If it's full of design flaws, they probably shouldn't be using it for military planning. It's sad to see the cult members grasping at straws to make this the fault of anyone but those incompetent buffoons.
They are trying to divert that the problem was journalist in the chat. In reality journalist present is the only good thing about the whole thing, he acted responsible and made us aware of this. I wouldn't be surprised if Waltz did it on purpose to expose how they are threatening country's security.
The actual problem is that it looks like they use signal on personal insecure phones for all their communication. Signal is meant for consumer use not for classified information, but even if it was secure or doesn't matter if the phone can be compromised and smartphones are constantly being broken into and the country doesn't even need to be Russia and China to be capable of doing it. It is so bad that there are products that governments can buy to tap into their citizen's phones.
Been a solid messaging app for the past couple years I've been using it. Unlike Whatsapp, it's much easier to control its notifications and media shared
As an old user of textsecure they've been solid for a surprising amount of time. Back in the day (ca like 2013?) me and all my friends would use CyanogenMod which at the time had textsecure built in to the ROM. It used an early version of the Signal encryption protocol layered onto plain SMS messages, and the ROM support meant I didn't even need to install a special app - it would intercept all incoming and outgoing SMSes at the OS level and transparently encrypt and decrypt each one based on who it was coming from or going to. Since messages were direct, the textsecure servers afaik were only used to host public keys.
Also since it was layered onto SMS, we had a handful of fun occurrences of re-flashing ROMs and forgetting to re-register and then we'd get gibberish texts from our friends whose phones still had our old key.
Very good these days! They've also been tested, all the gov gets are unix account creation date timestamps.
Was pretty buggy back in 2016 especially with embeds and video codec support between android and apple devices.
edit: There's also Molly-FOSS a signal fork on https://molly.im/ with more optional security features but the FOSS branch doesn't use google proprietary blobs/services. Great for GrapheneOS users especially.
I've heard a few people try and demonize Signal even before this goofy situation by claiming terrorists use it to plan attacks and I'm just sat over here like: yeah? Terrorists have also used youtube, Facebook, Twitter, discord and every other platform under the sun to organize and recruit to their groups.
And now there's this blunder (?) And somehow Signal is bad for the decisions other people make on the app? Which btw, I don't believe for a second that that was an accident. You will have to actually make an effort to add someone to a chat who doesn't belong there.
And I'm sorry, but I think the comment is pretty funny. I dunno. Maybe I'm just completely morally bankrupt or missing the bigger picture, but every negative thing I have heard people say about Signal is just bizarre.
I genuinely don't understand what the issue is.
Need I remind anyone of how ISIS used Facebook and messenger in 2018 to post brutal execution videos of two scandinavian girls around Christmas and sending that shit to everyone on the girls' friends lists?
As much as I hate Facebook I wouldn't dream of blaming them for some subhuman scum abusing their service for nefarious reasons.
Imagine using a hammer to remove a screw from a beam.
It's possible, but it's not the right tool. It's frankly dangerous, and probably going to damage something.
But, a hammer, when used on nails, is really good at what it does.
Signal encrypts your message, sends it to the recipient, and the recipient's Signal decrypts the message when they view it.
It is open source, so we can verify it does that ourselves. What that means is that a reader who is not the receiver of the message cannot read it.
That does NOT MEAN:
The receiver is who you intended it to be.
The receiver is uncompromised.
Signal also DOES NOT:
Have control lists to your group discussions.
Verify the receiver is who they say they are
The benefit is:
We know that the message sent is encrypted.
Apple, Google, Microsoft, Meta, etc, can't route your message through their servers en route to your recipient. Or well, they can at a low level, but it would just be a garbled mess anyway.
Man I bet having a buch of handles and email accounts and user names that are just a letter off from heads of departments and cabinet staff would get you a lot of unsolicited classified US documents and plans.