Think about it: A privacy‑focused app the government dislikes used by activists and dissidents gets dragged into a scandal it didn’t technically cause and that scandal becomes political justification for scrutiny and possible investigation
When something protects privacy, shields activists, can’t be surveilled, and is widely used by people the government considers “enemies,”
then any incident, especially a dumb mistake by a public figure becomes an opportunity to push the narrative that “its bad”
Hegseth literally invited a journalist into a private Signal group. The app didn’t leak. He did.
But the public takeaway is shaping up to be:
“Signal is unsafe.”
Activists, dissidents, and “uenemies” use Signal heavily. When an app becomes central to organizing or communication for groups the government dislikes, it moves up the target list.
TL:DR, “This scandal feels like it’s being weaponized to smear Signal and justify government pressure
I’m not an expert but I’ve got a friend of a friend who works in digital security (to the point where he applied to CSIS and boy is that an interesting different story) and I was asking him about Signal.
He seemed to be very confident that Signal’s code is completely public, that if it had secret backdoors or whatever people would know.
He also confirmed that while Signal may be secure (not a statement he made definitively) your phone very likely isn’t, so it’s a moot point.
Personally I don’t think that Signal is unsafe now, but the key people involved in its development are all within easy reach of the US government. Historically they’ve also been hostile to distributing the app anywhere but Google and Apple’s official app stores, and of course both of those companies are likewise within easy reach of the US government.
The things you mentioned make the app less than safe. Also:
- you must sign up with a phone number
- messages are e2ee, but server admins can see message metadata. You can make a lot of progress if you can see who is associating with who. You might even get access to their messages later on if you can get into their device.
- app admins have been weird/disabled the ability to roll your own server
Your message content may be e2ee, but there’s still a good amount of useful info that US authorities can access.
You might even get access to their messages later on if you can get into their device.
I agree with the rest, but this one seems kind of pointless. If an attacker has gained access to my device, it doesn’t matter at all how secure my software is, if it’s usable by me then it’s also usable by the intruder.
This is true, and also depends on your threat model. My point was if you’re doing some very cool stuff that’s going to be investigated by a US aligned government, it’s worth thinking beyond the message content when it comes to opsec.
You don’t have to use a phone number anymore, it just makes it more convenient since then your contacts will automatically show up and such.
Appreciate the updated info!
That’s wrong, you still need to sign up with a phone number, it’s just that you can now choose to be discoverable only by a username rather than allowing others to find you by phone number.
Appreciate the updated info!
Thanks for the correction, I already had an account set up and thought you could sign up with just a username now.
Are you talking about the time the US government invited a former IOF torturer and basically der sturmer mouthpiece to their chat where they celebrated murdering Yemeni civilians? The thing back in March? If so, why bring it up now?
Anyway the real scandal is that they murdered Yemeni civilians and Yemeni fighters who were fighting to oppose isntreal and the US’s livestreamed Holocaust in Palestine. “leaking government secrets” doesn’t matter, fuck America, leak more secrets. The problem is that they murdered people in Yemen.
signal is CIA, the US gov or some thinktank recommends using it which means it’s 100% compromised
You should know: it wasn’t even signal, it was a way worse fork https://youtu.be/KFYyfrTIPQY
I found a YouTube link in your comment. Here are links to the same video on alternative frontends that protect your privacy:
I don’t think that people who haven’t engaged with what Delta Chat (particularly Arcane Chat dev ADB) and Graphene OS people have said about Signal should base their views on this in vibe-reads. It’s too technical.
Signal is not privacy respecting at all when it still requires a phone number for signups and there are no third party servers.
Their app also links with google play services on android (there is a degoogled release called Molly that I use instead of the main app).
The main benefit of signal is just having access to a un-facebooked WhatsApp that is easy enough to get other people on. I use signal for this reason.
People should check out GNU Jami as a p2p messaging application that requires no signup at all. Or just check out XMPP which requires no phone number or additional credentials besides a username and password.
deleted by creator
