Ask HN: Is Washington Post correct in saying Signal is unsecure?
https://www.washingtonpost.com/national-security/2025/03/26/trump-signal-chat-war-plan-texts-released/
By Alex Horton and Missy Ryan
"the conversation that occurred over an unsecure, commercially available messaging platform."
My understanding has been that Signal is actually well out ahead of other platforms in terms of respecting user privacy, so this seems confusing to me. Has Signal failed an audit that I'm unaware of?
109 comments
[ 3.2 ms ] story [ 202 ms ] threadIf your threat model is "local cops" or "nosy people" then Signal seems very secure. If your threat model is "Enemies of the US" then honestly... nothing short of a SCIF is going to cut it.
It's some website https://simplex.chat/ with some claims about privacy because they don't use user ID:s (uh).
Do explain to me why anyone should trust this sus russian project [1] over the well regarded Signal?
1: https://find-and-update.company-information.service.gov.uk/o... (proof of russian natinality of Evgeny Poberezkin)
https://news.ycombinator.com/item?id=41381204
From this perspective, all phones are insecure. Classified government stuff isn't ever supposed to be on commercial smartphones in the first place.
The kind of security Signal provides is sufficient for people who aren't active targets of foreign states.
Locking her up would have set a far worse precedent, and I think that the other norm-breaking behavior of the current administration does not support the idea that prior punishment of past administration members for insecure data management would have led this administration to more secure data practices.
Using Signal is still against all rules, but at least it’s not unencrypted.
It proves that all governments bypass monitoring of their communications, even Google’s CEO when they discussed by auto-deleted chats.
Like Signal?
>> Mike Waltz set disappearing message time to 4 weeks [0]
[0] https://www.theatlantic.com/politics/archive/2025/03/signal-...
But at this point disappearing message is more like limiting how bad this behavior is rather than aggravating circumstances.
I mean he's wrong to be using that setup but if using it I much prefer those illegal messages not be present anymore when he loses his phone or something.
Sufficiently so, so that a judge ordered immediate retention.
But the thing about desktop computers is that they're not connecting to cell towers all the time. So if WiFi is disabled too as a precaution, and they're only connected to private secure networks via Ethernet and not the internet, you can consider them secure in terms of protecting classified secrets.
It wasn’t long ago that we were subject to stringent military standards for hosting these networks on site but once they came through, there was never any re-certification.
Signal forces us to use Android or iOS. Doesn't it look suspicious? I would happily use it on my desktop with Qubes OS, but I can't do it without a much less secure smartphone.
As much as I want to say "screw the developer's nonsense, just compile it yourself and do as you please" honestly why bend over backwards to use such a platform when solutions such as Matrix are available?
This strikes me as setting the conversation to be whether it's 'secure', and can then everyone can discuss that part - instead of the fact that's not where or how that conversation should have been happening at all.
"unsecured" as in "not a secure comms system managed and approved by the NSA", which for the US government is normally considered a bad thing.
for normal people who don't want the NSA to be managing their comms then Signal is approximately the best possible choice, along with not being a fucking idiot while using it.
What will reporters use moving forward? Facebook messenger? /s
But actually, I imagine there's significant friction to using a new "hyper-secure application" after the encrochat debacle.
This is like that, except the government and the type of people on the list are even better targets for their personal devices. The government has strict rules about secrecy and communication for military operations, and strong punishments for not following these protocols, because they can lead to a loss of life.
This is a different sort of "unsecure". The platform itself may be "secure", but the device, being in public where someone could take a picture of military secrets, etc. isn't.
https://xkcd.com/538/
Also, even for corporate-managed devices, as an example, Meta has specific requirements and procedures for taking devices to and returning them from contentious places like mainland China.
Presumably within Signal, there are plenty of weak points. And certainly Signal's ability to modify their app as they please doesn't fit within the OPSEC guidelines.
The question is: why would one of the most powerful militaries on the planet use a consumer app, regardless of its reputation ?
And the answer is: because the Trump administration is compromised.
By whom, exactly? Who benefits? Russia, somehow?
It seems more likely that the administration officials fear being monitored and their conversations leaked by staffers, and they wanted to avoid official recordkeeping requirements. The former may have some merit (though I doubt anyone is going to leak plans to attack Houthis, regardless of their feelings about the Trump administration), the latter is likely illegal and deserving of investigation.
Lately I've been wondering if its Israel or Saudi Arabia
For small vetted group top secret conversations by a sophisticated organization, it makes more sense to have something where inviting anyone who hasn't already been brought into the magic circle with physical interaction is simply impossible. If technically unsophisticated users are important, ideally one would have fully vetted tech support who will be monitoring all participants and doing the verification work for them. All managed via central systems and heavily walled off with multiple layers from crossing between high and low sides. If they want to talk to the general public, they should use physically different devices. Worse scaling, far more friction, but that's OK for top levels of a big organization in the context of extremely sensitive information.
Signal is a tool and a decent one, but no tool is good for absolutely everything and trying to use a hammer as a saw isn't a defect in the hammer it's a problem with the user/organization trying to do something so foolish.
That being said, the Signal non-profit entity is located in the US, so probably subject to the same risks as WhatsApp and Messenger; namely US courts compelling them to share data.
Any entity that operates in the US has to abide by US laws, after all. Probably not a concern for US citizens since they're allowed due process but creates risk for non-Americans looking for a truly secure messenger, especially if they live in a place that is currently at odds with US policy (Canada, Europe).
Are you claiming that Signal running on consumer iPhone and Android devices where Pegasys and 0-days are for sale is secure?
Are you claiming that it's secure to conduct classified business on a platform where you can add anyone to the conversation without the appropriate documented approvals?
I do know that the Signal algorithm is considered among the most secure, and has been considered the safest option for political dissidents, journalists, etc...
I also know some governments do use commercially available messengers (and OSes, and phones).
The CIA director also seemed to indicate that Signal was installed on all their phones.
Christ people, at work if I send some emails without encryption I would be fired. If I knowingly tried to get around records laws I would be fired.
The amount of motivated reasoning, just to excuse anything these incompetent and WILLFULLY bad at their jobs shitheads do is infuriating.
There are multiple public price lists for 0days, Crowdfense currently has iOS full Zero Click Full Chain listed as $5m-$7m
And thats a long way to say - thats correct, its insecure. For the price of $7m any adverse of the US (or friendly country, who cares) can read all these government messages (who knows how many more Signal groups exist without the Atlantic editor)
That would be the cheapest way to get US confidential information in the history of spy agencies. The NSA budget is $10B per year
The assumption of anyone should be - everything in my iPhone and Android phone can be read for $7m. The conversations im having in front of my iPhone can be recorded for $7m. Then the only question left is - is the information worth more than that
If the answer is yes, assume your phone is compromised and only talk near it / message using it, information you understand will become public
The coverage of this story has felt a lot like it's being used as an excuse to trick people into believing that Signal is nOT a sECuRe mESsAGing APp to discourage regular people from using it.
The gist is that there are potential threats that any end-to-end encryption cannot fully protect against. Signal is a good provider of that encryption, but there are other considerations to protect highly confidential data, and Signal often lures non-technical users into disregarding those.
Not something the average Jane needs to worry about, but people discussing military action should.
Edit: if Jane's phone gets hacked, they're going to swipe her credit cards and send messages to all her whatsapp contacts asking to borrow money urgently and here's a convenient Revolut link*. Not exfiltrate her Signal messages.
* whatsapp thing is for real, the latest scam making the news around where I am.
An obvious attack on Signal is to get one of your people a job working there, or to bribe/blackmail and existing employee, and have them install a backdoor or other exploitable code (maybe a secret weakening of the encryption?).
(I'm not defending the Trump administration's law-keeping in general. I'm asking about this specific set of communications.)
The Vice President of the United States cannot use Signal "disappearing messages" to correspond with anyone for any purpose.
What you say is true. But if a technique makes it so that 1) they don't preserve a record for the future, and 2) they do leak (or risk leaking) information that can kill service people, I personally care more about #2.
(Ironic that, in trying to not leak to future investigators/prosecutors, they increased the risk of leaking to foreign adversaries. Shows which threat they're focused on.)
And they could do all that without even knowing it, just by using a compromised toolchain.
Long story short, unless the SW (the app, the OS, the toolchains) and the HW have been audited, you have no idea what's going on.
Spyware like Pegasus [0] has been able to use zero-click exploits to penetrate target phones and read messages as though they were the phone's owner.
The US has the best SigInt capacity in the world. The leaders of the US government know that phones are not secure against sophisticated adversaries and they know that we have very sophisticated adversaries. It's deeply troubling that so many of our leaders were so comfortable discussing Secret level plans in such a reckless and illegal way, and it's extremely likely that hostile adversaries have fly-on-the-wall level access to extremely sensitive US planning.
[0] https://en.wikipedia.org/wiki/Pegasus_(spyware)
How can anyone, including the top SigInt people in the US, know that? It has surely always been part of the principles of good spycraft that, if you've got fantastic SigInt (or other -Int) capabilities, then the best way to take advantage of them might be to make sure that nobody else knows about them.