From this perspective, all phones are insecure. Classified government stuff isn't ever supposed to be on commercial smartphones in the first place.

The kind of security Signal provides is sufficient for people who aren't active targets of foreign states.

Locking her up would have set a far worse precedent, and I think that the other norm-breaking behavior of the current administration does not support the idea that prior punishment of past administration members for insecure data management would have led this administration to more secure data practices.

Like Signal?

>> Mike Waltz set disappearing message time to 4 weeks [0]

[0] https://www.theatlantic.com/politics/archive/2025/03/signal-...

But at this point disappearing message is more like limiting how bad this behavior is rather than aggravating circumstances.

I mean he's wrong to be using that setup but if using it I much prefer those illegal messages not be present anymore when he loses his phone or something.

Sufficiently so, so that a judge ordered immediate retention.

Signal forces us to use Android or iOS. Doesn't it look suspicious? I would happily use it on my desktop with Qubes OS, but I can't do it without a much less secure smartphone.

As much as I want to say "screw the developer's nonsense, just compile it yourself and do as you please" honestly why bend over backwards to use such a platform when solutions such as Matrix are available?

But the thing about desktop computers is that they're not connecting to cell towers all the time. So if WiFi is disabled too as a precaution, and they're only connected to private secure networks via Ethernet and not the internet, you can consider them secure in terms of protecting classified secrets.

It wasn’t long ago that we were subject to stringent military standards for hosting these networks on site but once they came through, there was never any re-certification.

For small vetted group top secret conversations by a sophisticated organization, it makes more sense to have something where inviting anyone who hasn't already been brought into the magic circle with physical interaction is simply impossible. If technically unsophisticated users are important, ideally one would have fully vetted tech support who will be monitoring all participants and doing the verification work for them. All managed via central systems and heavily walled off with multiple layers from crossing between high and low sides. If they want to talk to the general public, they should use physically different devices. Worse scaling, far more friction, but that's OK for top levels of a big organization in the context of extremely sensitive information.

Signal is a tool and a decent one, but no tool is good for absolutely everything and trying to use a hammer as a saw isn't a defect in the hammer it's a problem with the user/organization trying to do something so foolish.

Spyware like Pegasus [0] has been able to use zero-click exploits to penetrate target phones and read messages as though they were the phone's owner.

The US has the best SigInt capacity in the world. The leaders of the US government know that phones are not secure against sophisticated adversaries and they know that we have very sophisticated adversaries. It's deeply troubling that so many of our leaders were so comfortable discussing Secret level plans in such a reckless and illegal way, and it's extremely likely that hostile adversaries have fly-on-the-wall level access to extremely sensitive US planning.

[0] https://en.wikipedia.org/wiki/Pegasus_(spyware)

How can anyone, including the top SigInt people in the US, know that? It has surely always been part of the principles of good spycraft that, if you've got fantastic SigInt (or other -Int) capabilities, then the best way to take advantage of them might be to make sure that nobody else knows about them.

This is like that, except the government and the type of people on the list are even better targets for their personal devices. The government has strict rules about secrecy and communication for military operations, and strong punishments for not following these protocols, because they can lead to a loss of life.

This is a different sort of "unsecure". The platform itself may be "secure", but the device, being in public where someone could take a picture of military secrets, etc. isn't.

https://xkcd.com/538/

Also, even for corporate-managed devices, as an example, Meta has specific requirements and procedures for taking devices to and returning them from contentious places like mainland China.

If your threat model is "local cops" or "nosy people" then Signal seems very secure. If your threat model is "Enemies of the US" then honestly... nothing short of a SCIF is going to cut it.

There are multiple public price lists for 0days, Crowdfense currently has iOS full Zero Click Full Chain listed as $5m-$7m

And thats a long way to say - thats correct, its insecure. For the price of $7m any adverse of the US (or friendly country, who cares) can read all these government messages (who knows how many more Signal groups exist without the Atlantic editor)

That would be the cheapest way to get US confidential information in the history of spy agencies. The NSA budget is $10B per year

The assumption of anyone should be - everything in my iPhone and Android phone can be read for $7m. The conversations im having in front of my iPhone can be recorded for $7m. Then the only question left is - is the information worth more than that

If the answer is yes, assume your phone is compromised and only talk near it / message using it, information you understand will become public

Not something the average Jane needs to worry about, but people discussing military action should.

Edit: if Jane's phone gets hacked, they're going to swipe her credit cards and send messages to all her whatsapp contacts asking to borrow money urgently and here's a convenient Revolut link*. Not exfiltrate her Signal messages.

* whatsapp thing is for real, the latest scam making the news around where I am.

This strikes me as setting the conversation to be whether it's 'secure', and can then everyone can discuss that part - instead of the fact that's not where or how that conversation should have been happening at all.

Audits of a signal deployment, vs signal software at some point in time, aren't just of the app, but also how it is installed, configured, patched, operated, monitored, etc. Likewise, it's the full system, like device, os, network.

This stuff is supposed to run managed, especially at the level of the VP and secdef. Ex: Are they running signal patched from this week or 6 months ago, so a network attacker can leverage a software exploit to work around the crypto. Ex: Was an attacking payload sent through one of the chats while one of the people talking to the VP's + secdef's device was in Russia?

With the unmonitored auto deletion, and on who knows what device/network, external + internal crimes audit trails are being intentionally, recklessly, and illegally deleted. Managed detection and response, and post-crime investigations, are hard when you can't see.

It's some website https://simplex.chat/ with some claims about privacy because they don't use user ID:s (uh).

Do explain to me why anyone should trust this sus russian project [1] over the well regarded Signal?

1: https://find-and-update.company-information.service.gov.uk/o... (proof of russian natinality of Evgeny Poberezkin)

https://news.ycombinator.com/item?id=41381204

That being said, the Signal non-profit entity is located in the US, so probably subject to the same risks as WhatsApp and Messenger; namely US courts compelling them to share data.

Any entity that operates in the US has to abide by US laws, after all. Probably not a concern for US citizens since they're allowed due process but creates risk for non-Americans looking for a truly secure messenger, especially if they live in a place that is currently at odds with US policy (Canada, Europe).

Are you claiming that Signal running on consumer iPhone and Android devices where Pegasys and 0-days are for sale is secure?

Are you claiming that it's secure to conduct classified business on a platform where you can add anyone to the conversation without the appropriate documented approvals?

Christ people, at work if I send some emails without encryption I would be fired. If I knowingly tried to get around records laws I would be fired.

The amount of motivated reasoning, just to excuse anything these incompetent and WILLFULLY bad at their jobs shitheads do is infuriating.

And they could do all that without even knowing it, just by using a compromised toolchain.

Long story short, unless the SW (the app, the OS, the toolchains) and the HW have been audited, you have no idea what's going on.

An obvious attack on Signal is to get one of your people a job working there, or to bribe/blackmail and existing employee, and have them install a backdoor or other exploitable code (maybe a secret weakening of the encryption?).

The cryptography of Signal is not the issue.

Why do these oh-so-secure offerings allow any idiot to add you to a group chat without asking you if you approve?

And I would bet that there used to be people in the govt that could have told you why.

Is Signal engaged in commerce. Is it a free service.

(I'm not defending the Trump administration's law-keeping in general. I'm asking about this specific set of communications.)

The Vice President of the United States cannot use Signal "disappearing messages" to correspond with anyone for any purpose.

What you say is true. But if a technique makes it so that 1) they don't preserve a record for the future, and 2) they do leak (or risk leaking) information that can kill service people, I personally care more about #2.

(Ironic that, in trying to not leak to future investigators/prosecutors, they increased the risk of leaking to foreign adversaries. Shows which threat they're focused on.)

What will reporters use moving forward? Facebook messenger? /s

"unsecured" as in "not a secure comms system managed and approved by the NSA", which for the US government is normally considered a bad thing.

for normal people who don't want the NSA to be managing their comms then Signal is approximately the best possible choice, along with not being a fucking idiot while using it.

2) As for Gov officials - I understand they used Signal on 1) Government issued devices, without a doubt running NSA built OS; 2) preinstalled Signal App, without a doubt audited by NSA line by line; 3) tactical OP information which has very close expiry date.

3) That "journalist", IMO, is guilty of high treason. They must have immediately notified the group about their presence and they must have not publish any of the secrets they accidentally got privy to. And even more, from professional POV, the actions of journalist were deeply non-ethical. I dare say, un-American and definitely not something that any US Citizen can be expected to do.

4) The "deep state" is furious because they can't leak Signal chat messages. IMO, it's a good choice. They (Administration) just need to carefully audit the groups and distribution lists. That was a very bad call.

I personally will _continue_ using Signal, even with more confidence now.

On the contrary that would be the real duty of a journalist. Patriotic you could say.