A senior government official misinformed the Atlantic Prime Minister’s editor into a group chat on messaging app signals. There, the focus of the conversation was on US airstrikes against Yemeni rebel groups. Using the app by high-ranking national security officials raised the question of how secure the signal is anyway.
On March 11, Atlantic Jeffrey Goldberg was invited by a national security adviser to mistakenly connect to the signal. The following day, Goldberg was added to the group chat where he spoke about “information about targets, operational details of upcoming strikes in Yemen, including the US rollout and attack sequences.”
Signal is a free app that cybersecurity experts consider to be one of the most secure messaging services for end-to-end encryption.
Simply put, text messages or calls are viewed only by you, the sender, and those in your signal group chat.
“We can’t read your message or listen to your call. No one else can,” the Signal website says.
If you only use your smartphone’s default messaging app, such as Apple’s Imessage or Google Messages, your messages may not be secure. This happens when you’re an iPhone user sending text messages to Android users because they’re sending messages from different platforms. Messages are only encrypted end-to-end if both people use the same app.
Signals also advertise user protection because they do not use advertising and do not track user data. Collect only minimal user data, such as phone numbers, dates you participated in the signal, and the last date.
Apart from government officials, journalists and supporters use the app, but are not limited to groups of these people.
When news signals exist, experts place emphasis on whether the average user should consider it an option for everyday communication.
Why should I worry about encrypted messaging?
Vahid Behzadan, assistant professor of cybersecurity, networking, data and computer science at New Haven University, said:
According to Iskander Sanchez-Rola, director of artificial intelligence and innovation at Norton, most people do not share sensitive information via text such as personal addresses, Netflix passwords and other account passwords, or photos.
Encrypted apps ensure that your messages are viewed only by those you were meant to reach – and not third parties. It also means Sanchez Lora, your “no malicious actors on your internet service provider or network can’t see them.”
Cybercriminals are paying attention to your message.
In December, the FBI and the Cybersecurity and Infrastructure Security Agency said that a hacker belonging to the Chinese government, known as Salt Timne, had attacked commercial telecommunications companies, stealing user data and urged federal authorities to encourage federal authorities to only use end-to-end encrypted communications.
“90% of all cyber threats now come from fraud and social engineering threats, which has almost tripled since 2021,” Sanchez Lora said. “Daily activities such as forwarding messages and clicking links and attachments can open the door to risk if the information is not properly protected.”
By using messaging apps that guarantee end-to-end encryption, you can protect yourself from data breaches and identity theft, business tracing and targeted advertising, and erode your privacy rights by ensuring freedom of professional or legal communication, surveillance or unauthorized access, and potential policy or government changes.
“In short, encryption helps maintain digital dignity and autonomy in an increasingly connected world,” he said.
When it comes to privacy, are the signals outstanding from other messaging apps?
All communications (messages, calls, video chat) are encrypted end-to-end by default, so you don’t have to go out of the way to make sure it’s a feature,” Behzadan said.
Unlike many platforms, Signal does not store metadata about when and where users communicate.
“Its encryption protocol, the open source signaling protocol, is widely considered the gold standard for secure messaging, and is also used by WhatsApp and Facebook Messenger in certain chats,” he said.
Signal’s non-commercial structure also stands out. Organizations do not monetize user data, reducing incentives for monitoring or ad-driven functions.
Sanchez-Rola has added several features that amplify privacy.
Screenshot blocker. This prevents malicious apps on your phone from accessing screenshots, but does not prevent others from taking screenshots of conversations. After the message is read, it automatically deletes the message after a set time, configurable from 5 seconds to 4 weeks. Therefore, even if a malicious app has access to your phone, you will not be able to retrieve deleted messages. Single view media. This allows you to send photos, videos and audio messages that are automatically deleted after the recipient’s device is opened once. Incognito keyboard. This prevents third-party keyboard apps from potentially collecting data about typing, providing an additional layer of privacy, especially when sending sensitive information. Username and phone number. Simply use the signal username and you can talk to the signal person without knowing your phone number. This provides an extra layer of privacy.
How effective is the signal in protecting your privacy?
Signal’s terms of service states that it is “responsible to keep your devices and signal accounts safe and secure.”
“The effectiveness of encryption is not just about technology, it depends on how individuals use it. Cryptography works best as part of a larger cybersecurity strategy,” Sanchez-Rola said.
Behzadan shared some important best practices. They are:
Enable vanishing messages for sensitive chat. Validate safety numbers with trusted contacts. Set strong pins or enable biometric lock. Keeps apps and devices updates.
“The recent incident involving US officials underscores this. Even the safest technology can’t prevent human error, such as adding the wrong person to a group chat,” says Behzadan. “In cybersecurity, the weakest links are often human elements.”
What other encrypted messaging apps?
Signals are most recommended among security experts, but other apps use a variety of trade-offs to provide encrypted messaging.
WhatsApp: Uses Signal Protocol, but owned by Meta and collects more metadata. Threema: A Swiss-based app that focuses on privacy without a phone number.
The best choice depends on your specific needs, threat model, and the platform your contacts use. This is because encryption only works if both parties use the same secure platform.
Source link
