Hacker News new | past | comments | ask | show | jobs | submit login
How secure is Signal? Cyber experts weigh in on Trump admins use of the app (politico.com)
16 points by nickthegreek 81 days ago | hide | past | favorite | 9 comments



All the security in the world cannot combat incompetence.

Signal, whether it is secure enough for govt to use or not, is beside the point. These idiots didn't even check the group chat participants before discussing really sensitive information. Which means they don't undertake these sorts of checks by default.

"If you design something to be idiot proof, the universe will design a better idiot."


Even if all individuals are properly cleared and have a need to know, Signal is not an authorized method of communication for work-related materials.


In a Senate hearing today, CIA Director John Ratcliffe said, under oath: “One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA, as it is for most CIA officers. One of the things that I was briefed on very early, senator, was by the CIA records management folks about the use of Signal as a permissible work use. It is. That is a practice that preceded the current administration to the Biden administration.”


Signal is great. But if your employer has rules that require retaining messages, Signal isn't usable because it doesn't do that.


Indeed.

I recall widespread and protracted calls for imprisonment, several years ago, for storing government e-mails on a private server. They have gone silent.

The government response:

- You're telling me about this for the first time. (President Trump)

- It's a hoax. (SECDEF Hegseth)

- Nobody discussed war plans. (SECDEF Hegseth)

- Nobody should lose their job over this. (Speaker Johnson)

- No classified information was shared and the journalist is a sensationalist. (Press Secretary Leavitt)

- The editor in chief of The Atlantic is a so-called journalist. (President Trump)

Ignorance (real or feigned), gaslighting, lies, character attacks.

So much for "The buck stops here."


From a protocol/network perspective Signal is very secure, but that only matters if the device of every person in the group chat is uncompromised. The security of the app is meaningless if the security of the OS/runtime/firmware it is running on is broken... and don't forget to multiply that risk by the number of people in the group chat.

Also based on what happened here it is self-evident that Signal can't be trusted for this use case because its too easy to include non-authorized third parties. Like you can't even argue this point because what happened happened.


> Like you can't even argue this point because what happened happened.

Sadly, this administration did attempt the route of claiming it didn't happen.


What would it take for a consumer grade or business grade device and messaging app to be suitable for discussing matters of national security?

The article mentions being able to use a single account across multiple devices as being a problem — what other issues are there?


>what other issues are there?

Being able to leave the building with it and show random people on the street your phone screen.

the fact that one of the group chat members was in Moscow at the time is an issue too.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: