Featured Post

The white-Left Part 1: The two meanings of white

Wednesday, March 26, 2025

Is Signal secure?

 Actually, the most important question is: Were they using Signal on secure devices?

Because it doesn't matter how well Signal, or any other secure communications app, encrypts your data, if there is an agent on your device that can read your keystrokes before they are encrypted and read your screen messages after they have been decrypted. This can be the case if the device is compromised by a software agent or spyware that is designed to do just that.

That is also the case with these AI chatbots like X's Grok, Microsoft's Copilot, or Google's Gemini, that are increasingly being pushed on to our smartphones and other computing devices. They typically ask for an "all access" pass to our devices so that they can "see what we see, and hear what we hear" as Microsoft bragged about its Copilot, and see what we type, and then send it all up to the cloud—unencrypted. This is becoming a big problem for privacy and security that no communications app, no matter how secure, can protect us from. 

That's why it's essential to know what devices members of the Houthi PC small group chat were using Signal on, and what other software, not just spyware, but also AI chatbots, they had running on the same device. 

Meredith Whittaker, the president of Signal, the company that makes the app, warned about this very problem at SXSW earlier this month, saying that these AI agents tended to break the "blood-brain barrier" that the privacy apps depend on:

"If a messaging app like Signal were to integrate with AI agents, it would undermine the privacy of your messages," she said.

So, this "agent" aspect of the Signal Houthi PC small group chat question is actually two questions in one:

  1. Were any of the devices in this chat infected by spyware put there by malicious actors?
  2. Were any of these devices running AI agents, such as Grok or Copilot, that the owner gave permission to read messages and send copies to the clouds via unencrypted channels?

Just asking.....

Signal is secure in more ways than one. Not only does the app offer end-to-end encryption for a thread, which still allows for you to read it, as well as any agent installed on your end, but it has another feature that allows for the deletion of a message on every device after a timer runs out—auto-deletion. They call it "Disappearing Messages." Of course, using that feature would be in complete violation of FOIA public records laws, and if this outlaw regime is using Signal to avoid document archive. public record, and disclosure laws, that maybe the most important revelation to come out of this whole fiasco. If that turns out to be the case, we are going to need to know a lot more about what they are using Signal for.

Clay Claiborne
26 March 2025

See also: Signal chat fiasco reveals a cabinet of dilettantes

Other things to worry about:

toxonix on slashdot writes: The Kremlin is actively targeting Signal accounts and exploiting their device linking feature to get copied on any conversation on a compromised device. I'm not sure any of these guys on the conversation are savvy enough to know the difference between a QR code from a Kremlin account and a legit one from Signal.

Famous last words:

Pete Hegseth on Fox News in 2016 [x.com]: “How damaging is it to your ability to recruit or build allies with others when they are worried that our leaders may be exposing them because of their gross negligence or their recklessness in handling information?”
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)