Is it still viable to use Signal for privacy in 2026? It’s centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)
Thoughts?
PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.
It’s hosted in the US, subject to its pervasive spying laws including national security letters.
Also I need all your phone numbers.
Also no you can’t host this yourself, I run the only server.
Everyone who uses signal and supports it, is falling for this pitch.
Why not signal?
One of the most sus things about Signal is the cult following it has. I really can’t think of any other chat app that will have people coming out of the woodwork advocating for it while telling you not to use anything else. There’s absolutely nothing special about Signal that would warrant this. It’s at best a mediocre user experience, it still handles a lot of things like switching devices really poorly. It’s open source in name only. There’s just no reason why it should be this popular on its own merits.
I read the article in the past, and it is still as flawed as it used to be. You’re quite extremist without much legitimate reason. Signal is and will likely stay for the foreseeable time one of the most secure and private messengers.
Whenever Signal advocates chime in, they never help beat the allegation of being a cult that cannot be reasoned with.
No, because it does not reflect the truth. You’ve to see the full picture.
The full picture is that Signal has the most important piece of information you can give anyone online: your phone number (which means your real name and current address). Also that they’re hosted in the US and have close links to the US defense industry.
Did you mean to link a different article, that one doesn’t say anything about defense industry ties (from my quick skim). It does talk about how phone numbers are no longer required when connecting to someone else.
Signal DOES have my phone number, but they can’t tell my government anything other than
This becomes even less important as the platform gets popular. I know some friends who work in healthcare that report that they’re switching to Signal (and WhatsApp unfortunately) as an alternative to texting/phone calls for staff/department group chats and non-patient related communications.
This is incorrect. They also have your full name and address by extension, as well as those of everyone you communicate with.
They’re also subject to national security letters, meaning the US state can get that info without a warrant.
Just read the first article I posted, it gets into all this.
The 2nd article is the signal CEO Meredith Whitaker interviewing with lawfare, which is a US defense industry think-tank.
I didn’t suggest otherwise. This was about whether they can correlate that to additional information. I am already assuming that the US government might try to maliciously compromise the servers, without needing the pretense of national security laws.
I’m not an expert in cryptography or Signals codebase, but my understanding is that the client app uses separate connections to verify the session (something that can be tied to your phone number on a compromised server) and to send a message out. The initial contact discovery process can leak info if you are searching for specific phone numbers, and this could be mitigated by using the QR code or usernames to get an ID directly. The actual pre key fetch is sent as a separate request not tied to your session verification. So outside of timing attacks, it shouldn’t let Signal know who I am talking to day to day even if they know that I have connected to the person at one point.
I think it’s cool that Simplex and Matrix allow selhosting, and especially Simplex’s 2 hop technique. That should make it much more difficult for someone trying to map things out. However if the average person is going to be using the default servers, I don’t see how a compromised server is any less of a problem than with Signal’s ones.
I recommend Signal to non-technical users trying to get away from Facebook/Instagram/whatsapp. I might start recommending Simplex too if it gets popular enough and goes through a similar level of scrutiny that Signal had. I’m already comfortable using a variety of chat platforms / self hosting for myself.
The lack of a phone number requirement does limit the extent of social graph mapping. I hope signal will do away with that requirement as they’ve promised to for some time. The risk though is spam, which is already a problem now that signal is getting popular.
I did look over it again, and I still find the CIA section to be silly. I’ll refer back to these old comments from myself and someone else:
https://lemmy.ca/comment/5401873
https://lemmy.ca/post/16397504/7661724
Again, I would say this is a big leap. The CEO agreeing to an interview with a think tank that has ties to the defense industry is not the same thing as Signal having ties to the defense industry. She has done many interviews talking about Signal, with a variety of orgs of different ownership and politics
Name a more secure way to communicate with normies. They’re not going to use SimpleX or Matrix…
People are not as stupid as these large centralized sites like signal keep telling you they are. Ppl figured out how to make accounts on different services, forums, and platforms since the internet began. It is no more difficult to make a matrix account, or install simpleX than it is anything else. My partner and I figured out simplex within 10 minutes.
So true. My non-technical friend asked about more private ways to communicate after things started to go bad where we live, and she had no problems understanding SimpleX. The actual user experience is a lot like FB Messenger, IMO.
Oh, I’m not saying people can’t figure it out, but most normies won’t try on principle or something. Hell, I’ve gotten pushback from software engineers when asking them to do Matrix. Signal is known enough that most normies will use it, though, and it at least is not explicitly known to be centrally backdoored in terms of the encryption like a Whatsapp, which in my experience is the other option normies will bear.
Most normies aren’t using Signal either, they’re all on Whatsapp and fb messenger. You’d be asking them to switch platforms to use Signal just as you would with any other app.
I successfully have multiple normies in my life on Signal. The no account/password is a big selling point. It’s not perfect, but it’s better than iMessage or Whatsapp, which are the two “this is good enough” options I see normies in my life wanting to use.
Vast majority of people, outside a tiny technical niche, aren’t on Signal. And if you’re going to get people to switch anyways, then why choose Signal when there are far better alternatives around.
My sister and wife and parents aren’t going to use Matrix or SimpleX. The no account or password, you just install on your phone and it’s like iMessage basically sells them in a way I could NEVER get enough buy in for anything else. The way I see it, Signal’s primary problem is the metadata availability, but the government knows I talk to my family, presumably, what I want to hide is the contents, which are as far as anybody knows, E2E as long as you’re not using the Israeli Molly, but evil, app the Trump admin uses. I have tried since Threema to get these people on better platforms, Signal is a win in this case.
Using Element is no harder than Signal.
deleted by creator