4 comments

[ 3.1 ms ] story [ 21.1 ms ] thread
>"After the story published, Wolfe congratulated the reporter, using Signal, stating “Good job!” and “I’m glad you got the scoop,” the indictment said."

It's not revealed how the message content was obtained, but this seems to question the security of the application.

This says the messages weren't obtained, though:

> The government did not obtain the content of any of Watkins's messages

It seems like they just got the metadata. Signal has been minimizing the amount of data it collects, but I think someone like the FBI could still intercept metadata in transit. Moxie has talked before about how difficult it is to anonymize metadata.:

https://signal.org/blog/contact-discovery/

It doesn't help that Signal still doesn't support emails as usernames, but just phone numbers, though.

I think if you want to report something shady to the media, you really ought to use something based on Tor, like SecureDrop, OnionShare, stuff like that, and even then you have to be super-careful about your opsec. The SecureDrop developers seem to want to make that more foolproof with Qubes OS/Whonix integration:

https://securedrop.org/news/road-towards-integrated-securedr...

"Unfortunately, our website is currently unavailable in most European countries." -> Bravo, Switzerland is not in the EU.