phones can’t be secured, then this utterly useless.
They were their personal cellphones, not their government issued secure phones, which you can't have Signal loaded on. When dealing with foreign adversaries, a personal cellphone can't be secured. That's why they get government issued phones.
America is ran by Hitler right now and it will never go back to the way it was under fascists that supported genocide like Biden, its security being threatened can only be a good thing
Simple. The only statement Signal should be making right now sis that no one should ever trust national security to their app…which has been hacked before. Did they say that and I missed it!
That’s not Signal’s job. That’s the job of the people in charge of national security, and it’s not Signal’s fault if they are utterly and thoroughly incompetent (and violate laws and procedures in the process).
Given the source of the accusations, you honestly don’t need to defend yourselves. Those guys can only say three words: a noun, a verb, and “conspiracy”
Bawahahahahahahah
Ok whatever Dude (yeah I’m sure you’re a dude)
Signal is cool for people
Having affairs or whatever but when it comes to NATIONAL SECURITY and WAR PLANS
Nah bruh Nah
Haha ok my bad. I’ve been schooled a bit on Signal since I posted.
Unlike the administration, I’ll say well I was wrong and I’ll do better going forward.
Grandma is sorry
As someone who's been using Signal for many years in organizing circles, seeing negative polarization seeming to happen about it kinda freaked me out a bit... :P
Aw. Thanks for chatting with me. I’m just a grandma - I can barely use my tv remote and frequently have trouble finding my car in the lot. I guess I’m just a little frayed of late. 🤪
I hope your executives are looking forward to their (not so far in the) future involvement in Congressional/Senate investigations and court cases about how their product was used to help commit war crimes and breach multiple US laws, including the wholesale breaching of the Federal Records Act.
Cartels, APTs, nation-states, hybrid mercs operate upstream. QR hijacks, linked pivots, endpoint burns, custom 0-days walking supply chain. Offensive stack always wins. Most fold on the math. You see it. Where do you push next @meredithmeredith.bsky.social?
Signal, you need to block those accounts and now. I’m telling you they’ll hang you out to dry for having national security info on your platform, raid your offices, and you’ll end up in a black hole in El Salvador.
If a bombing attack is being planned, you go to the SCIF. I mean, haven’t these 18 ever watched The West Wing, House of Cards, Veep, Designated Survivor? Even FLOTUS has because he mentioned a SCIF today!
Perhaps it would be useful to have an advertising campaign about how secure your sight is for what it is intended for - NOT classified war plans. It’s the beer drinker, not the beer, the gun user, not the gun. Although, I don’t exactly agree with the latter.
It has been audited several times. There are no known vulnerabilities that could compromise your messages. You sending messages to the wrong person isn’t a vulnerability.
Still disingenuous. Having employees is a vulnerability. Having access to the phone the app is running on is a vulnerability. Using code that relies on other libraries is a vulnerability.
intentionally conflating a technical term with a wider definition i've chosen because i'm arguing with someone disingenuous and i'm totally not the disingenuous one
The vulnerabilities being discussed is coding vulnerabilities. Social engineering is not about coding and seems to be the vulnerabilities you address. However secure signal's coding is, it doesn't stop you from handing your phone to a journalist to pour through your messages.
Sad to learn that people are being misled by (again) US officials & media.
There's no reason to point fingers towards an encrypted, open-source messaging app, while your officials are ignoring their designated secured platforms.
If that's not raising questions, I'm not sure what will.
You can use *seemingly* secure messaging apps from companies where YOU are the product and their goal is to sell you things / advertise for whoever pays them most, or you can use Signal which is made by & audited by people who care about security.
The current administration is spreading that rumor by claiming the intelligence agencies issued a memo a week before they stupidly added a journalist to their group chat discussing military movements in order to add a firewall in front of themselves in case they got caught.
We know it's not YOU
Signal didn't violate a single law. The idiots who used it instead of a using a Sensitive Compartmented Information Facility are the ones who violated the law. They used a commercial app on insecure commercial phones because it can't be used on their hardened government-provided phones. Idiots.
What?. It's social engineering, not insecurity in Signal. If you're scanning random QR Code for example and get scammed, that's your own fault, not your Bank.
Anyway, here's the post from @meredithmeredith.bsky.social
Can Signal make it a violation of its terms of service to use it for any official government communication, and block any government-owned phone numbers from the app?
I think the way to paraphrase would be: “Signal does not put our military personnel at risk. Stupid people not knowing how to use Signal puts our military personnel at risk.”
Govt officials should be using a closed communication system with exclusive, explicit, communication access methods that automatically excludes all others. Such systems already exist and are supposed to be used by default. The fact that these people weren't using it
is a clear indication that they did not want their communications to be trackable and auditable as intended by Congress. That is perhaps the greatest offence in this affair, one they will never be held responsible for.
Well, Pawpaw Dementia is a documented liar. He likely finds it just 'entertainment' & likely will try, as Nixon did, to COVER UP & blow it off. However, these 💩heads could have gotten our military personnel KILLED & Congressmen are PISSED. They CANNOT let this go UNCHALLENGED. 🤬
Unless GoP congressmen are pissed and there is no indication any of them seriously are, then they WILL get away with it. Trump is doing what maybe should have happened long ago. That is stress-testing the very essence of the tripartite composition of the Constitution which was lauded on
paper but is now being found wanting in practice. The question is will anyone want to do anything about it and what needs to be done about it. BTW, it's not just in America this is an issue, it can happen anywhere and is happening elsewhere, eg Turkey.
Care to comment on Mike Waltz's claim that his Signal group was somehow hacked into by Jeffrey Goldberg. It suggests that Signal's security isn't adequate.
Lol. You’re trusting what Waltz says? The guy who worked as policy director for Rumsfeld during “the war on terror”. These are the type of idiots that butt dial their acquaintances and talk for an hour until it cuts out.
What on earth makes you think I would trust Walz? I watched his pathetic performance on Fox earlier. It was an open invitation to MAGAists to volunteer to be treated as idiots, which is exactly what they are and no doubt they will be spouting shit on X to that effect. Signal should call him out.
it is about them because the media is spreading misinformation about how signal works. the point of this thread is to clear things up. also the yanks making these mistakes is a really good thing
This administration is using Signal to violate the law. All communications in the government are supposed to be preserved. Signal texts vanish. Nobody gives a fuck about ordinary people using it. The company should shut the fuck up right now.
Signal texts vanish if you tell the app to delete them, just like every app on earth. Yes, using a personal device for this communication is a huge issue here. Let alone inviting some random journalist. None of this justifies the smearing of Signal as 'insecure'.
"Smearing." Give me a break. Using it on a personal, unsecured phone IS NOT secure. This gross violation is not Signal's fault but them claiming to be secure obfuscates the issue.
No, Signal is secure. Government officials are not allowed to use personal devices for state business. That is the problem. They're using personal accounts, devices, etc to hide evidence. Get your priorities straight please.
What a lot of folks are missing is the reason why Signal is inappropriate for communicating classified information. It's not anything wrong with the app. It's that people were using it on their personal phones. Classified information by its nature must be protected against compromise by hostile 1/
I think you are missing the most important part about the “team” using Signal. The administration has appropriate and secure channels and a shit load of policies and regulations attached to them to ensure accountability for the communication. It is supposed to be on the record, even if top secrete.
nation state actors. In all likelihood Russia, China, and Iran all have the capability to remotely infect personal phones (iOS or Android) with malware -- no user action required. Signal is ace at protecting info in transit between phones. No technology known to God or humans can protect it 2/
while it's on a personal phone, in a chat window or wherever. This matters to you only if your information is of interest to nation state actors. For many people this isn't a concern. People protesting their government do have such concerns and must take additional precautions (see https://eff.org) 3/
Good luck thinking Signal or any such app can keep your content secret from spyware such as Pegasus, which can get a god's-eye view of everything on your device (and in your cloud), just as if you had handed it your main account password. It would see what you type into Signal, BEFORE encryption.
Signal has never claimed anything but being end-to-end encrypted, and it's the best at that. Physical device compromise is not what Signal is designed against, nor is it designed to stop a dumbass drunk from including a journalist in a national security group chat about bombing civilians.
Agreed. Not blaming Signal; just making sure people - especially those in vulnerable positions - don't have a false sense of security that such apps can magically keep their info hidden from a government or entity powerful enough to employ spyware such as Pegasus.
That's true, and I don't think I've ever seen Signal claim otherwise. They use point to point encryption, so the data is decrypted once it hits your phone. Signal is just a secure way for the data to travel to the other user without interception.
In other words it’s a great app for governments who have access to Pegasus to use to keep info away from common people but unwise to use by common people seeking a tool to help with resistance planning?
I believe there are more secure ways that governments should be messaging. A restricted contact list that only includes those with clearance should certainly be leveraged. As far as average people, Signal is a reliable way to securely message people as long as your device is secure.
As with any security/privacy focused product, it can only do the job if the user uses it correctly. Don't add unverified contacts, don't install untrustworthy applications, and use operating systems that are secure by design. And keep in mind - Signal is a consumer product, not a govt focused one.
It is an amazing tool to protect your chats against government surveillance. But no single tool can ever be a fix-all security silver bullet. Every tool needs to be a part of a toolbox. This is a great resource on many of them: https://ssd.eff.org
A lot of people here are being surprisingly (?) dense. Signal is an incredibly secure platform, but it doesn't protect you from adding the wrong contact to your group because you're fucking stupid. They weren't hacked, phished, or otherwise exploited.
Waltz, not Walz. Tim Walz is the Governor of Minnesota who ran for VP. Mike Waltz is the soon-to-be unemployed National Security (ha, I can't even type that without smirking) Advisor of the US.
It's totally exploitation when you are accidentally invited to a group chat you don't belong to and the other people are so stupid they could be fooled by a chatbot run by a dippy bird toy on a keyboard.
Ironic that they fuck up means more of us will probably download and use it because they realize the work around to recordkeeping and in their case of fascist resume coup
A lot of folks in your comments need to read up on the difference between risk and vulnerability. There is a major distinction and are not interchangeable.
USE OF SIGNAL = NOT A MISTAKE. Using unofficial & nonsecure methods of comms is intentional & The Heritage Foundation’s (Project 2025) tactic to circumvent gov’t comms systems because it’s tracked & recorded. Need proof? Watch entire video-tactic discussed starts at 4:06. https://youtu.be/UQjdwsZhE_Q?...
Signal is probably great for anyone who is only worried about hackers with less skill and resources than the NSA, Russian intelligence, and maybe Chinese intelligence.
Yes, it's often used by journalists and whistleblowers. And other people who has a need to protect their identity.
But for government issues, they have special facilities for discussing "stuff".
Check this out
It doesn't even have to above ordinary law enforcement. If you are suspected for doing, or done something criminal and the police find that Signal is your only message app, they get what they want from Signal. They just go via your isp.
You leave traces everywhere, a VPN can't remove metadata. And the Device-ID.
There are apps and sowtware for removing and change metadata, but nothing can change the device id.
Signal is used by Ukrainian army and Russian opposition journalists, the very people targeted by Russian intelligence. The encryption in transfer is very secure.
The reason it should not be used for official communication is that it's cosumer-facing app. Your mom and high-school friend can use it.
And when dealing with top-secret government info, you don't wanna have these chats mixed in the same app as your personal ones for the very reasons we see here.
The known Russian attacks on the app are not about breaking the encryption but about tricking users to share the decrypted messages.
@signal.org you have a amazing platform. Most of us that use it know it. It was not your fault that these people are that stupid. Thanks for what you do!
All chats are stored locally. If you lose your phone, you lose your chat history on iPhones. Android has a local backup function, but unless you put that file somewhere safe every so often, losing Android phone means you lose all your messages too.
A copy of the conversation is kept on the sender's and recipients' devices. There is a setting to allow auto-deletion after a time window, but that is off by default and would need to be manually enabled.
The benefit for Signal over Telegram is that all messages are fully encrypted all the time. Telegram isn't encrypted by default and the setting for encryption has to be turned on for each convo. Whatsapp doesn't have true encryption anymore, and Meta started scraping message data this year
Hey @signal.org do you know if House Speaker Mike Johnson’s favorite app, Covenant Eyes, accesses the info shared on signal if the user has it on their phone? I know it’s popular with the Christian Nationalist crowd.
(Wondering if any of the war group chat have it installed, seems Vance’s style)
If by "above" you mean "able", they can in fact assure you that it can't be accessed by a cell provider. It uses several layers of encryption (TLS as an outer layer for each network connection and end-to-end (device-to-device) encryption) to ensure only the people involved in a chat can read it.
This is the issue.
Especially since commercial software such as Pegasus exists.
Using Signal is far better than WhatsApp, but it still is quite vulnerable.
In Germany, Generals connected to an unsafe WiFi and their whole secured conversation was published by the Russians.
The people in the white house don't need to be in a messaging app to leak things to Putin, they do that constantly every day directly and have for their entire political career because he's working for them directly to turn the country into a puppet state
That’s a bit misleading. The generals in question failed to use an encrypted channel on Cisco Webex confrencing platform and was intercepted. Signal uses advanced encryption methods. If you have a misguided chat participant that will always have the potential to open up insecurity.
It would be great if system scans were apart of the signal package but that’s a bit farther then their current domain…It’s still possible to check for these spywares with current projects like mvt and others - but it requires backing up the device initially.
Anyway, it sounds to me like you're tragically unaware that China hacked most of our telecom companies a few months back. This leaves them open to SS7 attacks, metadata collection, and even potential OS breaches. So the CORRECT answer here is no.
This is nice and it is using the latest in encryption which is nice. The Kyber add on makes me feel better about it but this still isn't "uncrackable" so to speak. It's still prone to several forms of attack.
Cell provider? Sure. Just about everything on your phone that isn’t plain SMS/voice is opaque to your cell provider. It’s all encrypted with TLS at the very least.
Root? If someone has root nothing is safe, which is why you DO NOT use personal devices for classified info like those fools did!
So if someone with malicious intent hacks a phone device to view it remotely would they be able to view everything being typed and sent on said device in signal, even though the signal app has end to end encryption?
But that’s the point. Regardless of how secure signal is, it’s not “secure”. Which is why we don’t use our private phones like this with sensitive information and instead sensitive discussions like this are supposed to take place in an official SCIF or gov secured phone.
Exactly. Signal can't control what happens on individual devices, no matter the OS. Screen grabs, keystroke recording, etc means there's no such thing as a "secure" commercial app.
Not to mention skirting the requirements for documentation on things like this for official records of what is happening in the government. It’s completely asinine.
That's true. It is. The answer to your question: None, zero, zip, zilch, nada. And it should *not* be used by senior govt officials to discuss classified material in an effort to circumvent the retention of federal documents, classified or not. There is no legitimate justification.
The issue with Signal is not its security. It would probably pass an assessment for use (like FedRAMP). Issue is that official government data is not being stored, so there’s no record. Destroying records is illegal. No records means you can’t audit or investigate. Far worse an issue here.
Signal's servers may be 100% secure. I can't speak to that. The consumer model phones, tablets, and computers used to access it are quite vulnerable. Thus the risk. And retention of federal records is an additional problem.
There’s always a risk. But the government uses commercial software all the time. I know, because I use it. Different departments have different rules. They should in no way be using Signal for those purposes. I think the retention issue is bigger, because now you can’t see what they’re doing. Ever.
I can't speak to other departments. What I can tell you is that every piece of commercial software that DOD deploys, for classified and unclassified systems is thoroughly tested. In advance. Updates are, too. I know this because I used them.
Yeah, so you get the security audit process, and that if Signal is compromised, it’s got nothing to do with the software, but the device. Either way, we both know Signal is not approved at all for these uses. Just like we know there will be no consequences for it.
It's not about the (excellent in my opinion) app. It's about the illegal way it was used by high level defense authorities. Wake up world. It's the message NOT the messenger.
It's ok guys, it's not your fault the Secretary of Defense and National Security Advisor for the President of the United States are drunk texting national secrets to their buddies
Comments
Very unappreciative of the utter dolts ~running & decidedly ruining the USA, presently.
It's not just the APP or the "Plans".
My understanding the APP can't even be installed on an APPROVED device.
So they downloaded the APP onto their PERSONAL Samsung or iPhone or whatever and then used the PUBLICLY available cell/wifi/blutooth (?), none of which are secure.
#leak #signal #hegseth #war #musk #ssa #socialsecurity #trump
like dawg no one cares that we're bombing Yemen?
the continuing genocide by Israel?
literally all American politics is a soap opera directed by AIPAC
like how much of a dumbass coward cuck who funds the death of others do you have to be to try to say some shit like "they have it coming"
Regardless of Signal encrypting messages as they are sent, what if someone takes your phone where the texts can be viewed
Dumb, dumb, dumb.
Signal incident is likely not the first time something like this has happened. Just the first time it's gone public.
I'm afraid to think of what else has happened that we don’t know about.
Dumber.
She needs to be reminded she did this!
https://www.wired.com/story/russia-signal-qr-code-phishing-attack/ 6/
Also, FU for trying to make this about your brand
As I always say, if you have nation states actively in your threat model you’re gonna have a bad time.
Can a journalist "hack" into an group?
Having safe op-sec isn't as simple as just "using encryption" if you invite whistleblowers, people with dodgy op-sec, and idiots to your conversation, your information is bound to be leaked. What happened is Hegseth and crew are idiots.
Cyber security isn't even what apps your using, it's how you use them.
The end to end encryption of the app is top notch, however the device it is put on is not as secure, nor is it impervious to user faults.
-Mike Walz (probably)
I don't think you believe your own statement, and it's laughable you think the public does.
Point is, it happened on your watch precisely BECAUSE they thought they would get away with it.
We see you & oh, my.
Don’t make excuses for an incompetent administration. It isn’t a good look and will only further discredit your app.
But it is still a commercial program that was never designed to discuss national secrets, so the people using it for that purpose are misusing it, and they are the ones at fault.
That is a perfect description, but still might be unfair to middle schoolers.
„total waste of space“ was coming to my mind first
we're so fucked
What they are is an end to end encrypted chat application that doesn't now, nor will in the future, monetise your connections or content.
Unlike WhatsApp.
https://signal.org/blog/whatsapp-complete/ so much so that it was OWS who built whatsapp's encryption back in 2016
https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176/
So even if they were logging the messages they couldn’t read them. They’d essentially be doing the same thing the 3 letter agencies already do.
They’re actually working on a feature to remove the who sent it from public metadata
https://support.signal.org/hc/en-us/articles/360044737612-What-does-this-icon-mean
There’s nothing stopping the person on the other side from taking screenshots but that’s not a technology problem as much as a that person issue.
If you already did this, my bad. Been out of IT security for a long time.
https://github.com/signalapp
"I really do not care" 🙄
Example: Dude knocks on a woman's front door, asks to use the phone, says "I won't hurt you." The last part is probably a lie.
https://www.cbsnews.com/news/nsa-signal-app-vulnerabilities-before-houthi-strike-chat/
I tried to make this point separately: https://bsky.app/profile/desqatarian.bsky.social/post/3llad3il6s22x
Some users are just dumb or drunk.
Your moment in the spotlight to speak
Don't disappoint us 👁
Fair
But something still needs to get done about it
If they know who you are, it's not private.
You can side load directly or using adb with android devices.
The signal apk is readily available online and on alternate android app stores.
Not to mention the third party clients on computers that *do* allow you to register.
https://github.com/AsamK/signal-cli
…not that those rules are enforced consistently, but…
#Dowehaveasignal
At least it’s not billionaire owned, it’s non-profit.
There ARE people arguing that Signal is the problem, though, not our stupid govt. Signal is saying that their program works as intended. They carefully make no comment on the prez.
Regarding the presidential records act, they are as liable for the violation
Something they don't contest because they have no reason to, it's a matter of law.
The app can transmit the information savely.
But if only one out of 20 or so phones is compromised…
If the phones can’t be secured, then this utterly useless.
Maybe I should put up a neon billboard sign so senpai terrorist can notice me. Hmm...
Hmmmm......
Ok whatever Dude (yeah I’m sure you’re a dude)
Signal is cool for people
Having affairs or whatever but when it comes to NATIONAL SECURITY and WAR PLANS
Nah bruh Nah
And the people in this thread reading Signal's post as defending the regime clowns in any way is just bizarre.
Unlike the administration, I’ll say well I was wrong and I’ll do better going forward.
Grandma is sorry
As someone who's been using Signal for many years in organizing circles, seeing negative polarization seeming to happen about it kinda freaked me out a bit... :P
https://www.pcmag.com/news/russian-hackers-are-trying-to-break-into-signal-chats-pentagon-warns
This lecture isn’t the PRove you think it is
There's no reason to point fingers towards an encrypted, open-source messaging app, while your officials are ignoring their designated secured platforms.
If that's not raising questions, I'm not sure what will.
Delicious espresso / nut bar cat tax attached.
We know it's not YOU
https://www.nbcnews.com/now/video/report-pentagon-warned-employees-about-using-signal-235371589777
Anyway, here's the post from @meredithmeredith.bsky.social
https://bsky.app/profile/meredithmeredith.bsky.social/post/3llbvy3wa322e
For the blocking federal phone numbers thing, I don't see why it would make it less secure.
No real way to block that unless you expect them to keep an up to date list of the private phone numbers of every cabinet member…
This isn’t about you.
It’s about the American government using a non-approved app to conduct business, including highly classified operations.
And then delete the evidence.
I suggest you STFU. Lest you be tainted with the Barbra Streisand effect.
https://ssd.eff.org
Thanks for the much-needed chuckle.
https://www.splunk.com/en_us/blog/learn/vulnerability-vs-threat-vs-risk.html
But for government issues, they have special facilities for discussing "stuff".
Check this out
But we use SCIFs because e2e is useless if compromised.
It’s camouflage not body armor. If a 3 letter agency is already looking at you you’re cooked.
There are apps and sowtware for removing and change metadata, but nothing can change the device id.
The reason it should not be used for official communication is that it's cosumer-facing app. Your mom and high-school friend can use it.
The known Russian attacks on the app are not about breaking the encryption but about tricking users to share the decrypted messages.
So what is the benefit over something like Telegram or WhatsApp?
So it’s secure except if you invite the wrong people?
(Wondering if any of the war group chat have it installed, seems Vance’s style)
Especially since commercial software such as Pegasus exists.
Using Signal is far better than WhatsApp, but it still is quite vulnerable.
In Germany, Generals connected to an unsafe WiFi and their whole secured conversation was published by the Russians.
Had Iran gotten that information, this could have turned into a disaster…
However not really surprising if you hire a tv anchor and your billionaire buddy to work on foreign policy and military operations.
https://github.com/mvt-project/mvt
If you want to be ~100% sure your messages are secure, you'll need to move the plaintext handling to an airgapped device. Doable but a major pain.
Anyway, it sounds to me like you're tragically unaware that China hacked most of our telecom companies a few months back. This leaves them open to SS7 attacks, metadata collection, and even potential OS breaches. So the CORRECT answer here is no.
Root? If someone has root nothing is safe, which is why you DO NOT use personal devices for classified info like those fools did!
How much classified info do you want to share?
i would have thought the absolute basics would have been to use private messaging rather than messaging owned by big tech