this post was submitted on 03 Dec 2025
45 points (100.0% liked)

technology

24114 readers
251 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 5 years ago
MODERATORS
context@hexbear.net
SexUnderSocialism@hexbear.net
gaycomputeruser@hexbear.net
Wakmrow@hexbear.net
SwitchyandWitchy@hexbear.net
45
I MAY be alone on this but i think this whole “Signalgate” thing is a psyop made to make the app look bad and have the government look into it or shut it down (hexbear.net)
submitted 23 hours ago by NoahFuel@hexbear.net to c/technology@hexbear.net
20 comments fedilink hide all child comments
 

Think about it: A privacy‑focused app the government dislikes used by activists and dissidents gets dragged into a scandal it didn’t technically cause and that scandal becomes political justification for scrutiny and possible investigation

When something protects privacy, shields activists, can’t be surveilled, and is widely used by people the government considers “enemies,”

then any incident, especially a dumb mistake by a public figure becomes an opportunity to push the narrative that "its bad"

Hegseth literally invited a journalist into a private Signal group. The app didn’t leak. He did.

But the public takeaway is shaping up to be:

“Signal is unsafe.”

Activists, dissidents, and “uenemies” use Signal heavily. When an app becomes central to organizing or communication for groups the government dislikes, it moves up the target list.

TL:DR, “This scandal feels like it’s being weaponized to smear Signal and justify government pressure

all 21 comments
sorted by: hot top controversial new old
[–] hello_hello@hexbear.net 2 points 6 hours ago

Signal is not privacy respecting at all when it still requires a phone number for signups and there are no third party servers.

Their app also links with google play services on android (there is a degoogled release called Molly that I use instead of the main app).

The main benefit of signal is just having access to a un-facebooked WhatsApp that is easy enough to get other people on. I use signal for this reason.

People should check out GNU Jami as a p2p messaging application that requires no signup at all. Or just check out XMPP which requires no phone number or additional credentials besides a username and password.

[–] coolusername@hexbear.net 10 points 12 hours ago

signal is CIA, the US gov or some thinktank recommends using it which means it's 100% compromised

[–] CommunistCuddlefish@hexbear.net 14 points 19 hours ago

Are you talking about the time the US government invited a former IOF torturer and basically der sturmer mouthpiece to their chat where they celebrated murdering Yemeni civilians? The thing back in March? If so, why bring it up now?

Anyway the real scandal is that they murdered Yemeni civilians and Yemeni fighters who were fighting to oppose isntreal and the US's livestreamed Holocaust in Palestine. "leaking government secrets" doesn't matter, fuck America, leak more secrets. The problem is that they murdered people in Yemen.

[–] bobs_guns@lemmygrad.ml 19 points 21 hours ago (2 children)

Signal is surveilled using traffic analysis techniques. The government generally knows or can know who talks to who and when. The encryption protocol is probably sound but it's still not ideal.

[–] PorkrollPosadist@hexbear.net 19 points 20 hours ago* (last edited 20 hours ago) (1 children)

Not to say that decentralization solves everything, but I see all of these centralized "but we do E2EE tho" apps as deeply flawed. Especially when they require phone numbers to sign up. You are just WhatsApp without Facebook's bad reputation! Assuming they are completely above board (not intelligence ops in themselves, but subject to legal pressure), we can take their word that there are no plaintext records the government can subpoena, but as a centralized service, they construct essentially one point the government needs to watch. They can correlate when messages are going in with when messages are coming out to assemble graphs of communications networks. With subpoena power, they can trivially figure out who the individual nodes are in those graphs, who they are communicating with, what their location is (they have your phone number), and with zero-day attacks at their disposal, they can exfiltrate the plaintext from end-user devices - if the social network information doesn't provide enough insight for them to roll up troublemakers without needing to burn these.

There is an old manta among cryptographers and Free Software advocates that "there is no such thing as security through obscurity." I'm calling bullshit. While it is not a substitute for sound cryptography, the clever application of stenography goes a long way. Every day you can avoid being noticed is a day the investigation has been delayed. Every investigation which gets started late, or never starts at all, creates blind-spots to the state. Public key cryptography is a crucial tool, but there is a hyper-fixation on it while alternate methods are overlooked. Classic practices of tradecraft, like one time pads, dead drops, hiding messages inside innocuous mediums. The discipline to opt for radio silence instead of constantly dinging the "Revolution HQ" server with you E2EE messaging app as you roam from WiFi access point to WiFi access point. The pre-arrangement of signaling procedures, where an innocuous post on a mediocre blog, a classified ad with the correct words in it, or the arrangement of flower pots on a balcony can let somebody know it is time to move to phase 2, or establish a meeting in a predetermined location, or retrieve a package from a specific garbage can on the Hudson River Greenway.

These apps are actually much more secure when being used by police and state officials. In this case, they don't need to worry about investigators with subpoena power. The threat model is simplified to the cryptographic fundamentals, and the security of the devices implementing them. Foreign intelligence is still a threat, but they don't have the blanket physical access to these networks that the US security state does.

[–] bobs_guns@lemmygrad.ml 5 points 20 hours ago

Yeah pretty much bang on, good post. I still use them but I am not actively organizing revolutionary activities so my threat model is not that stringent.

[–] MF_COOM@hexbear.net 20 points 23 hours ago

I'm not an expert but I've got a friend of a friend who works in digital security (to the point where he applied to CSIS and boy is that an interesting different story) and I was asking him about Signal.

He seemed to be very confident that Signal's code is completely public, that if it had secret backdoors or whatever people would know.

He also confirmed that while Signal may be secure (not a statement he made definitively) your phone very likely isn't, so it's a moot point.

[–] someone@hexbear.net 19 points 23 hours ago (1 children)

Personally I don't think that Signal is unsafe now, but the key people involved in its development are all within easy reach of the US government. Historically they've also been hostile to distributing the app anywhere but Google and Apple's official app stores, and of course both of those companies are likewise within easy reach of the US government.

[–] spectre@hexbear.net 19 points 22 hours ago* (last edited 19 hours ago) (2 children)

The things you mentioned make the app less than safe. Also:

  • you must sign up with a phone number
  • messages are e2ee, but server admins can see message metadata. You can make a lot of progress if you can see who is associating with who. You might even get access to their messages later on if you can get into their device.
  • app admins have been weird/disabled the ability to roll your own server

Your message content may be e2ee, but there's still a good amount of useful info that US authorities can access.

[–] iByteABit@hexbear.net 9 points 21 hours ago (1 children)

You might even get access to their messages later on if you can get into their device.

I agree with the rest, but this one seems kind of pointless. If an attacker has gained access to my device, it doesn't matter at all how secure my software is, if it's usable by me then it's also usable by the intruder.

[–] spectre@hexbear.net 8 points 21 hours ago

This is true, and also depends on your threat model. My point was if you're doing some very cool stuff that's going to be investigated by a US aligned government, it's worth thinking beyond the message content when it comes to opsec.

[–] Inui@hexbear.net 8 points 21 hours ago (1 children)

You don't have to use a phone number anymore, it just makes it more convenient since then your contacts will automatically show up and such.

[–] spectre@hexbear.net 7 points 21 hours ago (1 children)

Appreciate the updated info!

[–] da_gay_pussy_eatah@hexbear.net 10 points 21 hours ago (2 children)

That's wrong, you still need to sign up with a phone number, it's just that you can now choose to be discoverable only by a username rather than allowing others to find you by phone number.

[–] spectre@hexbear.net 5 points 19 hours ago

Appreciate the updated info!

[–] Inui@hexbear.net 3 points 21 hours ago

Thanks for the correction, I already had an account set up and thought you could sign up with just a username now.

[–] blackbeards_bounty@lemmy.dbzer0.com 6 points 19 hours ago (1 children)

You should know: it wasn't even signal, it was a way worse fork https://youtu.be/KFYyfrTIPQY

[–] HexReplyBot@hexbear.net 2 points 19 hours ago

I found a YouTube link in your comment. Here are links to the same video on alternative frontends that protect your privacy:

[–] Obamakitten 6 points 20 hours ago

I don't think that people who haven't engaged with what Delta Chat (particularly Arcane Chat dev ADB) and Graphene OS people have said about Signal should base their views on this in vibe-reads. It's too technical.