Is it still viable to use Signal for privacy in 2026? It’s centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)
Thoughts?
Can you explain how signal will build a social network graph when it doesn’t know who sent any message, which group chats you’re in, or who is on your contact list? Again, none of this ever leaves your device without being encrypted, which you can check by looking at the client source code.
They have your phone number. You gave it to them when you signed up.
Signal wouldn’t know how to route messages if it didn’t store this info.
These are super cool parts of signal’s architecture, that are not obvious to understand, but you can truly verify client side that (1) signal only sees an IP address, no phone number, associated with each outgoing message, and (2) signal has no idea who is in which group chat and which permissions you have in those chats.
The first one is pretty simple: you don’t prove to signal who you are, signal just routes packets and lets the receiver verify that the sender is who they say they are by verifying a short lived certificate attesting your identity.
The second one is more interesting: group chats are implemented as a complete graph of direct messages between all participants. In order to update the group state, you send Signal a zero-knowledge proof that you are a member of the group, which convinces Signal that you can add or remove people, without ever revealing your identity. This same mechanism is used to prevent griefing, spam, and DDOS attacks for sealed sender.
Again, both of these can be verified by only looking at the client source code, and nothing else.
More info: https://signal.org/blog/sealed-sender/ https://signal.org/blog/signal-private-group-system/
These are all “trust me bro” claims.
Give me ssh access to their server so I can verify that this “sealed sender” is working correctly and not using the info you already gave them. We would demand this transparency of open source messengers, so why not signal?
I’ll just say one last time: none of this information ever leaves your client device, so even if signal wanted to know the phone number of a message sender, or which group chats you’re in, they have no access to this because it all never leaves your phone. As long as you’re running the correct client code, the server can be arbitrarily malicious, and it doesnt matter.
Have a great day
The phone number you gave to signal to sign up never left your device? Do you truly believe that?
When you send a message through signal, do you actually think “nothing” left your device?
When you register with Signal, they do know your phone number. This gives them the information that “the person who owns this phone number is registered with our service.” That is not linked in any way to what leaves the client when you send a message because, I cannot stress this enough, you don’t send your phone number or identify yourself in any way to Signal’s servers when you send a message. Please take a look at the client source code yourself.
I won’t be replying anymore, have a great one! There are better things to use my PhD in cryptography for.
You’re misunderstanding what they’re freaked out about.
TBH lots of people with real experience in computer security have trouble understanding what signal skeptics are complaining about because people who understand what’s going on just say “well… yeah. Duh.”
They’re concerned about the possibility of lack of anonymity being combined with social graphing to establish cause for investigation.
When the service corroborates a user to a phone number it doesn’t matter how legitimately private and secure the data transmitted between clients of the service is, the government of the jurisdiction can demand the information about the user and phone number and use that to establish their own legal cause to use more intensive surveillance methods, infiltrate organizations and tie a user of signal to an identity with voting records & other publicly (and less publicly) available identifying information.
People want to use the cloak of anonymity to avoid this outcome and so complain about signal not being anonymous. Of course, they might not have the understanding and language to recognize that’s their concern so it isn’t always clear.
Signal doesn’t claim to be anonymous, so a person who understands that distinction will just get pissed off at ding dongs trying to drive screws with a hammer and a person who doesn’t understand that distinction gets pissed off that anyone would sell hammers at the same store as screws.
Computer security and crypto needs a Flowers for Algernon so people can learn how little they know and not a Matrix that invites people to the secret world.
For sure, I do understand the concerns. Government subpoenas and metadata leaking are real problems, and it’s hard to design algorithms well in order to minimize the leakage. But Signal is designed in such a way that the only information that they can possibly collect on any user is (1) phone number, (2) account creation time, and (3) time of last connection with their server. This is true even if they are compelled to release information about their users, even under duress. This has played out in court many times, and Signal is unable to comply with government demands for any information other than exactly these three things: https://signal.org/bigbrother/
I’ve done 5 years of research into designing private messaging systems specifically, and the more I learn about Signal the more I believe that they’re really the gold standard of privacy, to the degree that it’s shocking that they’re a non-profit and provide their service for free. Knowing how hard it is to design a secure messenger, and how few eyes are actually on most open source projects, people should always be cautious about smaller projects promising stronger privacy guarantees.
The other concerns you brought up (anonymity, targeted government investigations, device compromise, etc.) are super valid and important. But I think Signal also does the best of any private messenger in their UI/UX design, to be as clear as possible about what they keep private. At some point, it’s not clear to me how Signal would protect users who (for example) use their full name and think they’re anonymous, or users who don’t put a password on their phone. They’ve really nailed the “private messenger” part, and I’m just trying to emphasize that the concerns in this comment thread and linked github essay are mostly unfounded, thankfully.