Really? its about the only quality messaging tool if you actually care about privacy. Other apps that claim to be e2e encrypted tend to leave themselves little loopholes in that claim. You think WhatsApp doesnt have the keys to your messages and wont hand them over to the government when asked? Think again. On Signal the only people with the encryption keys to your messages are you and the recipient.
And the people in charge of it actually seem to not be huge assholes or shady weirdos. I listened to a 2 hour interview with Meredith Whittaker and she's like super smart and seems like a really decent person who has the right priorities. I hope it stays this way, but right now the whole thing really seems to be an awesome project with people in charge who actually know what they're doing and who are not interested in selling or otherwise misusing your data.
Nonprofit doesn’t mean can’t make a profit, it limits use of said profit into going back to the cause. That’s why plenty of non profits jealously guard their IP donations, that massive funding source runs a lot of their programs.
So, merely being a non profit doesn’t mean they won’t be willing to sell. This isn’t a negative to them, more a “that branding is not fully trustworthy on its own, verify” warning.
Yes. Hence my comment about having access to more metadata.
But they cannot read the content of the messages or provide the keys to anybody because they never have them.
We can be critical of WhatsApp and Meta without resorting to lies about their access to the encryption keys.
Using any E2E platform, even WhatsApp, is still way, way better than plaintext SMS, or tweets, or facebook messages, or discord, or telegram, or whatever else.
You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know. Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it.
I'm not claiming that this is what happens, but as a developer, if you write a wrapper around another piece of software, you have every chance of siphoning off data in the wrapper.
Put another way: it doesn't matter if a message can go from A to B without being read if you have someone looking over your shoulder at points A and B.
Yeah, WhatsApp (meta) controls both sides of the communication unless you know exactly what that app is doing. If they are decrypted on one end to show you the message Meta can get access to it.
At least they claim that but how can it be verified? Also nothing is really stopping them from pushing updates compromising encryption or targeting certain users.
So, that "metadata" they collect undermines a key point of Signal's privacy protections: Who is talking to who and when. If you don't think those details by themselves are important, understand that the NSA certainly does because it allows them to undermine free association and organization. Since it's being collected as the innocuous sounding "metadata" and not called something more appropriate, such as "personal communication data", people aren't paying much attention to it being collected, packaged, and sold. But it's important to realize that some of the buyers are companies like Wal-Mart and Amazon, and they are using that data to undermine attempts of workers to form unions.
So, just because WhatsApp is still protecting the content of the communications themselves, don't think for one second that the service is "private" or "secure".
So does Facebook Messenger, but you can recover your data with a six digit PIN. If I can recover my data with a six digit pin, so can a very simple python script in fractions of a second.
I suspect they use the same implementation for WhatsApp, which is incredibly insecure, unless I'm missing something. You shouldn't be able to recover E2E encryption with a password that has a character space of 1,000,000.
Don't trust any encryption implementation you can't build from source yourself, like Signal, because your security is entirely in the hands of a corporation with vested interest in reading your communications. It's like hiring a dingo to babysit your baby.
You think WhatsApp doesnt have the keys to your messages and wont hand them over to the government when asked?
This was the impetus for us to move over to Signal for my friends' group chat. Say I was critical of a certain country and their policies regarding a migrant workers in that country. Say I got a job offer to work in that country - not unlikely in my line of work. Say that as part of the background check to go to that country, the messenger app I used was told to hand over all of my shit so they could see if I had said anything critical of that country.
After Google's Gulf of retardation capitulation, I'm convinced they'd hand over your emails or anything else. I already assume everything I type on Facebook and it's messenger is compromised.
The most important reason you should want it is because one of the 2 co-founders/creators of WhatsApp, Brian Acton, is now the CEO of Signal.
He created WhatsApp back in 2009. After FB bought it, apparently it was promised to them by Mark Z that he will keep WhatsApp as it is and not turn it into an ad behemoth, but as is his nature, he reneged on his word and now WhatsApp is overrun with random brands pinging us about their offers.
Jan Koum left FB, and later Brian left it too in 2017, angry with the way WhatsApp turned out under FB. Brian then went ahead and co-founded Signal Technology Foundation in 2018, which gave result to the Signal messaging app.
The same Brian who created WhatsApp tweeted out in support of the #DeleteWhatsApp trend on Twitter some time in 2020-21.
All in all, Signal is a trustworthy messaging app, and has just about every feature WhatsApp has, with added encryption. I am trying hard to recruit my friends and family over to Signal, but breaking ingrained habits & convenience is just too difficult!
it was revealed that the feds had indeed hacked signal
Source? The only thing I've ever seen that's claimed anything along these lines was that Cellebrite once claimed to have cracked Signal's encryption, which turned out to only be true on an unlocked device that they had physical access to (i.e. a device where they could just open the app and read the messages already) and could pull the keys from with their tools. I've never seen any legitimate claims that the protocol has been cracked or that they can pull messages from phones in secure/encrypted states (like the before first unlock state after a reboot).
Here’s this article from Forbes. I can’t get past the paywall but the blurb is: “Court documents obtained by Forbes not only attest to that desire [the FBI’s], but indicate the FBI has a way of accessing Signal texts even if they're behind the lockscreen of an iPhone.”
Yes, them needing the device is what I remember and a saving grace, but I don’t trust this administration to not take our devices from us for arbitrary reasons
I don’t know about the cellebrite thing, will have to look into it after work. If the FBI used cellebrite, and cellebrite’s claim turned out to be untrue, please lmk so I can relax and change my CS habits
The full article speculated it was either GreyKey or Cellebrite, and more likely GreyKey. They also note the phone was in AFU (after first unlock) state but the screen itself was locked, which both of these tools have claimed over the years is enough for them to pull decryption keys out of memory and pull all data on the device (which is probably true on some devices). So based on the details given, they didn't break Signal itself but just generally got all data on the device which got them the Signal messages and the keys to decrypt them. The best defense against this is, if you can, to turn your phone off any time you suspect there's a chance it could get confiscated (going through TSA or customs at airports, if you think the cops may imminently detain you, etc), as they can't perform these attacks in BFU (before first unlock) states because the decryption key is not yet in memory.
it was revealed that the feds had indeed hacked signal
This is an incredibly misleading way of phrasing "it was revealed that the feds had gotten access to the texts in the signal app on the phone they were in possession of". "Hacked signal" implies some sort of weakness or vulnerability in Signal itself, the reality is they had the device and got access to its contents. The facts here don't imply any weakness in or compromise of Signal.
Me: State what I know, including that I'm open to changing my opinion, which almost none of reddit does. Most of reddit just is confidently wrong. Unlike what you're saying, here's what I knew
“Court documents obtained by Forbes not only attest to that desire [the FBI’s], but indicate the FBI has a way of accessing Signal texts even if they're behind the lockscreen of an iPhone.”
You: Come in and be mean for no reason, like a typical redditor. You see how the other guy was able to add new information in a kind and helpful way? Try that. I guarantee you if I was just confidently wrong no one would care, but since you sniffed what you thought was weakness here you are. Most people would consider the above quote hacking. But I'm not a subject matter expert so I left it open. Like someone who wants to learn, not fight
Come in and be mean for no reason, like a typical redditor.
I'm very sorry if your feelings are hurt but no part of my post is "mean" - you seem to be misinterpreting directness as evidence of malice. My response also has nothing to do with perceived "weakness". I think you should probably do some self-examination about why you feel this way, since you're imputing a lot of behavior which isn't present and for which there's no evidence.
It's a decent messenger app. I'm not really sure how different it is from Whatsapp. Aside from the owners. I thought Whatsapp also did E2E but now I'm going to have to search and see.
I think WhatsApp still takes a bunch of metadata like location etc when certain actions are taken. I don’t understand it 100%, however I think signal tracks the bare minimum of data for users
Signal works. It is a great technology. Banning it on X while using it himself, however, is hypocritical to the level of no-one should ever trust anything this guy says. He is mad with power-lust and will say whatever he believes is beneficial at the moment. No honor nor guiding principles of conduct. An evil man.
He's simultaneously telling his own department to use Signal to hide from FOIA while also trying to prevent federal workers from contacting journalists so they can report all the illegal shit DOGE is doing.
Signal has built in protection when you receive messages from unknown numbers. You can block or delete the message without the sender ever knowing the message went through. Google Messages, WhatsApp, and iMessage have no such protection:
Yeah. It's "secure" from your ISP, maybe. If you use their separate E2E encrypted messages.l, rather than the type it defaults to. But telegram is not secure from Nation States who want to read your messages, because it's a hodgepodge of broken encryptions that have been layered to "unbreak" them, so it's safe to assume that it can be broken and the exploits exist inside of a SCIF somewhere. And because it's closed source, no one can really begin to figure out where the weaknesses are without spending a lot of resources (hence it taking a nation state)
Signal, on the other hand, is entirely open source, so anyone qualified to find an exploit (and/or patch it) can. This means flaws don't go undetected or unpatched for long.
Given the source, I would assume that it can be made secure but insecure-by-default was a design choice. I'm not drawing on actual knowledge there, that just seems to align with what one would presume the goals to be.
I'm in the Army. Obviously, we never send anything OPSEC-ey in band without being on an officially approved echelon using officially approved encryption and all. But for every-day shit, yeah we sure as fuck don't use Whatsapp or Telegram for this exact reason.
The reason he is banning it on Twitter is because journalists routinely link their Signal accounts so that whistleblowers can contact them and he doesn’t like that. It has nothing to do with the Signal itself.
Yeah, he tweeted out "Use Signal" and the stock of a completely unrelated company had a massive explosion in price due to it. Just google "signal stock" and set the timeline to 5 years, and you can see exactly when he tweeted it out in early January 2021... I wonder what happened just before January 7th 2021 that might have prompted him to suggest others use a proper encrypted messaging app...
But on the telegram piece, by default it's not secure at all. The only "secure" part of telegram is using the "secret chat" function which only works between two mobile devices, and even then signal is still better
I posted this in another thread of someone asking why to use signal over whatsapp. Maybe it can be used to help convince some of your friends to download it
It's also completely open source and independently validated for security. There are no backdoors and EU has put signal in their crosshairs to scan messages before encrypted. Signal foundation has said they won't be able to serve EU if that occurs.
Russia has also removed signal from their country, other authoritarian countries as well. There's a censorship circumvention checkbox so if your country blocks signal, someone can make a node with a VPN to route traffic within the country to signal's servers.
It took some research to find that article, but it links to source code and other info. The source code is here, and docker is pretty simple to setup. There's some services online to setup remote instances using vps, but you can run and host it locally too with docker and a few terminal commands.
Bro you are a hero 💪 thank you for the information. Been trying to get some friends to move over to signal; this may be the info I needed all rolled up in one neat comment.
I will say that would be nice if you could add a 2nd phone in the same manner you can add a computer or tablet, as an accessory device that is dependent on the host device.
At least not last time I tried it! It makes you choose one or the other, though you can do initial setup with an android phone then transfer fully to the android tablet, but beware you then lose access from the android phone. AFAIK this makes no actual sense in technical protocol terms (note how same thing works fine in whatsapp android app already).
It works that way in Signal because your messages aren't synced to centralized location. Your messages are on your phone only. Any additional devices like a computer or iPad are dependent on your phone having an active connection as well.
that simply doesn't explain the lack of multi-android-device capabilities given it works fine between e.g. phone and computer, or apple phone and android tablet, etc.
I do suspect the real answer is just "uh we haven't implemented it yet" rather than anything malicious.
I just want to make sure I understand: you put Signal on your phone, and then you can link 4 (5?) other non-mobile computing devices (e.g. laptop, desktop, certain tablets).
I get that the reason for this is because having Signal on two phones (or two devices with a mobile modem) makes your amount insecure. But why does this happen? Is it a quirk of the way Signal is written and it could one day get patched so that you can use Signal on multiple phones? Or is it a deliberately enforced policy because having signal on multiple phones opens up the account to having someone install your Signal account on a phone they physically control (or stealing your phone, or cloning your phone, etc)?
Signal has built in protection when you receive messages from unknown numbers. You can block or delete the message without the sender ever knowing the message went through. Google Messages, WhatsApp, and iMessage have no such protection:
Thanks for the good overview of the benefits of using Signal.
I have a question, though. Why do you think president Musk is trying to squelch Signal on Twitter?
Is it an attempt to keep users within the 'Twitter-Verse'? Is he worried that people might be communicating in a way that he can't see or manipulate? Idk.
Similar, but I don't think any alternative quite reaches the level of Graphene in terms of device security and privacy. Graphene is built around the Pixel family of phones and includes low level OS, driver, and maybe even firmware improvements. Those security improvements are the foundation of the privacy features Graphene develops, and may not be possible without that level of focus and involvement.
Unlikely to happen, but if it did, you can use Obtanium to get Signal directly from GitHub, or download Signal for Android directly from their website: https://signal.org/android/apk/
Musk is a bigger opponent of Free speech than what came before, he does not give a fuck about freedom of speech, he just want it to be his turn to speak up while he silence others.
He even personally banned people, overthing something so petty that he was called out for faking being a good gamer in diablo/PoE
Reminds me to go back to using it. Was having issues where it would just not display new messages in group chats which was a bit of a dealbreaker, hopefully they fixed it.
The fact that you are not allowed to use it on a government owned device, because the government can’t monitor it, and it could be used to leak secrets.
9.0k
u/Culverin Feb 17 '25
And this is how you can tell that Signal is legit.
Do you really need a better endorsement?