Can You Trust Signal After US Security Leak? How Safe Is The Messaging App | Explained
Signal does not collect user data except for the phone numbers, the date a user joined the service and the last login information. Though WhatsApp is end-to-end encrypted but it logs your activity
The recent news of an Atlantic journalist being “accidentally" added to a Signal group used by US officials to deliberate the bombing in Yemen has raised doubts about the security of the app, whether government officials having top-secret military conversations should at all be using the app.
Atlantic editor-in-chief Jeffrey Goldberg was inadvertently added to the group where US officials were planning a military attack on Houthis rebels of Yemen.
related stories
According to the Atlantic article, Goldberg was seemingly added to a Signal group chat that included sensitive national security discussions among Defense Secretary Pete Hegseth, Vice President JD Vance, National Intelligence Director Tulsi Gabbard and national security adviser Mike Waltz. Goldberg said the discussions continued for six days before he removed himself. All this while, the group members appeared to be unaware that Goldberg was in the chat.
Signal’s creator Matthew Rosenfeld joked the “great reasons" to join the platform now included “the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations".
Under US law, it can be a crime to mishandle, misuse or abuse classified information, though it is unclear whether those provisions might have been violated in this case.
What Is Signal?
Signal is an open-source and fully encrypted messaging service that runs on centralised servers maintained by Signal Messenger.
It can be installed in both Android phones and iPhone or on the computer. It lets you send secure texts, images, and phone or video chats with other people or groups of people, just like iMessage, Google Messages, WhatsApp, and other chat apps.
Signal has estimated 40-70 million monthly users — which is pretty less when compared to WhatsApp and Messenger, which have billions of customers.
What Data Does The App Collect?
The only user data Signal stores on its servers are phone numbers, the date a user joined the service, and the last login information.
Users’ contacts, chats and other communications are instead stored on the user’s phone, with the possibility of setting the option to automatically delete conversations after a certain amount of time.
The company uses no ads or affiliate marketers, and doesn’t track users’ data, as stated on its website.
Signal also gives users the possibility to hide their phone number from others and use an additional safety number to verify the safety of their messages, it adds.
Signal does not use US government encryption or that of any other governments, and is not hosted on government servers.
How Safe Is The App?
Signal’s source code is available online and, because of its popularity as a security tool, is frequently audited by experts, as per MIT Technology Review.
Signal has a “stellar reputation and is widely used and trusted in the security community", Rocky Cole, whose cybersecurity firm iVerify helps protect smartphone users from hackers, told Reuters.
“The risk of discussing highly sensitive national security information on Signal isn’t so much that Signal itself is insecure," Cole added.
Actors who pose threats to nation states, he said, “have a demonstrated ability to remotely compromise the entire mobile phone itself. If the phone itself isn’t secure, all the Signal messages on that device can be read."
Are Other Apps Safe Over Signal?
Though many apps offer end-to-end encryption, but Signal is a “gold standard" for private communication as it is secure by default. This means, unless you add someone you did not mean to, it next to impossible for a chat to accidentally become less secure.
In case of iMessage, despite end-to-end encryption, your chats are not encrypted in iCloud backups by default unless they have “blue bubbles".
With Google Messages, chats are sometimes end-to-end encrypted, but only if they show a lock icon.
WhatsApp is end-to-end encrypted but logs your activity, including “how you interact with others using our Services."
On the contrary, Signal does not record who you are talking to, and offer options to reliably delete conversations, and to keep messages secure even in online phone backups.
The worst option of all is regular SMS text messages (“green bubbles" on iOS)—those are sent unencrypted and are likely collected by mass government surveillance, as per MIT Technology Review.
What Happened With US Govt Communication System?
Data expert Caro Robson, who has worked with the US administration, told BBC it was “very, very unusual" for high ranking security officials to communicate on a messaging platform like Signal.
Reports suggest that the US government has historically used a sensitive compartmented information facility (Scif – pronounced as “skiff") to discuss internal security matter.
The scif is an ultra-secure enclosed area in which personal electronic devices are not allowed.
Scifs can be found in places ranging from military bases to the homes of officials. “The whole system is massively encrypted and secured using the government’s own highest standards of cryptography," Robson told BBC.
The UK was embroiled in a row with Apple this year to protect certain files in cloud storage. Apple ended up pulling the feature in the UK altogether after the government demanded access to data protected in this way by the tech giant.
The case is currently ongoing. But it shows no level of security or legal protection matters if you share confidential data with the wrong person.
- Location :
- First Published: