Signal provides:
- Excellent protection against third party interception of communications (wiretapping).
- Limited protection against compromised (hacked) or lost devices
- No protection against certain common usage mistakes (accidentally including a reporter in your large group war planning chat).
If you look at the systems that are supposed to be used for classified communications, the underlying cryptography isn’t particularly different from Signal (the AES cipher can be used to protect classified material). That’s not what failed here.
The difference is that systems like Signal are designed to *facilitate* communication with anyone. Classified systems are designed to *limit* communication to authorized recipients.
Both are sensible for their respective - very different - purposes.
Most likely Signal was chosen because a) it helps bypassing documentation requirements, as has been the case with similar cases, and b) it protects against interception.
The more interesting question that nobody has asked so far, despite it's being hinted at in the article in The Atlantic: why is a) so acceptable that all of these folks routinely use Signal for that purpose? You don't "accidentally" tune in to such undocumented conversations.
@peteriskrisjanis @katzenberger @mattblaze Not necessarily - avoiding FOI requests has been a major focus for Project 2025.
Not sure why they're worried about their actions being scrutinized </sarcasm>
On the contrary, it is deliberate obstruction. Look at the chat screenshots in the article:
The messages have the timer icon, bottom right. This means that #DisappearingMessages was enabled for this #Signal chat.
Infodump follows aimed at nobody in particular:
AES is the symmetric cipher, Signal uses ECC (on Curve25519 & derivatives: So X25519 and Ed25519) for the DR protocol, and ML-KEM as the KEM for the initial key exchange.
ECC is not quantum-safe: You can recover a private key from the public key and decrypt communication if you have a quantum computer. The protection from using a PQC (post-quantum) KEM for the initial key exchange is limited.
Additionally, Signal has a specific threat model, which can make using it insecure for a lot of usecases. For one, it is not anonymous. This means that it does not protect your identity, it only protects your messages. Aka it is fine for chatting with trusted parties, but dangerous for chatting with untrusted parties.
@mattblaze I am starting to feel like I said something wrong here ?
If there's any mistakes in what I said feel free to correct me, I am always eager to learn ^^
Matt Blaze is a well know academic security expert, so he's poking fun at being lectured on systems he understands very well lol
@ity Additional context you might be missing: He was commenting specifically on this breaking news story wherein top level US government people accidentally added a journalist to their signal loop planning military strikes, so the quantum safety (or lack thereof) of signal and the lack of anonymity is pretty irrelevant to this specific issue. Your post might have come off as lecture-y for this reason
@void_turtle Ah, yea I was missing that context completely :(
I don't keep up with US news anymore, it's too depressing
Ah, I misread your post then, I was missing the context it was in since I don't follow US news a lot. That's fair ^^
@ity @mattblaze oh no, now I feel bad for the chuckle.
Your first reply came across as correcting or explaining to him directly and @mattblaze is a well regarded cryptography expert and definitely knows all that.
I'm gunna take a swag at how your brain works and just say that I've been there. Even though this is a public forum, when you reply to someone it's generally taken as a direct reply to them unless otherwise specified. So next time just maybe preface with the info dump explanation you gave here.
Don't take it personally, you weren't trying to be rude, you were just excited and it came off in a wrong way.
Thanks >.< Yea, I was not trying to be rude, and rather just wanted to infodump about cool cryptography things. I can edit the post to make it clearer that an infodump follows ig
@lispi314 @mattblaze @ai6yr You may have a right to silence, but if the state can credibly charge you with a separate crime, they can induce you to waive that right in exchange for "voluntary" cooperation.
It is the case that the United States appears to be transitioning from government threats backed by legal force to government threats backed by wrenches. I am trying not to say anything alarmist in Mr. Blaze's mentions tho.
@mcc
Sadly we long reached the point where the prosecution process in many cases can be quite punishing already for normal folks, so yes, in many cases intimation it's nowadays called solid police work. Look here, we wouldn't be questioning you if you were innocent. Want us to lock up your whole family in investigative custody? How many of them will lose their jobs and their income?
So tell us how you did, all details please.
@lispi314
Ah, you are talking about bad places where people disappear, ...
My comment was more about nice rule of law democracies where law enforcement does also take sometimes a heavy hand approach. Suicide my not be necessary, in that case, but an understanding of the rules of the game would help.
@mattblaze @ai6yr @mcc
@mcc @ai6yr @mattblaze
If I learned anything from Eric Adams it's that I can change my phone's password, 'forget' what I've changed it to, and wait for half a dozen people to resign before my case gets indefinitely adjourned.
🎶 The one thing we need is a left-handed monkey wrench 🎶
@mattblaze my fam straight up refused to abandon Whatsapp.
Reason: meh… it’s just easier
My anti-facist rants are falling on complacent ears. So I’m blissfully out of the loop on family discussions and photos. 🤷🏻♂️
@mattblaze My sibling did mention a random news article about some RCMP officers getting caught sharing inappropriate material on Signal…but were on a shared network. Thus, Signal must be bad.
I have no doubt there’s active attempts by Meta Inc. (and probably lobbyists) posting misleading and misinformation about Signal and Fediverse alternatives.
Evil people were using landline phones, telegrams, and letters for evil purposes before.
Sadly, there is no defense against a classic PEBKAC attack.
(Problem Exists Between Keyboard And Chair)
I guess we need to see Signal raise their app suitability from Everyone to some sort of minimum age lol
Nelson Lopez
Matt Blaze
KuJoe 💞
Raglan Niall 
Tanguy ⧓ Herrmann
katzenberger 🇺🇦
Pēteris Krišjānis
Stryder Notavi
CodexNotFound
ity [unit X-69]
Glyph
Sophie Schmieg
Steve Bellovin
Void Turtle
blausand 🐟
0xC0DEC0DE07E9
Scissors Cut Paper...
Varx
Raph Levien
AI6YR Ben
Bernd
Saul
mcc
LisPi
Andreas K
Jeremy List
Geoff Coffey
Kim Scheinberg
Viss
Paul Will Gamble 
🇨🇦
Ruben Borg Nielsen
Von Javi
Hasufin
Chris Neklason
Alex Strasheim
chroma0