Think about it: A privacy‑focused app the government dislikes used by activists and dissidents gets dragged into a scandal it didn’t technically cause and that scandal becomes political justification for scrutiny and possible investigation

When something protects privacy, shields activists, can’t be surveilled, and is widely used by people the government considers “enemies,”

then any incident, especially a dumb mistake by a public figure becomes an opportunity to push the narrative that “its bad”

Hegseth literally invited a journalist into a private Signal group. The app didn’t leak. He did.

But the public takeaway is shaping up to be:

“Signal is unsafe.”

Activists, dissidents, and “uenemies” use Signal heavily. When an app becomes central to organizing or communication for groups the government dislikes, it moves up the target list.

TL:DR, “This scandal feels like it’s being weaponized to smear Signal and justify government pressure

  • spectre [he/him]@hexbear.netEnglish
    19·
    6 days ago

    The things you mentioned make the app less than safe. Also:

    • you must sign up with a phone number
    • messages are e2ee, but server admins can see message metadata. You can make a lot of progress if you can see who is associating with who. You might even get access to their messages later on if you can get into their device.
    • app admins have been weird/disabled the ability to roll your own server

    Your message content may be e2ee, but there’s still a good amount of useful info that US authorities can access.

    • iByteABit [comrade/them]@hexbear.netEnglish
      9·
      6 days ago

      You might even get access to their messages later on if you can get into their device.

      I agree with the rest, but this one seems kind of pointless. If an attacker has gained access to my device, it doesn’t matter at all how secure my software is, if it’s usable by me then it’s also usable by the intruder.

      • spectre [he/him]@hexbear.netEnglish
        7·
        6 days ago

        This is true, and also depends on your threat model. My point was if you’re doing some very cool stuff that’s going to be investigated by a US aligned government, it’s worth thinking beyond the message content when it comes to opsec.

    • Inui [comrade/them]@hexbear.netEnglish
      8·
      6 days ago

      You don’t have to use a phone number anymore, it just makes it more convenient since then your contacts will automatically show up and such.