0xD Jun 24, 2025
Micah Lee
I wrote about how to turn in-person meetings into Signal groups, how to manage large semi-public Signal groups while vetting new members, and how to use announcement-only Signal groups, perfect for rapidly responding to ICE raids https://micahflee.com/using-signal-groups-for-activism/
Using Signal groups for activism

Things are heating up. Millions of people are taking to the streets against Trump's rising authoritarianism. Communities around the US are organizing to defend against ICE raids, to protest Israeli genocide, for mutual aid, and for other forms of fighting fascism. Signal can help people safely organize in all of

micahflee
Jun 16, 2025 at 6:26pmWeb
Show threadTungsten_carbide πŸ‰Jun 16, 2025
@micahflee Great guide, thank you so much!
Show threadCody Casterline πŸ³οΈβ€πŸŒˆJun 16, 2025

@micahflee Good article -- I learned some things.

But, right after talking about being in a group with 500 members, you say:

> […] a Signal group [is] all private, and it can't be shared with law enforcement.

A conversation with 500 people isn't private. Any one of their (possibly multiple) devices might be hacked, or confiscated by law enforcement. Some of the members may BE law enforcement.

It's important not to oversell the security of the protocol w/ such a big attack surface area.

Show threadAndy MouseJun 16, 2025

@NfNitLoop This. Not to mention each of those 500 members are identified with their phone numbers, and there is no real indication (except "we promise") that Signal isn't passing along group memberships to law enforcement to begin with.

Just use email or whatever texting app you already have. Or use an actually secure alternative, i.e. one where you do not have to provide your phone number to use the service and there is not a single US-based company hosting all the communications.

@micahflee

Show threadnoplasticshowerJun 17, 2025
@NfNitLoop @micahflee this seems to have happened with the DoD. LoL.
Show threadChris WoodJun 16, 2025
@micahflee fantastic read. The examples you gave were so easy to understand. You did an amazing job of showing how effective Signal is for organising groups, it’s brilliant to see it all in action.
Show threadTrolli Schmittlauch πŸ¦₯Jun 16, 2025
@micahflee Thanks for sharing your experiences.
There is one thing I’d like to get your opinion on: While it is an important step that phone numbers are not shared as a public identifier anymore, users still need to enter a name used for _all_ chats.
Those using Signal for personal chats with friends and acquaintances will probably enter their real name. But when planning semi-public events with a semi-trusted group, folks might better not reveal their full identities.
What now?
Show threadRuth [β˜•οΈ πŸ‘©πŸ»β€πŸ’»πŸ“šβœπŸ»πŸ§΅πŸͺ‘🍡]Jun 16, 2025
@micahflee oh wow, the announcement only thing with reacts could be useful for one I’m part of. People are generally great about only replying if doing the thing but every month or so we have a squirrelly day
Show threadKevin Karhan Jun 17, 2025
@micahflee good Idea, tho I'd use #XMPP+#OMEMO or #PGP/MIME for the former and #IRC for the latter ...
Show threadMurray πŸ‡ͺπŸ‡Ί Sep 3, 2025
@kkarhan
This is mentioned in the article and why Signal is the "good enough" option for the various abilities of people wishing to communicate securely.
@micahflee
Show threadKevin Karhan Sep 3, 2025

@MurrayWindripper @micahflee except #Signal being a #Centralized, #SingleVendor & #SingleProvider solution that (illegally!) demands and collects #PII (#PhoneNumber) for no legitimate reason makes them inherently bad.

I went into lenghts and have linked details re: @signalapp here:
https://infosec.space/@kkarhan/114862595629371002

Kevin Karhan :verified: (@[email protected])

One thing that really pisses me off personally is the #regression in terms of #Messenger #Apps. My personal distaste and dislike for #proprietary, #SingleVendor & #SingleProvider #services like #Signal [ΒΉ](https://infosec.space/@kkarhan/114234551915193036) [Β²](https://infosec.space/@kkarhan/114935952643402592), #Telegram, #Discord [Β³](https://infosec.space/@kkarhan/114865723904157014) [⁴](https://social.treehouse.systems/@krutonium/115157611977216372), #WhatsApp [⁡](https://infosec.space/@kkarhan/114873895410403238), #Slack, #MicrosoftTeams, #discord [⁢](https://infosec.space/@kkarhan/116063760849048926)[⁷](https://infosec.space/@kkarhan/115736223551632209) etc. aside: - *WHY* is there no #CrossProvider #Messenger to handle that shite? - *WHY* does everyone of these shitty providers think people want to download their #bloated #WebApp that takes up triple digit Megabytes if not entire Gigabytes and will gobble up all the #RAM and #CPU each of them can?? This problem ain't new and *already got [solved for corporate social media](https://infosec.space/@kkarhan/114862619013462466) ages ago!* (Not to mention actually good messengers!) - And no, [bridges](https://toots.ch/@dalai/114862754556459439) *[don't](https://swecyb.com/@troed/114862774972645542) count*! - I mean `API 0` - [style](https://digipres.club/@foone/112685423773959519) access because obviously [none of the platforms](https://digipres.club/@foone/112685414638522984) will *allow, endorse or support such an endeavour* and [*actively fight the developers and users*](https://digipres.club/@foone/112685441496803574) ! So yeah, consider this a call for a @[email protected] / #Gajim or @[email protected] / #Pidgin *for garbage platforms!* - Cuz back in the day we had *way worse messengers* yet people actually made #AIM, #ICQ, #MSN, #QQ, #IRC & #XMPP work just fine from one single *"phat" client*! - Can we please get that back? Cuz #WastefulComputing pisses me off! #api0 #Enshittification

Infosec.Space
Show threadcrispycat Jun 17, 2025
@micahflee it's even approved by the white house!
Show threadTrammell HudsonJun 17, 2025
@micahflee is there a way for announcement-only groups to hide the member list? this would prevent one compromised device from revealing the entire social graph (and would also avoid spamming the recipients with group membership updates).
it seems that only admins should need to know all the identities and public keys.
Show threadKurt KremitzkiJun 17, 2025
@micahflee you rock. Thank you o7
Show threadKevin Karhan Oct 23

@micahflee I just think that this will fall flat on it's face when #Signal gets their doors "bootfucked" by #AmericanGestapo!

  • I hope to be wrong, but they collected all those #PhoneNumbers that are basically a personalized target marker for &"law enforcement"* to attack one after the other…