The Signal Is, of Course, Confidential, but Not That Confidential
Another day, another security breach, but this time it happens in a group chat. On Monday, The Atlantic editor-in-chief Jeffrey Goldberg reported that he was included in a Signal conversation with Trump administration officials, including Defense Secretary Pete Hegseth, Vice President J.D. Vance, Secretary of State Marco Rubio and National Security Adviser Michael Waltz, who discussed highly sensitive “operational details” of upcoming attacks in Yemen.
Signal is a secure messaging app, but as a public service, it is not intended for military coordination (the US government does not allow it to be used to transmit classified information). Here’s what’s great about Signal, and the privacy restrictions it provides.
When to use Signal
Signal is a free, open-source, end-to-end encrypted messaging app that allows users to keep conversations (including text, images, audio and video messages, and calls) private and secure. It’s one of our top picks for secure communications , and its privacy and security settings and open-source protocol are highly rated by the Electronic Frontier Foundation as well as many data security experts.
In addition to end-to-end encryption, Signal has a disappearing message feature that deletes chats after a set period of time, as well as features like blurring photos, hiding your phone number by default, and other security settings to protect your identity and your data.
All of these factors make Signal a great choice for communications that you want to keep private, whether you’re sharing personal or sensitive information, participating in activism, or otherwise want to know that no one other than you and the intended recipient can read your messages. If you are an iPhone user, you can make Signal the default messaging app on your device . (Signal used to support SMS/MMS on Android, allowing it to be used as the default messenger, but that feature was removed in 2022. ) But there are a few other issues to be aware of.
Signal still has privacy risks
While Signal is an excellent tool for encrypted communications, it does not guarantee absolute confidentiality of classified information, such as those related to national security matters.
As recent events show, users can be added to group chats – either by mistake or on purpose – leaving open the possibility that your messages will be seen by someone who shouldn’t see them. You should verify the identity of everyone who has enabled your topics before sending them sensitive information, and consider using Signal’s group chat settings to require approval of new members or limit who can add members to a topic.
If sensitive information is being shared, you can also check the contact’s security number to make sure they are who you think they are.
But even if you maximize all of Signal’s security settings, the mobile device you’re using could be compromised by spyware, as Apple has warned users about in more than 150 countries. These campaigns attempt to install aggressive malware on smartphones to capture users’ location, data, and activity, while negating any encryption benefits that Signal offers. Attackers most often target high-ranking politicians, activists, journalists and others with access to classified or confidential information.
Additionally, Signal can also be downloaded and accessed across multiple devices, including the desktop app, where data may be stored less securely or compromised by malware.
Finally, there’s always the possibility that your device could simply be hacked, leaving your data exposed to anyone who can unlock it (a good reason to enable disappearing messages).
With that in mind, while installing Signal is a good start, it shouldn’t take over your entire privacy routine. If you have an iPhone, here are some additional steps you can take to keep your data safe. Our government officials might also benefit from going through this checklist.