Latest news with #SignalFoundation
The Star
23-04-2025
- Business
- The Star
How secure is Signal, anyway?
SAN FRANCISCO: Signal, a popular messaging app, has come into the spotlight after reports that several senior Trump administration officials had used the tool to conduct war planning – inadvertently including a journalist in one message group and the wife, brother and personal lawyer of Secretary of Defense Pete Hegseth in another. The app, which was started in 2014 and has hundreds of millions of users, is popular among journalists, activists, privacy experts and politicians – anyone who wants to secure his or her communications with encryption. But the app's use by government officials resulted in multiple intelligence breaches that took place outside the secure government channels that would normally be used for classified and highly sensitive war planning. The incidents have raised questions about Signal's security and why government officials were using it. (Federal officials are generally not allowed to install Signal on their government-issued devices.) Here's what to know. What is Signal used for? Signal is an encrypted messaging application that is used to communicate securely. It encrypts messages from end-to-end, meaning that what a user says is encrypted on their device and isn't decrypted until it reaches the recipient. This method protects the message from being intercepted and read by anyone, including internet service providers, hackers or Signal itself, while it is in transit. Users can also set Signal messages to disappear after a certain length of time. Users who want their messages to disappear can turn on the feature in the settings for each of their individual chats. Who owns Signal? Signal is owned by an independent nonprofit in the United States called the Signal Foundation. It is funded by donations from its users and by grants. The foundation was started in 2018 with a US$50mil (RM218.90mil) donation from Brian Acton, a co-founder of WhatsApp, another messaging platform, which Facebook purchased in 2014. Acton left WhatsApp to start the Signal Foundation after disputes with Facebook, which is now known as Meta, about plans to make money from his messaging service. Acton joined Moxie Marlinspike, a cryptographer who designed Signal's security system, to create the Signal Foundation. The foundation is structured to prevent Signal from ever having an incentive to sell user data. 'There are so many great reasons to be on Signal,' Marlinspike, who stepped down from the foundation's board in 2022, wrote in a post on the social platform X last month. 'Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don't sleep on this opportunity.' Is Signal secure? Yes. Signal is widely regarded as the most secure messaging app on the market, because of its encryption technology and other measures designed to secure users' data. Its underlying encryption technology is open source, which means the code is made public and allows technologists outside the nonprofit to examine it and identify flaws. The technology is also licensed and used by other services, such as WhatsApp. That encryption technology has been key when Signal has been a target of foreign hackers. Russia has attempted to surveil when Ukrainians are using Signal, and in February, Google researchers said that Russian hackers had tried to hijack users' Signal accounts. While the second attack was effective, it worked by tricking users into adding rogue devices to their Signal accounts, not by breaking Signal's encryption. 'Phishing attacks against people using popular applications and websites are a fact of life on the Internet,' said Jun Harada, a Signal spokesperson. 'Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks.' In the event of a security breach, Signal is designed to retain as little user data as possible, so that minimal information is exposed. Unlike other messaging services, the company doesn't store users' contacts or other identifying data that could indicate how a person used the service. That doesn't mean Signal is the ideal service for communicating war plans. If a user's device is compromised, their Signal messages could be read – and using a government-approved communication system could prevent officials from inadvertently including a journalist in a war planning discussion. Is Signal safe for texting? Yes, generally, although users should be careful to vet new contacts, just as they might on any other social platform. And when adding people to their group chats, they may want to take an extra moment to make sure they've included the right contacts. – ©2025 The New York Times Company This article originally appeared in The New York Times.
Boston Globe
21-04-2025
- Boston Globe
How secure is Signal, anyway?
Advertisement Here's what to know. Get Starting Point A guide through the most important stories of the morning, delivered Monday through Friday. Enter Email Sign Up What is Signal used for? Signal is an encrypted messaging application that is used to communicate securely. It encrypts messages from end-to-end, meaning that what a user says is encrypted on their device and isn't decrypted until it reaches the recipient. This method protects the message from being intercepted and read by anyone, including internet service providers, hackers or Signal itself, while it is in transit. Users can also set Signal messages to disappear after a certain length of time. Users who want their messages to disappear can turn on the feature in the settings for each of their individual chats. Who owns Signal? Signal is owned by an independent nonprofit in the United States called the Signal Foundation. It is funded by donations from its users and by grants. Advertisement The foundation was started in 2018 with a $50 million donation from Brian Acton, a co-founder of WhatsApp, another messaging platform, which Facebook purchased in 2014. Acton left WhatsApp to start the Signal Foundation after disputes with Facebook, which is now known as Meta, about plans to make money from his messaging service. Acton joined Moxie Marlinspike, a cryptographer who designed Signal's security system, to create the Signal Foundation. The foundation is structured to prevent Signal from ever having an incentive to sell user data. 'There are so many great reasons to be on Signal,' Marlinspike, who stepped down from the foundation's board in 2022, wrote in a post on the social platform X last month. 'Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don't sleep on this opportunity.' Is Signal secure? Yes. Signal is widely regarded as the most secure messaging app on the market, because of its encryption technology and other measures designed to secure users' data. Its underlying encryption technology is open source, which means the code is made public and allows technologists outside the nonprofit to examine it and identify flaws. The technology is also licensed and used by other services, such as WhatsApp. That encryption technology has been key when Signal has been a target of foreign hackers. Russia has attempted to surveil when Ukrainians are using Signal, and in February, Google researchers said that Russian hackers had tried to hijack users' Signal accounts. While the second attack was effective, it worked by tricking users into adding rogue devices to their Signal accounts, not by breaking Signal's encryption. Advertisement 'Phishing attacks against people using popular applications and websites are a fact of life on the Internet,' said Jun Harada, a Signal spokesperson. 'Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks.' In the event of a security breach, Signal is designed to retain as little user data as possible, so that minimal information is exposed. Unlike other messaging services, the company doesn't store users' contacts or other identifying data that could indicate how a person used the service. That doesn't mean Signal is the ideal service for communicating war plans. If a user's device is compromised, their Signal messages could be read -- and using a government-approved communication system could prevent officials from inadvertently including a journalist in a war planning discussion. Is Signal safe for texting? Yes, generally, although users should be careful to vet new contacts, just as they might on any other social platform. And when adding people to their group chats, they may want to take an extra moment to make sure they've included the right contacts.
The Guardian
29-03-2025
- Politics
- The Guardian
Trump has managed to spin Signalgate as a media lapse, not a major security breach
When it comes to Trump-era scandals, the shameless responses to 'Signalgate', in which top administration officials discussing details of an impending strike in Yemen in a group chat without noticing the presence of a prominent journalist, should set alarm bells ringing for its brazenness and incompetence. In a particularly jaw-dropping exchange, Tulsi Gabbard, the United States' director of national intelligence, was forced to backtrack during a house hearing after she had said that there had been no specific information in the Signal chat about an impending military strike. Then, the Atlantic's Jeffrey Goldberg published the chat in full, contradicting Gabbard's remarks that no classified data or weapons systems had been mentioned in the chat. Signal is a messaging app founded in 2012 that allows users to transmit texts, photos, videos and documents, as well as make audio and video calls. It uses end-to-end encryption, which protects messages against hackers and cyberattacks via an extra layer of security. Several other privacy features, such as the ability to automatically delete messages, have made it popular among communities such as journalists and activists that frequently deal with sensitive information. Signal is run by the non-profit Signal Foundation and relies on donations to function, giving it a different business model than other encrypted messaging services such as Meta-owned WhatsApp. It does not track user data to the same extent as Meta and publishes its code to allow for public auditing of its security measures. Signal, like any messaging app, is still vulnerable to human error through methods like phishing attacks or spyware which can allow hackers to gain access to users' devices. The Signal Foundation's president called the addition of The Atlantic's editor-in-chief a user error rather than a problem with her app's security. 'My answer yesterday was based on my recollection, or the lack thereof, on the details that were posted there,' said Gabbard. 'What was shared today reflects the fact that I was not directly involved with that part of the Signal chat.' Then there was the US secretary of defense, Pete Hegseth who – staring straight down the camera – baldly stated: 'Nobody was texting war plans, and that's all I have to say about that.' The next day, Goldberg revealed that Hegseth himself had texted the precise timing of the attacks and the weapons systems to be used, specifically F-18 jets and MQ-9 drones. And Michael Waltz, the White House national security adviser, was left scrambling on live television as he was quizzed by a Fox News anchor on how Goldberg's number had ended up on his phone. 'You've never talked to him before so how is the number on your phone?' asked conservative television anchor Laura Ingraham. 'It gets sucked in,' Waltz, a former congressman and army special forces soldier, replied – without explaining how a number can get 'sucked in' to a phone. But despite all this, no one is really taking the prospects of an investigation seriously. At heart, this is about politics – and the fact is that Democrats simply don't have the votes or the sway to deliver a body blow to the administration at this point. It's unlikely that anyone will be punished. Donald Trump has told his aides that he doesn't want to give the Atlantic a scalp, and vice-president JD Vance responded forcefully during a trip to Greenland on Friday: 'If you think you're going to force the president of the United States to fire anybody you've got another think coming … I'm the vice-president saying it here on Friday: we are standing behind our entire national security team.' For decades, national security was broadly seen as the last bastion of bipartisanship in Washington, an area where Democrats and Republicans put aside their differences for a general consensus on supporting the national interest. Members of Congress on the intelligence and foreign affairs committees often maintained cordial relationships. There was also an understanding that big scandals could jump the partisan line, and lead to serious repercussions even with tensions between the parties at their highest. Scooter Libby, once chief of staff to vice-president Dick Cheney, was sentenced to prison after an investigation into the leak of the identity of covert CIA agent Valerie Plame. The Department of Justice under Barack Obama launched more Espionage Act investigations for leaking sensitive information than all previous administrations combined. And the FBI, of course, launched a years-long investigation into Hillary Clinton for keeping emails on a home computer server that ultimately may have helped sway the elections. 'It's not the hypocrisy that bothers me; it's the stupidity,' Clinton wrote in a New York Times op-ed on Friday. 'We're all shocked – shocked! – that President Trump and his team don't actually care about protecting classified information or federal record retention laws … What's much worse is that top Trump administration officials put our troops in jeopardy by sharing military plans on a commercial messaging app and unwittingly invited a journalist into the chat. That's dangerous. And it's just dumb.' Observers have remarked that the scandal would have been far greater if it had taken place at a lower level in the intelligence community. Mid-level officers and defence officials would all face far harsher blowback if they were caught divulging the kind of information that Hegseth sent into the chat, including the specific timing of the strikes and the weapons systems to be used. But the Trump administration believes that it can simply divert and divide public attention until there is a new scandal. That may be a winning strategy. Trump is to introduce tariffs this week that will probably dominate the news agenda for weeks. And his deputies are out on cable news every day, pushing back at the media for covering the scandal and suggesting that Goldberg somehow sneaked his way into the chat rather than being added directly by Waltz, the national security adviser. 'They have treated this as a media event to be spun rather than a grievous error to be rectified,' wrote Phil Klay, a military veteran and guest columnist for the New York Times. The early indications are that the Trump administration will skate through this scandal, crossing into new territory in Washington where even a major security leak can be repainted as the fault of the media for covering it. Andrew Roth is the Guardian's global affairs correspondent based in Washington DC
Forbes
28-03-2025
- Forbes
Signal Messenger: A Powerful Tool—But Not A Magic Bullet
If you're keeping an eye on cybersecurity—or, frankly, the news cycle—you've likely heard of Signal. The encrypted messaging app has long been the go-to choice for journalists, activists, and privacy-conscious users. But it recently found itself thrust into the political spotlight for a very different reason: a scandal involving Trump cabinet and government officials using Signal to discuss sensitive, debatably classified, military operations—and inadvertently looping a journalist into the conversation. This eyebrow-raising breach of national security has also became a cultural moment for Signal. News of the incident exploded across media outlets and social platforms, prompting a dramatic spike in Signal downloads as the public's curiosity about encrypted communication tools reignited. Yet buried in the noise is a more nuanced truth: while Signal is a phenomenal app for private conversations, it's not invincible—and it was never meant to be used for classified or mission-critical communication. Signal's story begins with a commitment to privacy at its core. Created by Open Whisper Systems and later championed by the nonprofit Signal Foundation, Signal emerged as the brainchild of cryptographer Moxie Marlinspike. By pioneering the Signal Protocol—an open-source end-to-end encryption framework—the team paved the way for stronger privacy across the broader messaging ecosystem. In fact, the Signal Protocol is also used in apps like WhatsApp, Skype, and Facebook Messenger for their encrypted messaging modes. But unlike many tech solutions, Signal isn't built to generate profit or harvest data. Instead, it operates thanks to grants, donations, and its dedicated user base. This nonprofit, open-source approach fosters trust and transparency. Anyone with the skills can audit the code, examine its encryption protocols, or contribute to its evolution. 1. End-to-End Encryption Signal's flagship feature is its end-to-end encryption (E2EE), which ensures that only the sender and the recipient can read the messages—no middleman, including Signal itself, can access the contents. That's a significant layer of protection against interception or surveillance. 2. Disappearing Messages Users can configure messages to self-delete after a set amount of time, limiting the risk of sensitive conversations sitting idle on a device. While it's not foolproof—screenshots, backups, or physical access can still expose information—it adds another layer of protection. 3. Metadata Minimization Signal goes to great lengths to reduce metadata, the often-overlooked byproduct of digital communication. It doesn't store message contents or contact logs and employs techniques like sealed sender to further obscure traffic patterns. Still, complete metadata invisibility isn't technically possible. Signal isn't just popular among tech-savvy users—it has earned the trust of people who have the most to lose from surveillance. Investigative journalists, political dissidents, whistleblowers, and human rights activists rely on Signal to protect sources, organize efforts, and preserve anonymity. It offers peace of mind in countries where expression can carry dangerous consequences—which is also why it is currently gaining popularity in the United States. At the same time, its clean, intuitive design makes it equally attractive to the average consumer looking to escape the surveillance economy. There's no advertising, no data profiling, and no creepy targeted content. Just encrypted chat, voice, and video calling, available on Android, iOS, and desktop computers. Despite its strengths, Signal is not a silver bullet. And as the cabinet official scandal shows, misusing even the best tools can have serious consequences. 1. Metadata Leakage Through Network Observation While Signal tries to obscure user metadata, internet service providers and global surveillance networks can still glean behavioral patterns—such as when you're online, how often you message certain contacts, or your physical location based on IP address. These breadcrumbs can be surprisingly revealing. 2. Device Compromise Nullifies Encryption Signal's encryption is only effective if your device is secure. If your phone is compromised—whether via malware, spyware, or someone gaining physical access—attackers can read decrypted messages directly from the screen or memory. Pegasus-style spyware doesn't break encryption; it sidesteps it entirely. 3. Human Error Remains the Weakest Link Signal can't save you from yourself. Reusing weak passcodes, falling for phishing attempts, or accidentally adding the wrong participant to a group chat (as seen in the 'SignalGate' incident) can all undermine even the most secure platforms. 4. Not Fit for Classified Government Use Encryption is just one aspect of securing sensitive or classified communications. Government protocols require strict chain-of-custody procedures, specialized hardware, and compliance with classified handling frameworks—none of which Signal is designed to support. While it's 'secure enough' for everyday communication, it is not certified for handling state secrets, and treating it as such introduces significant national security risk. It's easy to conflate privacy with invulnerability. But cybersecurity doesn't work like that. No app can completely remove risk. Even Signal's creators have been candid about the platform's limitations. They've engineered it for everyday privacy—not espionage. That doesn't mean you shouldn't use Signal. In fact, you probably should. It's one of the most secure and ethical options for personal messaging on the market. But treat it as one piece of your security toolkit—not the whole kit. Use strong passwords. Keep your OS updated. Pair it with a VPN if you're especially cautious. And if your communication involves trade secrets or government intel, follow the channels designed to handle that level of sensitivity. The Signal controversy is a case study in how the best tools can still be misused—and misunderstood. Encryption protects content, but not context. Signal doesn't grant anonymity, and it certainly doesn't grant impunity. The viral attention and surge in app downloads after the 'SignalGate' scandal highlight a paradox: as more people become aware of digital privacy, fewer understand its limits. Signal remains a standout success in the push for privacy-respecting technology. Its open-source ethos, commitment to user security, and accessibility make it an essential tool in today's digital landscape. But it's not built for every purpose—and certainly not for classified operations. With heightened digital surveillance and eroding privacy norms, the real challenge isn't finding 'unbreakable' tools. It's developing digital literacy about the tools we have. Encryption is critical—but so is understanding its boundaries. Signal offers privacy. You have to bring the security mindset.
Observer
28-03-2025
- Business
- Observer
How secure is Signal, anyway?
Signal, a popular messaging app, came into the spotlight this week after reports that several senior Trump administration officials had used the tool to conduct war planning — inadvertently including a journalist in the message group. The app, which was started in 2014 and has hundreds of millions of users, is popular among journalists, activists, privacy experts and politicians — anyone who wants to secure their communications with encryption. But the app's use by government officials resulted in an intelligence breach that took place outside the secure government channels that would normally be used for classified and highly sensitive war planning. The incident has raised questions about Signal's security and why government officials were using it. Federal officials are generally not allowed to install Signal on their government-issued devices. Here's what to know. What is Signal used for? Signal is an encrypted messaging application that is used to communicate securely. It encrypts messages from end-to-end, meaning that what a user says is encrypted on their device and isn't decrypted until it reaches the recipient. This method protects the message from being intercepted and read by anyone, including Internet service providers, hackers or Signal itself, while it is in transit. Users can also set Signal messages to disappear after a certain length of time. Users who want their messages to disappear can turn on the feature in the settings for each of their individual chats. Who owns Signal? Signal is owned by an independent non-profit in the United States called the Signal Foundation. It is funded by donations from its users and by grants. The foundation was started in 2018 with a $50-million donation from Brian Acton, a co-founder of WhatsApp, another messaging platform that was purchased in 2014 by Facebook. Acton left WhatsApp to start the Signal Foundation after disputes with Facebook, which is now known as Meta, about plans to make money from his messaging service. Acton joined Moxie Marlinspike, a cryptographer who designed Signal's security system, to create the Signal Foundation. The foundation is structured to prevent Signal from ever having an incentive to sell user data. 'There are so many great reasons to be on Signal,' Marlinspike, who stepped down from the foundation's board in 2022, wrote in a post on the social platform X on Monday. 'Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don't sleep on this opportunity.' Is Signal secure? Yes. Signal is widely regarded as the most secure messaging app on the market, because of its encryption technology and other measures designed to secure users' data. Its underlying encryption technology is open source, which means the code is made public and allows technologists outside the non-profit to examine it and identify flaws. The technology is also licensed and used by other services, such as WhatsApp. That encryption technology has been key when Signal has been a target of foreign hackers. Russia has attempted to surveil when Ukrainians are using Signal, and in February, Google researchers said that Russian hackers had tried to hijack users' Signal accounts. While the second attack was effective, it worked by tricking users into adding rogue devices to their Signal accounts, not by breaking Signal's encryption. 'Phishing attacks against people using popular applications and websites are a fact of life on the Internet,' said Jun Harada, a Signal spokesperson. 'Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks.' In the event of a security breach, Signal is designed to retain as little user data as possible, so that minimal information is exposed. Unlike other messaging services, the company doesn't store users' contacts or other identifying data that could indicate how a person used the service. That doesn't mean Signal is the ideal service for communicating war plans. If a user's device is compromised, their Signal messages could be read — and using a government-approved communication system could prevent officials from inadvertently including a journalist in a war planning discussion. US Defence Secretary Pete Hegseth Is Signal safe for texting? Yes, generally, although users should be careful to vet new contacts, just as they might on any other social platform. And when adding people to their group chats, they may want to take an extra moment to make sure they've included the right contacts. — The New York Times
