Is it still viable to use Signal for privacy in 2026? It’s centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)
Thoughts?
The phone number you gave to signal to sign up never left your device? Do you truly believe that?
When you send a message through signal, do you actually think “nothing” left your device?
When you register with Signal, they do know your phone number. This gives them the information that “the person who owns this phone number is registered with our service.” That is not linked in any way to what leaves the client when you send a message because, I cannot stress this enough, you don’t send your phone number or identify yourself in any way to Signal’s servers when you send a message. Please take a look at the client source code yourself.
I won’t be replying anymore, have a great one! There are better things to use my PhD in cryptography for.
You’re misunderstanding what they’re freaked out about.
TBH lots of people with real experience in computer security have trouble understanding what signal skeptics are complaining about because people who understand what’s going on just say “well… yeah. Duh.”
They’re concerned about the possibility of lack of anonymity being combined with social graphing to establish cause for investigation.
When the service corroborates a user to a phone number it doesn’t matter how legitimately private and secure the data transmitted between clients of the service is, the government of the jurisdiction can demand the information about the user and phone number and use that to establish their own legal cause to use more intensive surveillance methods, infiltrate organizations and tie a user of signal to an identity with voting records & other publicly (and less publicly) available identifying information.
People want to use the cloak of anonymity to avoid this outcome and so complain about signal not being anonymous. Of course, they might not have the understanding and language to recognize that’s their concern so it isn’t always clear.
Signal doesn’t claim to be anonymous, so a person who understands that distinction will just get pissed off at ding dongs trying to drive screws with a hammer and a person who doesn’t understand that distinction gets pissed off that anyone would sell hammers at the same store as screws.
Computer security and crypto needs a Flowers for Algernon so people can learn how little they know and not a Matrix that invites people to the secret world.