"... the reality is that, as secure as the (Signal) app is, its not an appropriate platform for sharing highly confidential state information."
Signalgate explained: what is Signal, and how secure is the messaging app?
Date:
Thu, 27 Mar 2025 19:00:00 +0000
Description:
Signal is the most secure messaging app for your smartphone, but a recent
leak from a US government chat group has raised questions. So how safe is Signal and how do you use it properly?
FULL STORY ======================================================================
'Signalgate' continues to rumble on, with even more of the Signal messages
that were shared between Trump officials and, inadvertently, The Atlantic revealed today. But how exactly did this group chat debacle happen, and what does it say about Signal? We've answered all of this and more in our one-stop explainer about the app that's in the eye of a political storm.
With robust privacy credentials, Signal has long set the standard for secure messaging. But in the wake of those revelations that US government officials inadvertently added a journalist to a group chat where confidential military plans were discussed, there are fresh (and mostly unfair) question marks over how reliable the apps protections really are.
Signals reputation has made it popular with journalists, politicians and privacy advocates. Used correctly on an Android or iOS device, it can absolutely make your conversations more secure. Even so, its not a tool designed for sharing classified information.
So why have senior US politicians been using it for sensitive national
security communications? And how safe were those messages? Heres what you
need to know about Signal and how to use it properly for private messaging.
What is Signal?
Signal is a secure messaging app with end-to-end encryption
Its operated by the Signal Foundation, a non-profit organization
Open source code makes the platform more resilient
Signal is a messaging app that's available for iOS and Android devices. Like the best messaging apps , it supports cross-platform text, voice and video chats. What sets Signal apart is its robust privacy features: its regarded as the benchmark for secure mobile communications. Which makes Signalgate all
the more ironic, even though it has little to do with the app's technical security.
End-to-end encryption ensures messages can only be read by the sender and receiver, while open-source code ensures that there are fewer vulnerabilities for hackers to exploit.
Signal was created in 2012 by Moxie Marlinspike. Its now run by the Signal Foundation, a non-profit organization founded in 2018 by Marlinspike and WhatsApp co-founder Brian Acton. The Foundation relies on donations rather
than ad revenue to fund its services. That means users can enjoy an ad-free
and tracker-free experience, knowing that their data wont be sold to third parties.
In our in-depth Signal review , we noted that the app offers fewer bells and whistles than the more popular (and less secure) messaging apps. Instead, its developers have focused on creating a secure, minimalist communications tool.
Its this approach which has made it popular with everyone from whistleblowers and activists to journalists and privacy advocates, who favor its more secure architecture.
How safe and secure is Signal?
Used correctly, Signal is the most secure messaging app
Its only as secure as the devices sending and receiving messages
User error can compromise the privacy of group chats
Used correctly, Signal has the most robust privacy credentials of any major messaging app. It has the most layers of security at both the front-end and back-end. Messages themselves are deeply protected against hacking, while the app offers a toolkit to ensure communications are only seen by who theyre intended for.
So how did a journalist from The Atlantic end up on a group chat with US government officials, including Vice-President JD Vance and White House chief of staff Susie Wiles? Signal CEO Meredith Whittaker maintains that the app is the gold standard in private communication. Heres the challenge: as strong as Signals security features are, they are reliant on the end user understanding how they work.
This incident was not really a failing of Signal. The journalist in question did not infiltrate the group chat through a backdoor. Instead, a member of
that chat which included 18 people unintentionally but actively added the reporter to the group, who was then privy to sensitive messages discussing
air strikes in Yemen.
Any group chat is only as secure as its members. Even with disappearing messages enabled, there is a window in which anyone in that group can read them. By mistakenly adding the journalist to the group, the US official
became responsible for compromising its integrity.
Some voices have criticized the fact that the app allowed this, but the
option to add a contact to a chat is a core function of group communications. The fault here doesnt lie with Signal the reality is that, as secure as the app is, its not an appropriate platform for sharing highly confidential state information.
Whats more, messages sent on Signal are only as secure as the device that is receiving them. If a smartphone is compromised or left unlocked, all of the Signal messages on that device can be read. There is also nothing to prevent someone simply reading messages over your shoulder.
Matthew Mittelsteadt, a technology policy research fellow for the Cato Institute, said as much in a statement emailed to CNN . Messages may be
secure when they are in transit between phones, but once they reach the recipient, security can indeed fail.
This is why the use of Signal by top US officials fell far short of
government security protocols. Data expert Caro Robson, quoted by the BBC , said communications like these would usually take place on a very secure government system that is operated and owned by the government using very
high levels of encryption.
While officials from the Trump administration have claimed that none of the information shared was classified, a memo from the Defense Department circulated in 2023 and obtained by NPR banned the use of mobile apps for "controlled unclassified information." Since the leak, the Pentagon has issued an advisory prohibiting the use of Signal even for unclassified information.
National Security Adviser Mike Waltz has acknowledged the failing. Speaking
to Fox News, he described it as embarrassing and took full responsibility.
How does Signal work?
Signal uses open-source, end-to-end encryption to secure messages
The Signal Foundation doesnt monetize user data or sell ads
User features are designed for security, including personal PINs
Signal offers greater security in three key ways. The first is through end-to-end encryption, which means messages are scrambled in transit, then decoded when delivered to the intended device. No-one else can read these messages, not even Signal.
While other messaging apps also offer end-to-end encryption, Signals is more secure because its open source. Not only does this make the platform more transparent, but it also allows absolutely anyone to examine the code for potential vulnerabilities. This community scrutiny makes it more likely that problems are found and fixed before hackers can exploit them.
Then there are the Signal Foundations principles. The app itself collects
less user data than other services, with message history stored on user
devices rather than Signals servers. Of the very limited information that is collected by Signal, none of its is monetized: as a non-profit, the
Foundation relies on donations rather than advertising revenue. That also
means users wont be tracked or encounter ads on the platform.
Finally, there are the safety features integral to the user experience. These include a personal PIN to secure your profile and the option to hide your
phone number. Every one-to-one Signal chat also has a safety number, which
can be used to verify that youre communicating with the right person. In addition, you cant be added to a group chat without giving your express approval.
How to get started with Signal
The Signal app is available for iOS and Android devices
Setup requires a phone number to receive a verification call or text
Privacy features include personal PIN numbers and disappearing messages
Getting started with Signal is pretty easy the app is free to download from the App Store for iOS devices and the Google Play Store for Android smartphones. To create an account, you need a phone number which will be verified by phone call or text message. Once youve set up your account, your number will be hidden from other Signal users by default.
The app's interface and basic functions will be familiar to anyone who has
used a messaging app such as WhatsApp, Messenger or Telegram. Tap the pencil icon to start a one-on-one or group chat. Within a chat, you can share messages, photos and voice notes. You can also tap the phone or camera icons
to start voice or video calls.
If youre keen to secure your messages, there are a few more advanced features to explore and configure. A Signal PIN can be used to recover your profile
and settings on a different device. Its configured by going to Signal
Settings, tapping Account then selecting Change your pin.
Signal also encourages users to verify Safety Numbers . These are generated
for every one-on-one chat to confirm that youre sending messages to the right person. To view a Safety Number, open a chat, tap the header and select View Safety Number. To verify it, you would ideally compare numbers with the recipient in person. Otherwise, you can share it using a trusted channel.
Disappearing messages add an additional layer of privacy. After a set period of time, the contents of messages are no longer visible, whether theyve been read or not. You can set a default timer by going to Signal Settings >
Privacy > Default timer for new chats. You can also configure timers for specific chats. Just go to chat settings and select Disappearing messages.
Signal also offers features to keep your communications activity hidden.
Screen Security stops a preview of Signal appearing when you switch apps. You can enable it by heading to Settings > Privacy and selecting Screen Security
on Android or Hide Screen in App Switcher on iOS.
In addition, you can hide Signal calls from your devices call log. This is enabled by default, but to double check, head to Signal Settings > Privacy
and look for Show Calls in Recents.
Finally, to manage the visibility of your phone number, go to Signal Settings
Privacy > Phone Number and tap 'Who can find me by my number'. To set up a
unique username that you can use instead of your number, go to Signal
Settings > Profile.
Even with all of the above features enabled, remember that your Signal communications are only as secure as your smartphone itself. To avoid a leak
of information like the US government suffered, be sure to activate your devices full set of security features, keep it locked with a passcode when
not in use and dont access sensitive messages in public.
======================================================================
Link to news story:
https://www.techradar.com/computing/websites-apps/what-is-signal-signalgate-ex plained
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)