Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app

I can't imagine any messenger is private if you invite random people into a group chat 🤦‍♂️

EVERYONE SHOULD DOWNLOAD SIGNAL for PHONE-NUMBER-based communication, tho. Proper RCS is not here yet (and won't be in a long while), so let's try to mobilize people to Signal.

DeltaChat is cooler for non-phone based communications, IMO, and decentralization makes it way sexier and worth this tradeoff.

Signal is the place for top secret communications, but not for any government business, top secret or not (at least not when using a public instance - they could fork the project to keep decryptable records on gov servers where the official gov instance would run).

Considering the US government now owns Meta and thus WhatsApp, it’s an interesting case… why did they use signal?

Signal is great, that's why I'm suspicious that this recent story is to not only target journalism, but also secure app communication. I wouldn't be surprised if it's used as an excuse to remove signal from the app stores.

Hopefully I'm just being too paranoid.

What kind of private communication can we talk about if you must have a valid phone number to use Signal?! Lol

I personally use carrier pigeons with caesar cipher. I know I can't out tech google, so I will go medieval.

The exact reason why it's bad for top secret communications is why individuals should use it or something like it. That is government auditability.

Wherever Signal is mentioned, I shall mention SimpleX-Chat.

Zero user ID needed to use. No phone numbers and no username.

SimpleX-Chat!!!

Consider Briar.

Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.

Of all the options available, I feel like this one is the best suited to current threats (oppressive governments with all-encompassing surveillance, and the willingness to destroy critical institutions and infrastructure).

The app is super barebones right now - feels like SMS - but it works. Main downside is that both participants have to be online at the same time (maybe group chats can work around this?), since there's no servers.

Here are two reasons you might not want to use Signal: Your contacts, your settings, your entire Signal experience is tied to a Signal account managed by Signal. Metadata—who you’re talking to, when, and how often—can still be collected and analyzed. Question everything.

No, it is not. 🚮

Regarding the trick of an adversary gaining access by emailing or SMS'ing a QR code for adding another device...

Why does the new device not demand the PIN before being added?

How's signal compared to Element?

Also, is there a secure way to directly send messages to someone else's phone without the message having to be stored on a central server? As in they're only stored on the recipient device. Is that even possible with how the internet works and how packets are routed between networks? Even if the server has no way of decrypting messages by default, just having the encrypted messages stored there is a liability because your encryption keys can easily get leaked by malware running on your device, phishing, etc.

All I'll say is Threema. You pay once for a licence, so there's less bullshit people on it and they are based in Switzerland with it's privacy laws.