I'm a bit annoyed with the coverage of Signal since the story broke about it's use by many senior level US Government people to discuss the attack on the Houthis in Yemen which included Jeffrey Goldberg, journalist for The Atlantic. A few things to be aware of:
- Signal is not vulnerable to anything but phishing. The reporting that I've been seems to indicate there is some vulnerability in the software itself. This is nonsense. The fact that it's secure messaging is why they were using it in the first place.
- Encryption is useless if someone has access to your phone. That is the bigger issue here. Signal can be the most secure messaging software in existence but if your phone is compromised Signal's encryption means nothing.
- People can take screenshots. How do we know the content of the messages? Because Jeffrey Goldberg took screenshots of the messages he was receiving. Signal encryption can't do anything about that either.
Those things are important but there are two things that are far worse:
- They were using Signal to discuss classified material and Signal isn't cleared for such use. How many other conversations like that have been happening on Signal that we don't know about?
- They had disappearing messages turned on. This is blatantly illegal. Records of such conversations are supposed to be kept per US law.
All of this is bad, very bad but the only way Signal has any relevance here is that it's secure enough that these people felt it was a good way to send backchannel messages. Don't be afraid to use Signal for your own messaging. If it's good enough for high level US Government people discussing classified material it's good enough for us 😂
Update: good write-up on Wired about this exact topic.