scriptjunkieFBI is spying on private Signal group chats. The Guardian article from a few weeks ago going around is a terrible article full of hysterics with no concrete details or any sane idea of security, so don't give them the click and I'll try to do so myself.
Someone in the group chat has a hacked phone or laptop with signal desktop, or once scanned a bad QR code and all their chats will forevermore be owned or maybe they're just giving logs to the FBI or someone in their apartment is. It doesn't really matter.
What can the FBI do with this? Any message the user sends triggers notifications to all chat members via APN/FCN (see: https://github.com/signalapp/Signal-Server/blob/9c4047a90bee044255fdcf7c5c2e59f89f1ff5e8/service/src/main/java/org/whispersystems/textsecuregcm/push/PushNotificationScheduler.java#L305-L314 for example). The FBI could send a National Security Letter to Signal to demand the Apple/Google ID's of everyone on the convo, then do the same to Apple/Google to get the phone number, name, location, etc. of all the users. The NSL would prohibit notifying the users.
Will members be put on watchlists, no-fly-listed, hit by terror (antifa) charges? I don't know! They could. This was theorized before (e.g. https://www.scriptjunkie.us/2020/01/dispelling-decentralization-doubts/) but now that it's confirmed, it's worth checking out decentralized, non-phone-based, actually secure alternatives.
All GNU social JP content and data are available under the