Is it still viable to use Signal for privacy in 2026? It’s centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)
Thoughts?
Yes. You will find a lot of randos saying no, but the consensus among security professionals and researchers is that it is still the current standard. Not to say that it doesn’t deserve scrutiny or criticism, or that other projects aren’t important to develop.
Also, will I be able to reach people with any alternatives? It’s not like they’ll all switch to the app I choose, or at least I’m not that popular for them to follow me anywhere, well… worse, I still have to open Messenger (FB/meta) from time to time to get in touch with some of them 🤮🤢
They don’t have phone numbers? I will risk the known exposure through the phone system before anything Meta or LinkedIn. Basically if fb or insta is your contact choice, I am going to phone or sms instead.
The client is open source, so it doesn’t matter what the server code is, you can see everything the client sends and therefore tell what possible data is being collected.
It’s run by a non-profit so there’s no shareholders to please.
Your messages and decryption key are not stored on their servers.
It’s been independently audited.
They have publicly posted responses to user information requests where they only provide the account creation date and last access time.
The (admittedly incompetent) US government recommends using Signal (for non-classified information) and top officials have been caught using it (Houthi Working Group).
You can never be 100% sure, but it appears to have excellent security and privacy.
Not to mention the FBI admitted that the only data from Singal they get is when the account signed up and when they last connected and they are very unhappy about so little information.
And the phone number! But still not a crime to be using signal (yet).
and top officials have been caught using it (Houthi Working Group).
For me this is the gold seal.
These guys desperately don’t want records of their acts to become public record and they have the authority to outright ask US Intelligence ‘Can you guys get access to this?’ and the app they choose is Signal.
And then proceed to invite a random journalist to their group 😅
If they were competent they would have other career options instead of working for this administration.
I trust Signal and like it a lot, but I do wish they’d remove the stupid MobileCoin rubbish.
Agreed! I won’t consider donating to them until they drop it.
You people are so fucking insufferable. You’ll freeload off of them but the second they try to pay the bills you screech.
I’m SURE, you were totally going to pay you just saw the coin and turned away 🙄
Do you find it that hard to believe that other people have principles?
A lot of people use Signal. It may not be the best solution out there, but it is so, so, so much better than the proprietary alternates.
One good thing is that a normie can easily use it as an alternative to WhatsApp, since the app design is so similar. I mean, it is easy for family and friends to understand and start using Signal, compared to something like Matrix or XMPP.
And if someone needs a little more hardening, they could use the fork called Molly, which has a few more security benefits over the stock app.
Sure I could just look this up, but: know if molly can restore from regular signal backups off the top of your head?
Yes it does ( did it like 5 weeks ago)
I’m 80% sure, it does.
Shit these are great features. I had never heard of it before.
Molly is an independent Signal fork for Android with improved features:
Fully FOSS Contains no proprietary blobs, unlike Signal
Encrypted Protects database with Passphrase Encryption
Multi-Device Pair multiple devices to a single account
Material You Extra theme that follows your device palette
UnifiedPush Ungoogled notification system
Automatic Locking When you are gone for a set period of time
RAM Shredding Securely shreds sensitive data
Ooh! And you can add an F-Droid repo!
https://molly.im/fdroid/
While centralisation continues to be a problem (as the recent AWS outage has shown), Signal continues to be the a sufficient compromise between privacy and usability that a non-technical user will actually use.
That said, I’m making contingency plans to set up an alternative for close family in case the US goes full retard and makes it inaccessible.
What’s your alternative?
I’m considering several, and haven’t made the decision yet: Matrix/Element, Briar, and Session are all on the table.
Session is closing in less than 90 days.
Session has now entered its final 90 days of operation. If we are unable to reach our funding goal within this period, the Session Technology Foundation (STF) will be forced to shut down.[…] This is our final appeal to the Session community: without your support, the STF will cease all operations on July 8, 2026.
You may want to read Why not Signal?, but I still use it.
Fuck dessalines tho
@dessalines@lemmy.ml being as sharp as always, thank you for sharing this! I somehow missed that essay in the past, and recently even had a discussion where I argued in favor of signal. His overview makes some great points that shouldn’t be dismissed offhandedly. The important point is to not make the mistake of shunning signal in favor of an even less secure alternative. Also the user’s threat model should be taken into account. Those who aren’t anticapitalists (yet) might need to worry less about the concerns.
I think the text is somewhat dubious in its arguments, but this (and the arguments built on this assertion) is just plain wrong:
[Signals servers have] a few important pieces of data;
Message dates and times Message senders and recipients (via phone number identifiers)
Signal clients implement the Pond protocol. As a result, Signals servers know who a message is for (obviously, how else do you get the message) but cannot know who it is FROM.
I’ve been playing around with implementing a secure/private messenger demo for myself, and have been consistently impressed with how privacy preserving Signal is when reading their papers and code. I wish it was selfhostable, but apart from that, it’s great.
The server would be NICE to be OSS, but ultimately, privacy breaches are prevented client/protocol side.
Signal clients implement the Pond protocol. As a result, Signals servers know who a message is for (obviously, how else do you get the message) but cannot know who it is FROM.
Give me ssh access to signal’s centralized US-hosted server so I can verify this (IE that their centralized DB doesn’t store).
Otherwise this is a “trust me bro” claim, considering they have the phone numbers of everyone who signed up, and are the routing service for the messages you send.
I don’t really understand why you think this, can you explain? Signal stores, and has access to, no message metadata. They don’t know who your contacts are, which group chats you’re in, when you’re sending messages, or who you’re talking to.
To be convinced of this, take a look at the client source code, and compile the app yourself. None of this information ever leaves your phone without being encrypted or otherwise masked. No analysis of their server code is required to be convinced of this.
Signal stores, and has access to, no message metadata.
Phone numbers are the most important metadata you can give them, far more important than message content. It means your real identity / name and address. With phone numbers you can build social networking graphs: who talked to who, and when.
To be convinced of this, take a look at the client source code, and compile the app yourself.
Client source code is irrelevant here. Signal is a centralized service, you can’t verify what their US-based server is actually running (although they did go a full year without publishing any server updates at one point, until they received a lot of backlash for it).
None of this information ever leaves your phone without being encrypted or otherwise masked.
You gave them your phone number / real identity when you signed up. The most important piece of info they could possibly give them, you already did.
Can you explain how signal will build a social network graph when it doesn’t know who sent any message, which group chats you’re in, or who is on your contact list? Again, none of this ever leaves your device without being encrypted, which you can check by looking at the client source code.
when it doesn’t know who sent any message
They have your phone number. You gave it to them when you signed up.
which group chats you’re in
Signal wouldn’t know how to route messages if it didn’t store this info.
These are super cool parts of signal’s architecture, that are not obvious to understand, but you can truly verify client side that (1) signal only sees an IP address, no phone number, associated with each outgoing message, and (2) signal has no idea who is in which group chat and which permissions you have in those chats.
The first one is pretty simple: you don’t prove to signal who you are, signal just routes packets and lets the receiver verify that the sender is who they say they are by verifying a short lived certificate attesting your identity.
The second one is more interesting: group chats are implemented as a complete graph of direct messages between all participants. In order to update the group state, you send Signal a zero-knowledge proof that you are a member of the group, which convinces Signal that you can add or remove people, without ever revealing your identity. This same mechanism is used to prevent griefing, spam, and DDOS attacks for sealed sender.
Again, both of these can be verified by only looking at the client source code, and nothing else.
More info: https://signal.org/blog/sealed-sender/ https://signal.org/blog/signal-private-group-system/
Just remember that if you, or anyone you are talking to, has notifications turned on (in the app itself), that conversation is now outside of signal and a lot easier to get to.
Not if you set notifications to not show any content. Other than the sender, of course, which could be problematic depending who sends the message.
Doesn’t it depend on what’s in the notifications?
This was recently kinda misrepresented in the media, in my opinion.
Yes, notifications can leave traces. But it’s traces on the device itself that can be forensically extracted. Though notifications are pushed through Apple’s/Google’s servers, the contents are encrypted end-to-end.
Which is an everything problem, not a signal problem. Just in case it sounds like a signal problem.
I wish this was available for iOS.
Yes but using it though Molly is more secure
IMHO the question depends on :
- who you are (boring, rando, political dissident, journalist, etc)
- who you talk to (family, friends, work, etc)
- what alternatives actually exist
So… sure Signal is not perfect but if you can’t convince your family members to move to DeltaChat it sure beats using WhatsApp, Telegram, etc.
I’m a boring rando but I dare defy Dear Leader so I’m probably being watched.
Session is good, and could definitely use some funding if you’re able. it’s a fork of Signal, but decentralised (I think?)
Do they not get enough from the CIA?
no, because if they did, they wouldn’t be on their deathbed https://itsfoss.com/news/session-call-for-donations/
I hadn’t actually looked into the project, and just responded, with a knee-jerk reaction, to a no-name Signal fork.
Having glanced at it now, I can confidently say “lol. lmao”.
We took out the Perfect Forward Secrecy and replaced it with Blockchain™.
Founder and CTO is 12 and wants to talk to you about Buttcoin.
Damn, Hanlon’s Razor strikes again.
Unfortunately their funding situation is dire, they’re shutting down in 90 days
Not perfect (as recent news demonstrated) but still the standard The no-brainer choice for secure and private messaging
What’s the recent news?
But as I said it still is the standard and it is hard to find a better alternative
This isn’t a signal issue, it’s a notification issue.
Literally any app that you allow to use notifications would do the same thing.
If you want this to be more secure, you have to turn off notifications.
And Signal should take that into account
They do
You can set it to show name + message, name only, or nothing. The last one means that you’d need to open the app to see what you were notified about.
Most likely this is referring to the case where they extracted messages from the notification history of an iPhone.
Which would be the situation with any app that has notifications that show content.
If you want to be perfectly safe here, you’d need to disable notification content. This has nothing to do with signal.
Oh yeah. As another comment pointed out. Users can control this by using hidden notifications. Not a sigbal issue.
if you are super private person or want to be anonymous, maybe you can choose SimpleX.
As per usual, the answer is “depends on your threat model”. For a lot of sensitive communications, the centralised design and therefore ability to correlate metadata is a no-go. But if you’re just using it e.g. as a WhatsApp replacement to message your friends, it’s fine. It’s still the most polished and normie-friendly e2ee foss messenger.
PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.
It’s hosted in the US, subject to its pervasive spying laws including national security letters.
Also I need all your phone numbers.
Also no you can’t host this yourself, I run the only server.
Everyone who uses signal and supports it, is falling for this pitch.
Everyone who uses signal and supports it, is falling for this pitch.
No, because it does not reflect the truth. You’ve to see the full picture.
The full picture is that Signal has the most important piece of information you can give anyone online: your phone number (which means your real name and current address). Also that they’re hosted in the US and have close links to the US defense industry.
Did you mean to link a different article, that one doesn’t say anything about defense industry ties (from my quick skim). It does talk about how phone numbers are no longer required when connecting to someone else.
Signal DOES have my phone number, but they can’t tell my government anything other than
- yes I use Signal
- yes I connected to it today
This becomes even less important as the platform gets popular. I know some friends who work in healthcare that report that they’re switching to Signal (and WhatsApp unfortunately) as an alternative to texting/phone calls for staff/department group chats and non-patient related communications.
Signal DOES have my phone number but they can’t tell my government anything other than yes I use Signal yes I connected to it today
This is incorrect. They also have your full name and address by extension, as well as those of everyone you communicate with.
They’re also subject to national security letters, meaning the US state can get that info without a warrant.
Just read the first article I posted, it gets into all this.
The 2nd article is the signal CEO Meredith Whitaker interviewing with lawfare, which is a US defense industry think-tank.
This is incorrect. They also have your full name and address by extension
I didn’t suggest otherwise. This was about whether they can correlate that to additional information. I am already assuming that the US government might try to maliciously compromise the servers, without needing the pretense of national security laws.
I’m not an expert in cryptography or Signals codebase, but my understanding is that the client app uses separate connections to verify the session (something that can be tied to your phone number on a compromised server) and to send a message out. The initial contact discovery process can leak info if you are searching for specific phone numbers, and this could be mitigated by using the QR code or usernames to get an ID directly. The actual pre key fetch is sent as a separate request not tied to your session verification. So outside of timing attacks, it shouldn’t let Signal know who I am talking to day to day even if they know that I have connected to the person at one point.
I think it’s cool that Simplex and Matrix allow selhosting, and especially Simplex’s 2 hop technique. That should make it much more difficult for someone trying to map things out. However if the average person is going to be using the default servers, I don’t see how a compromised server is any less of a problem than with Signal’s ones.
I recommend Signal to non-technical users trying to get away from Facebook/Instagram/whatsapp. I might start recommending Simplex too if it gets popular enough and goes through a similar level of scrutiny that Signal had. I’m already comfortable using a variety of chat platforms / self hosting for myself.
The lack of a phone number requirement does limit the extent of social graph mapping. I hope signal will do away with that requirement as they’ve promised to for some time. The risk though is spam, which is already a problem now that signal is getting popular.
Just read the first article I posted, it gets into all this.
I did look over it again, and I still find the CIA section to be silly. I’ll refer back to these old comments from myself and someone else:
https://lemmy.ca/comment/5401873
https://lemmy.ca/post/16397504/7661724
The 2nd article is the signal CEO Meredith Whitaker interviewing with lawfare, which is a US defense industry think-tank.
Again, I would say this is a big leap. The CEO agreeing to an interview with a think tank that has ties to the defense industry is not the same thing as Signal having ties to the defense industry. She has done many interviews talking about Signal, with a variety of orgs of different ownership and politics
I read the article in the past, and it is still as flawed as it used to be. You’re quite extremist without much legitimate reason. Signal is and will likely stay for the foreseeable time one of the most secure and private messengers.
Whenever Signal advocates chime in, they never help beat the allegation of being a cult that cannot be reasoned with.
Personal attacks are used by people who lack valid arguments; therefore, I will block you to protect my psychological well-being.
Anyone interested in discussing actual Signal flaws, like the unecessary phone number requirement is free to reply and do so.
bye
One of the most sus things about Signal is the cult following it has. I really can’t think of any other chat app that will have people coming out of the woodwork advocating for it while telling you not to use anything else. There’s absolutely nothing special about Signal that would warrant this. It’s at best a mediocre user experience, it still handles a lot of things like switching devices really poorly. It’s open source in name only. There’s just no reason why it should be this popular on its own merits.
I think you’re missing historical context. There are more options now, but when Signal came out (or became Signal, after TextSecure), it was the only tool to offer such strong cryptographic properties with its then novel double ratchet algorithm. Compared to OTR and, much worse, all the other crap that was not E2E encrypted at all, it was the first really credible option on a mass scale.
The crypto was reviewed by well-considered experts, and came out looking strong.
Telegram fought for years trying to say they were just as good and in fact better, which is entirely disingenuous considering it’s not an encrypted messaging app.
These things contributed to what you call the cult following. Which wouldn’t be negative (a cult film has a cult following) if not intended to mean “a cult like Scientology”.
But that’s precisely what makes the whole thing cultish in a negative sense. A decade ago you could make the argument that Signal was doing something special, but that hasn’t been the case for a long time. The continued adherence to the app is utterly irrational today.
Name a more secure way to communicate with normies. They’re not going to use SimpleX or Matrix…
People are not as stupid as these large centralized sites like signal keep telling you they are. Ppl figured out how to make accounts on different services, forums, and platforms since the internet began. It is no more difficult to make a matrix account, or install simpleX than it is anything else. My partner and I figured out simplex within 10 minutes.
So true. My non-technical friend asked about more private ways to communicate after things started to go bad where we live, and she had no problems understanding SimpleX. The actual user experience is a lot like FB Messenger, IMO.
Oh, I’m not saying people can’t figure it out, but most normies won’t try on principle or something. Hell, I’ve gotten pushback from software engineers when asking them to do Matrix. Signal is known enough that most normies will use it, though, and it at least is not explicitly known to be centrally backdoored in terms of the encryption like a Whatsapp, which in my experience is the other option normies will bear.
Most normies aren’t using Signal either, they’re all on Whatsapp and fb messenger. You’d be asking them to switch platforms to use Signal just as you would with any other app.
I successfully have multiple normies in my life on Signal. The no account/password is a big selling point. It’s not perfect, but it’s better than iMessage or Whatsapp, which are the two “this is good enough” options I see normies in my life wanting to use.
Vast majority of people, outside a tiny technical niche, aren’t on Signal. And if you’re going to get people to switch anyways, then why choose Signal when there are far better alternatives around.
My sister and wife and parents aren’t going to use Matrix or SimpleX. The no account or password, you just install on your phone and it’s like iMessage basically sells them in a way I could NEVER get enough buy in for anything else. The way I see it, Signal’s primary problem is the metadata availability, but the government knows I talk to my family, presumably, what I want to hide is the contents, which are as far as anybody knows, E2E as long as you’re not using the Israeli Molly, but evil, app the Trump admin uses. I have tried since Threema to get these people on better platforms, Signal is a win in this case.
