If you were wondering how my day is going, I'm still being yelled at by Signal groupies who are mad at me for saying the app lacks special features for protecting classified information.
Conversation
Notices
-
Embed this notice
Matt Blaze (mattblaze@federate.social)'s status on Thursday, 10-Apr-2025 05:33:10 JST 
Matt Blaze
- feld likes this.
- Rich Felker and GreenSkyOverMe (Monika) repeated this.
-
Embed this notice
Matt Blaze (mattblaze@federate.social)'s status on Thursday, 10-Apr-2025 05:33:25 JST
Matt Blaze
For the record:
- The *cryptography* in Signal is probably fine; a practical attack would be a big surprise.
- Signal lacks specific features required for classified systems, such as security labels, certified identities, revocation, etc.
- Signal runs on uncontrolled, insecure platforms connected to the Internet, rendering it unsuitable for classified even if it had the above features.
- Adding classified features to Signal would make it unusable for most purposes for which it's intended.
Rich Felker repeated this. -
Embed this notice
Matt Blaze (mattblaze@federate.social)'s status on Thursday, 10-Apr-2025 05:33:35 JST
Matt Blaze
I'm not dunking on Signal here (though there *are* some features and usability quirks I dislike). It's probably the best designed and implemented secure messaging platform *for general use* that we've got. I use and rely on Signal quite a bit myself.
But it's simply not designed for, or suitable for, classified national security communications.
-
Embed this notice
Matt Blaze (mattblaze@federate.social)'s status on Thursday, 10-Apr-2025 05:33:53 JST
Matt Blaze
I should also note that when I say the cryptography in Signal is “probably fine; a practical attack would be a big surprise”, that’s about the best we can say about almost all cryptography used in the real world. No strong (not dependent on unproven assumptions) security proofs for much of anything you’d actually want to use.
All GNU social JP content and data are available under the