How safe is 'Signal'? Pros and cons of the privacy app in the Hegseth leak Daniel de Visé
We have probably all done it: Gossiped about a friend in an email, only to discover we accidentally included the friend in the correspondence. Or dashed off a sensitive text to Gene, our friend, and inadvertently sent it to Gene, our boss.
That scenario may be what happened to the Trump administration this month, when Defense Secretary Pete Hegseth and others mistakenly included a magazine editor in a secret group chat about battle plans.
The leak has sparked fears about the potential mishandling of classified national security information.
And now, a whole lot more of us know about Signal, a commercial messaging app that is celebrated for its security. If you already use Signal, you may be a Beltway insider, a journalist, a union organizer, or a rank-and-file American who is serious about privacy.
For those who are thinking -- or thinking twice -- about using Signal, here are some tips on its pros and cons as a tool for secure communication.
How safe is Signal?
Signal is a secure messaging service that “provides end-to-end encryption, meaning Signal can't access or read private conversations or calls from anyone using the app,” said Derek Kravitz, deputy editor for special projects at Consumer Reports.
Unlike other messaging apps, Signal does not track or store user data, and its code is publicly available, so it “can be examined for potential security holes,” according to the Freedom of the Press Foundation.
The only user data Signal stores on its servers are phone numbers, the date a user joined the service, and the last login information. Your contacts, chats and other communications are stored on your phone.
“And setting conversations to automatically delete in days or weeks provides another layer of privacy,” Kravitz said. All of those features are “why it’s a favorite of journalists and government officials seeking a measure of confidentiality.”
hy is Signal so popular?
Over the past few years, Reuters reports, “Signal has gone from an exotic messaging app used by dissidents to a whisper network for journalists and media, to a messaging tool for government agencies and organizations.”
Signal has won praise in the tech community for how far the app goes in the name of data privacy.
“Signal is the only app that has taken steps to hide users’ profiles, contacts, group metadata, and even message sender information,” researchers wrote in 2023 report from Tech Policy Press. They suggested other developers should follow Signal’s example.
Case in point: Back in October 2021, according to a report in The Intercept, an assistant U.S. attorney subpoenaed Signal to hand over all the information it held on a targeted user: Name, address, correspondence, contacts, and anything else that might aid an FBI investigation.What are Signal’s limitations?
But take this warning from security experts: However secure Signal might be, some of that security goes away when you use the app on a personal cellphone or home computer.
“Even the most secure messaging apps are only as safe as the context in which they’re used, said Steve Grobman, chief technology officer at McAfee, the online protection company. “For everyday users, it’s a reminder to treat messaging apps with care.”
If you have Signal on your cellphone, and your phone is hacked, a cybercriminal could be monitoring what you type into the app. If you lose your phone, a bad actor could potentially copy the data stored within, including the encrypted stuff.
If you have Signal on your desktop computer, you need to think about potential malware. If your personal computer is infected with the kind of software “designed to log your keystrokes or send screenshots to a remote attacker, encryption won’t protect your messages,” Freedom of the Press Foundation reports.
And so, there’s always the risk that your Signal chat could fall into the wrong hands.
“A good rule of thumb for any messaging app is to assess the consequence and impact of the information discussed becoming publicly available or shared with your contacts,” Grobman said. In other words: Imagine the fallout if your private message were plastered on Facebook. How can you make Signal more secure?
Here are a few ways to make your Signal communications more secure.
Set your conversations to automatically delete. You can set the app to auto-delete messages in a specified number of days or weeks. That setting adds a layer of privacy, Kravitz said.
Anonymize your phone number. New usernames recently went into effect on Signal. They "allow Signal users to essentially anonymize the phone number associated with the account," Kravitz said, "ensuring yet another layer of privacy."
Make sure your Signal session is secure. Signal allows you to verify your session is encrypted, and safe from eavesdroppers, with a feature called "safety numbers," the press foundation reports. If the numbers don't match, you can end the session.
One final point: As Defense Department leaders were recently reminded, you should take a good look at who’s copied on your secret Signal correspondence before you hit “send.”
The ACLU responded on Signal’s behalf with exactly two pieces of data: the date the account was created, and the date it last connected to the Signal service. That was all the data Signal had.
Hegseth did NOT include that smarmy Atlantic loudmouth.
Waltz did if you need a person to bash. PresidentTrump is not alarmed. He backs up his team. My suspicion is the imbroglio was a sabotage. Computer hack inserting the so called reporter.
