this post was submitted on 12 Dec 2025
65 points (97.1% liked)

Privacy

3152 readers
174 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
65
Is Signal safe? (proton.me)
submitted 1 week ago by Sunshine@piefed.ca to c/privacy@programming.dev
32 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 21 points 1 week ago (2 children)

Signal is safe enough depending on your threat model

If you worry about aws centralization and outages then signal isn't a good option

If your worried about sgx enclave exploitation then it's not a good match

If your worried about us intelligence monitoring traffic then it's not a good fit

So signal is fine for person to person western traffic

Not a good fit for a country needing isolated highly secure messaging... I.e. the french government should NOT use signal, centralized in America, sgx exploits are a concern, and exposing the social and communication graph to the us intelligence services isn't in the french national interest

[–] Railcar8095@lemmy.world 11 points 6 days ago (2 children)

What it I'm head of the Department of War and I want my war crimes to be secret? Asking for a friend

[–] jet@hackertalks.com 2 points 5 days ago

Then signal probably isn't for you

[–] 01189998819991197253 1 points 6 days ago

There's a custom app for that, that's based on Signal.

[–] refalo@programming.dev 1 points 6 days ago (2 children)

If your worried about us intelligence monitoring traffic then it’s not a good fit

source:

[–] ThunderQueen@lemmy.world 7 points 6 days ago (1 children)

US law enables to government to demand a backdoor into any private company and makes it illegal for that company to disclose whether or not this has happened. It is best to assume that any private US company is compromised in this way.

[–] refalo@programming.dev -1 points 5 days ago* (last edited 5 days ago)

It is best to assume that any private US company is compromised in this way

I would say that's ridiculous for most people, but I guess it entirely depends on your threat model... if you're legitimately worried about state-level boogeymen, you've probably got bigger problems and already know all of this.

[–] jet@hackertalks.com 1 points 6 days ago

If you are designing the french government communication systems, would signal work for your requirements?