Signal is located in the USA. I can't imagine that the US government is really happy with it. So the question is how long their independence will last.
Give the agencies access to what? Like WhatsApp messages are end-to-end encrypted and unlike Meta Signal hardly stores any metadata.
Very far, basically FUD Until US secures their telco CISA, the US gov agency, actually recommends Signal for time being
Agreed. The only 'proof' I've seen so far was a compromised phone, no encrypted app is going to protect your from that..
Seems like Signal is very popular in the US at the moment. Ah well, we all make mistakes I guess https://www.theregister.com/2025/03/24/trump_signal_leaks_houthi/ Signal co-founder Moxie Marlinspike couldn't hide his glee. https://x.com/moxie/status/1904271189427802543 (no sign up needed to view)
In some sense were partially right: Signal gave jurnalist access to CIA Director and Director of National Intelligence confidential correspondence
I agree, but Signal is not an approved government platform for classified information so this would be illegal. And they enabled disappearing messages, which is a violation of the federal records laws. Also wondering if they used their private phones for this
I get that Signal is not "gov approved" but it is encouraging to me that these powerful folks think using Signal for communication is relatively safe. By that I mean that I use and enjoy Signal for my needs with friends and family. I am aware of its settings and have it locked up pretty well. Main point of this post is that for most of us its secure as can be. So here is the thing and its reality. The NSA and Pegasus 2 can easily get inside of any Android or IPhone -- established fact really. Signal is solid but when a super power controls the microphone, camera, and keyboard clicks there isn't much secret. Very few of us will rise to the top of the wanted list to be monitored in this way. e.g. - watch the Tucker Carlson youtube about how they went in his phone, which had Signal on it, but Signal was just flat out bypassed by Pegasus.
That's what I wondered about as well. Why do they assume that Signal is safe? It's probably just as vulnerable as WhatsApp. The problem is that mobile phones can't be secured as easily as PC's, where you can at least install anti-exploit tools.
And the scandal gets even bigger, these guys don't seem to care about security. So basically, with this info, hackers can probably easily hack mobile phones by exploiting apps like Signal and WhatsApp via zero days. https://www.spiegel.de/internationa...online-a-14221f90-e5c2-48e5-bc63-10b705521fb7
Normal everyday folks just call or text using Signal but I will demonstrate how you COULD go if you wanted to: In the hands of a true security buff that spends time learning Signal well, the posted link and thoughts above don't apply at all. My group of inner circle contacts are an example (Before I proceed know that I/we do the following just because I/we can and not because there is a true need). There are no contacts to be had on the internet unless a careless crumb is dropped. You can use a VOIP/anonymous phone number to register with Signal assuring the connection is properly cloaked while the exchange happens - very easy stuff. You will never need that phone number again once the account is registered so you can lose it if you want to. Then we establish contact via USERNAMES, which signal allows us to create and rotate as needed. Before setting up usernames any display of our phone numbers is completely and totally removed from the app ever showing them. In other words there are no phone numbers ever used in the communications --- EVER. An invitation is sent with a "username" which is the only way to contact one of us INITIALLY. When an initial contact responds then a method "outside of signal" is used to confirm its the actual contact. Won't reveal our method but you can see its easy to do IF you truly know the individual. Once a contact is confirmed then we use a feature in Signal called "View safety number", which is a hash showing numbers that both sides have to confirm to VERIFY the specific contact. Once both sides confirm the numbers match, independent of each other, then a VERIFY is set. Signal will flag any change in the contact info IF something changes at all. A new phone, impersonator, etc.... will always get immediately flagged by Signal. Then its up to us to again verify before proceeding. Its math so it never fails or sleeps - always watching and protecting the groups. To protect IP leaks the Signal relays are bounced off of or used. e.g. - If I setup a group I will make myself an Admin and will take TOTAL control of who can be added or deleted. An individual can delete themselves but has ZERO control outside of their own device contact. As an Admin I can know there is no accidental leakage to a foreign (outside of the group) contact. Not even possible since Signal and my Admin stats regulate it completely. Of course should a traitor have managed to get in your group they could copy and paste from their personal device and go outside signal to paste information. Clearly the goal is to make sure you don't have that Traitor penetrate the trust cycle needed here. Duhhhhh! I rotate usernames very often so keeping my username has no value except to gain access to the Signal exchange of contact needed initially. If I send an invite and someone is added using my username as contact I immediately generate another username in Signal for my account. This is a slick method since there is no phone number and immediate rotation is a snap. Even when calls happen there is no phone number. My signal phone calls the contact via the established connection to the receiver who will answer and the call goes just like any other call --- BUT -- not using a phone number. Sounds complicated but its totally seamless to me. Every user has a place to edit the name for a contact but the info STAYS only on their device. So my name could be on their device or whatever helps them to identify me quickly. By observing the verified contact flag all can rest assured it is ONLY someone in the circle of trust that has access to whatever you are going to do on Signal. Plus I really like that my Phone provider does not see that any of these calls or texts are even being made at all.
