Latest news with #OpenWhisperSystems
Forbes
28-03-2025
- Forbes
Signal Messenger: A Powerful Tool—But Not A Magic Bullet
If you're keeping an eye on cybersecurity—or, frankly, the news cycle—you've likely heard of Signal. The encrypted messaging app has long been the go-to choice for journalists, activists, and privacy-conscious users. But it recently found itself thrust into the political spotlight for a very different reason: a scandal involving Trump cabinet and government officials using Signal to discuss sensitive, debatably classified, military operations—and inadvertently looping a journalist into the conversation. This eyebrow-raising breach of national security has also became a cultural moment for Signal. News of the incident exploded across media outlets and social platforms, prompting a dramatic spike in Signal downloads as the public's curiosity about encrypted communication tools reignited. Yet buried in the noise is a more nuanced truth: while Signal is a phenomenal app for private conversations, it's not invincible—and it was never meant to be used for classified or mission-critical communication. Signal's story begins with a commitment to privacy at its core. Created by Open Whisper Systems and later championed by the nonprofit Signal Foundation, Signal emerged as the brainchild of cryptographer Moxie Marlinspike. By pioneering the Signal Protocol—an open-source end-to-end encryption framework—the team paved the way for stronger privacy across the broader messaging ecosystem. In fact, the Signal Protocol is also used in apps like WhatsApp, Skype, and Facebook Messenger for their encrypted messaging modes. But unlike many tech solutions, Signal isn't built to generate profit or harvest data. Instead, it operates thanks to grants, donations, and its dedicated user base. This nonprofit, open-source approach fosters trust and transparency. Anyone with the skills can audit the code, examine its encryption protocols, or contribute to its evolution. 1. End-to-End Encryption Signal's flagship feature is its end-to-end encryption (E2EE), which ensures that only the sender and the recipient can read the messages—no middleman, including Signal itself, can access the contents. That's a significant layer of protection against interception or surveillance. 2. Disappearing Messages Users can configure messages to self-delete after a set amount of time, limiting the risk of sensitive conversations sitting idle on a device. While it's not foolproof—screenshots, backups, or physical access can still expose information—it adds another layer of protection. 3. Metadata Minimization Signal goes to great lengths to reduce metadata, the often-overlooked byproduct of digital communication. It doesn't store message contents or contact logs and employs techniques like sealed sender to further obscure traffic patterns. Still, complete metadata invisibility isn't technically possible. Signal isn't just popular among tech-savvy users—it has earned the trust of people who have the most to lose from surveillance. Investigative journalists, political dissidents, whistleblowers, and human rights activists rely on Signal to protect sources, organize efforts, and preserve anonymity. It offers peace of mind in countries where expression can carry dangerous consequences—which is also why it is currently gaining popularity in the United States. At the same time, its clean, intuitive design makes it equally attractive to the average consumer looking to escape the surveillance economy. There's no advertising, no data profiling, and no creepy targeted content. Just encrypted chat, voice, and video calling, available on Android, iOS, and desktop computers. Despite its strengths, Signal is not a silver bullet. And as the cabinet official scandal shows, misusing even the best tools can have serious consequences. 1. Metadata Leakage Through Network Observation While Signal tries to obscure user metadata, internet service providers and global surveillance networks can still glean behavioral patterns—such as when you're online, how often you message certain contacts, or your physical location based on IP address. These breadcrumbs can be surprisingly revealing. 2. Device Compromise Nullifies Encryption Signal's encryption is only effective if your device is secure. If your phone is compromised—whether via malware, spyware, or someone gaining physical access—attackers can read decrypted messages directly from the screen or memory. Pegasus-style spyware doesn't break encryption; it sidesteps it entirely. 3. Human Error Remains the Weakest Link Signal can't save you from yourself. Reusing weak passcodes, falling for phishing attempts, or accidentally adding the wrong participant to a group chat (as seen in the 'SignalGate' incident) can all undermine even the most secure platforms. 4. Not Fit for Classified Government Use Encryption is just one aspect of securing sensitive or classified communications. Government protocols require strict chain-of-custody procedures, specialized hardware, and compliance with classified handling frameworks—none of which Signal is designed to support. While it's 'secure enough' for everyday communication, it is not certified for handling state secrets, and treating it as such introduces significant national security risk. It's easy to conflate privacy with invulnerability. But cybersecurity doesn't work like that. No app can completely remove risk. Even Signal's creators have been candid about the platform's limitations. They've engineered it for everyday privacy—not espionage. That doesn't mean you shouldn't use Signal. In fact, you probably should. It's one of the most secure and ethical options for personal messaging on the market. But treat it as one piece of your security toolkit—not the whole kit. Use strong passwords. Keep your OS updated. Pair it with a VPN if you're especially cautious. And if your communication involves trade secrets or government intel, follow the channels designed to handle that level of sensitivity. The Signal controversy is a case study in how the best tools can still be misused—and misunderstood. Encryption protects content, but not context. Signal doesn't grant anonymity, and it certainly doesn't grant impunity. The viral attention and surge in app downloads after the 'SignalGate' scandal highlight a paradox: as more people become aware of digital privacy, fewer understand its limits. Signal remains a standout success in the push for privacy-respecting technology. Its open-source ethos, commitment to user security, and accessibility make it an essential tool in today's digital landscape. But it's not built for every purpose—and certainly not for classified operations. With heightened digital surveillance and eroding privacy norms, the real challenge isn't finding 'unbreakable' tools. It's developing digital literacy about the tools we have. Encryption is critical—but so is understanding its boundaries. Signal offers privacy. You have to bring the security mindset.
Yahoo
25-03-2025
- Business
- Yahoo
What to know about Signal, which the Pentagon previously discouraged workers from using
As the White House comes under fire for allegedly using Signal to discuss sensitive foreign policy plans, the encrypted messaging platform has now come into the spotlight. Although the government has officially discouraged federal employees from using the app for official business, it has become a crucial tool for many businesses, tech enthusiasts and the public for sharing messages securely. Signal was launched in 2014 for iOS devices by a non-profit group, Open Whisper Systems, which offered users free encrypted calls and one year later, encrypted instant messaging. Encryption disguises data and information so that only those who send and receive the messages can read them. An Android version of the app launched in 2015. Both versions are free to download in the app stores. "Signal is designed to never collect or store any sensitive information. Signal messages and calls cannot be accessed by us or other third parties because they are always end-to-end encrypted, private, and secure," the company said on its website. MORE: Leading Democrats react to Trump administration inadvertently sharing highly sensitive war plans Representatives from Signal Technology Foundation, the parent non-profit that operates the app, didn't immediately respond to ABC News' request for comment. The app registers users through their phone numbers, similar to WhatsApp and iMessage, and provides several options, including disappearing messaging and protection from screenshotting messages. Signal has touted that it does not give user data to corporations and other entities. Encryption keys for Signal messages are stored on the user's devices and not on its servers. The apps grew in popularity among smartphone users and have been promoted by various figures in the tech community, including Edward Snowden. Despite its growth, U.S. government officials have been wary of members using the app for official business. The Pentagon's internal watchdog criticized a former official's use of the Signal app in 2021, calling it a breach of the department's "records retention policies" and an unauthorized means of communicating sensitive information. The report, which focused on Brett Goldstein, a former director of the Defense Digital Service, found that Goldstein violated department policies by using Signal "to discuss official DoD information" and encouraging subordinates to communicate with him on the encrypted messaging app. "Signal is not approved by the DoD as an authorized electronic messaging and voice-calling application," the report asserted, adding that "the use of Signal to discuss official DoD information does not comply with Freedom of Information Act requirements and DoD's records retention policies." Goldstein had already announced his plans to depart government service by the time the report was published. According to the report, Goldstein lobbied the department's legal office to allow him to use the app. "We recommend that the Secretary of Defense take appropriate action regarding Mr. Goldstein's use of the unauthorized electronic messaging and voice-calling application," the report concluded. During a Senate Intelligence Committee hearing Tuesday, Democratic Sen. Mark Warren grilled CIA Director John Ratcliffe about his participation in the Signal chat. Ratcliffe said he was in the chat, but claimed many in the agency are approved to use Signal. "One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA as it is for most CIA officers. One of the things that I was briefed on very early senator, was by the CIA records management folks about the use of Signal as a permissible work use. It is that is a practice that preceded the current administration to the Biden administration," Ratcliffe testified under oath. Ratcliffe, and the other intelligence officials who testified, did not provide more details about the government's use of the app or approvals to use it. As of 2024, the app has 70 million users worldwide compared to the 12 million who used it in 2020, according to the app tracking site Business of Apps. In 2023, the non-profit, which is funded through donations and a $50 million investment in 2017 from WhatsApp co-founder Brian Acton, said in a blog post it required $50 million a year to operate in 2025. "Our goal is to move as close as possible to becoming fully supported by small donors, relying on a large number of modest contributions from people who care about Signal. We believe this is the safest form of funding in terms of sustainability: ensuring that we remain accountable to the people who use Signal, avoiding any single point of funding failure, and rejecting the widespread practice of monetizing surveillance," the company said. ABC News' Luke Barr, Cherise Halsall and Nathan Luna contributed to this report What to know about Signal, which the Pentagon previously discouraged workers from using originally appeared on
