106
Signal in 2026? (lemmy.ml)
submitted 3 days ago by guymontag@lemmy.ml to c/privacy@lemmy.ml
128 comments fedilink hide all child comments

Is it still viable to use Signal for privacy in 2026? It's centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)

Thoughts?

top 50 comments
sorted by: hot top controversial new old
[-] HulkSmashBurgers@reddthat.com 6 points 1 day ago* (last edited 1 day ago)

I think for talking to friends and family it's fine I think.

If you're someone that would get more scrutiny from goverment organizations because of your activities (journalist, crime boss, sex worker, etc) you might want to use something more secure.

~~I have no idea what these more secure applications are.~~

Edit: Just did a quick search to see what i2p has for messaging:

I2P has messaging applications such as I2P-Messenger and I2P-Talk, which provide end-to-end encrypted communication without the need for servers. These applications allow for anonymous messaging and file transfers.

I2P-Messenger: A serverless, end-to-end encrypted instant messenger that allows users to chat anonymously. It does not log conversations, ensuring privacy. File transfer is also supported.

I2P-Talk: Another instant messaging application that provides similar security features as I2P-Messenger but is incompatible with it.

The above our super hardcore solutions that isn't neccesary for regular day to day messaging, but useful for more extreme cases. I've never used i2p or these two chat apps so I can't speak to how well they work.

[-] BillMangionee@lemmy.ml 13 points 2 days ago

In my experience, the bigger issue is folks just completely ignore OPSEC once they get on signal.

The centralized component is pretty concerning. Imagine if protests like in Iran earlier this year were to occur in the States. The Feds would immediately seize or DDOS those servers during nationwide unrest, before cutting the internet which is basically an inside out panopticon.

EOD it depends on your threat model. You're probably not on Signal if your life depends on it anyway.

Plus, its always useful to not have my texts immediately read and sent to advertisers.

[-] listless@lemmy.cringecollective.io 145 points 3 days ago

The client is open source, so it doesn't matter what the server code is, you can see everything the client sends and therefore tell what possible data is being collected.

It's run by a non-profit so there's no shareholders to please.

Your messages and decryption key are not stored on their servers.

It's been independently audited.

They have publicly posted responses to user information requests where they only provide the account creation date and last access time.

The (admittedly incompetent) US government recommends using Signal (for non-classified information) and top officials have been caught using it (Houthi Working Group).

You can never be 100% sure, but it appears to have excellent security and privacy.

[-] FauxLiving@lemmy.world 45 points 3 days ago

and top officials have been caught using it (Houthi Working Group).

For me this is the gold seal.

These guys desperately don't want records of their acts to become public record and they have the authority to outright ask US Intelligence 'Can you guys get access to this?' and the app they choose is Signal.

[-] whyNotSquirrel@sh.itjust.works 14 points 3 days ago

And then proceed to invite a random journalist to their group 😅

load more comments (1 replies)
[-] slazer2au@lemmy.world 16 points 3 days ago

Not to mention the FBI admitted that the only data from Singal they get is when the account signed up and when they last connected and they are very unhappy about so little information.

load more comments (1 replies)
[-] airikr@lemmy.ml 18 points 2 days ago* (last edited 2 days ago)

If you don't care about sharing your phone number with Signal and a third-party company (Signal refuses to state what company it is) that send the text message with the activation code to you. And if you don't care that everything will be saved on servers maintained by Amazon in USA.

Then yes, Signal is the right app for you even in 2026.

But if you do care (and you should) about your phone number and the location of your data, you should focus on something more privacy like XMPP (Snikket would be the easiest way to setup your own server) and SimpleX.

XMPP (for an example Snikket) uses OMEMO and OMEMO is based on Signal Protocol.

[-] axx@slrpnk.net 2 points 1 day ago

OMEMO is probably good enough, but i wouldn't assume it's the same quality as the Signal protocol it's based on (this analysis isn't too positive: https://soatok.blog/2024/08/04/against-xmppomemo/)

[-] captain_aggravated@sh.itjust.works 20 points 2 days ago

The stories I've heard where Signal messages have been extracted or otherwise accessed was from beyond either end. Someone invited a journalist to a private group chat. Someone handed someone else an unlocked device. The most alarming one is apparently Apple uploads every push notification your device gets to their servers. So if you are concerned about privacy there's a feature in Signal to set push notifications to only say "you got a message" and not include the sender or message contents in the notification.

I haven't heard of Signal itself leaking messages.

[-] stegosaur@lemmy.world 1 points 1 day ago

This is not true for Signal. Other apps may send the notification content but signal uses FCM to push a simple notification to wake the device and tell signal to fetch the actual notification. You can use the full text / info notification and know that Google does not see it.

https://discuss.grapheneos.org/d/1279-sandboxed-google-play-for-push-notifications-breaks-privacy/9

[-] captain_aggravated@sh.itjust.works 2 points 1 day ago

That is true for Signal, the FBI extracted Signal message content from Apple's push notification system: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/

The only thing to learn is everything is bullshit and nothing has ever been okay.

[-] stegosaur@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

We are both right 😆

It is true for Signal on Apple devices.

It is not true for Signal on Android devices*

*Well I'm using grapheneOS so I feel more comfortable in my case but a regular Android device with full access Google Play Services? That I'm not so sure about. It's conceivable that Google has a way to read the final notification (FCM push -> Signal fetches and displays message -> Google can read all notifications on the device, FCM or otherwise) 😬

[-] captain_aggravated@sh.itjust.works 1 points 1 day ago

Can you trust what a Pixel is doing with its 5G modem?

[-] stegosaur@lemmy.world 2 points 1 day ago

I'm not an expert or even close to that, so no, not really I suppose. Can you really trust any device when it comes down to the hardware level? I wouldn't trust an iPhone or any other phone more. Again, while I'm not an expert, I'd trust grapheneOS for software over any other mobile OS. Probably trust to that effect would be grapheneOS >>>> iOS >> everything else. But full trust in any hardware? Who really knows

[-] Nangijala@feddit.dk 4 points 2 days ago

This is what people don't get when it comes to that story about the journalist. You literally have to go out of your way to invite someone into a group chat. That does not happen on accident on Signal.

I had to explain that to a few people who heard that story and were super skeptical about Signal being dangerous. Which is ironic because the same people would be using messenger and think nothing of it.

[-] captain_aggravated@sh.itjust.works 1 points 1 day ago

I think the thing with Signal is "Oh it's secure. Very secure. You don't get better security in an app you can just install and use. You can get better security but you gotta like, learn shit about security." And that makes people use Signal without learning shit about security. So they make mistakes on their end. Those mistakes range in stupidity from "handed a cop my unlocked phone" to "didn't know Apple and Google peek at all your push notifications."

[-] Nangijala@feddit.dk 2 points 1 day ago

I mean, I think the best rule of thumb is that unless you're a tech wizard, you don't have online privacy. At all.

I don't believe anything is super safe and secure online. Not even Signal.

I always treat my online activity as if I am being surveilled because I probably am. Luckily I'm a boring bitch, so I don't really have anything to hide, but I do appreciate that I can stay in touch with friends and family without having to linger on Facebook anymore. So there's that.

The only time I feel annoyed about people talking about Signal is when they talk about it as if it's this super sketchy app that shares your data when literally every single friggin platform online does that and the same skeptical people use them all the time without question.

That part annoys me because people keep acting like we aren't already completely naked and our information owned by companies who do god knows what with it. If people are aware that everything they do is being surveilled and used for whatever purpose, then I don't really mind, but it doesn't seem like that is the case for many people. I genuinely still cannot believe how many people jumped on the DNA test trend, for example. Like holy shit, just give them your firstborn too, while you're at it. XD but hey, we all make stupid mistakes now and again. I remember my first smartphone having a thumbprint lock and I just did that throughout my early to mid 20s without thinking about it. At least they only have one of my thumbprints but yeah. It's so insidious, the way the tech world has lured us into giving up our information willingly.

The worst thing anyone can do when they are online is to believe they have any privacy. That is hubris.

[-] eldavi@lemmy.ml 1 points 1 day ago

are you me? because i look at it the same way, plus the fact that i always expect to be hopelessly outclassed by cia/nsa/mimossad/etc. so i always presume that everything i do online or on my phone is being broadcast to them in real time.

my only hope is that i'm also so boring and inconsequential to them that they don't give a rat's ass at whatever i do. lol

[-] Nangijala@feddit.dk 2 points 1 day ago

Yeah, exactly. I just always found it to be silly and arrogant to assume that I could ever outsmart agencies, organisations and companies that not only specializes in getting my data, but also built the tech and the systems I am navigating.

And I mean, I have enjoyed true crime since the Forensic Files were still explaining to normal citizens what DNA is and how that technology is applied in crime cases. I have casually followed the development of forensic sciences for at least two decades and let me tell you, there ain't no way you can hide online. The ones who can either have the right connections, are unbelievably skilled and cautious with tech or they don't use technology at all and live in an off grid cabin somewhere, where nobody uses smartphones.

[-] eldavi@lemmy.ml 1 points 18 hours ago

I never thought I would see a Unabomber lifestyle endorsement on Lemmy. Lol

[-] Nangijala@feddit.dk 1 points 17 hours ago

I dunno if I would call it an endorsement. It was more so to show how impossible it is to have privacy online, lol. You'd have to go to extremes to avoid having any information about you end up online. And honestly, even if you went off grid in a cabin somewhere, there still is no guarantee that you will succeed in keeping yourself offline entirely. Kaczynski is probably also a bad example as you can find pretty much everything there is to know about him online. A selfinflicted fate.

Anyways, the point is that privacy doesn't really exist if you own a phone, tablet or computer.

load more comments (2 replies)
[-] AtHeartEngineer@lemmy.world 19 points 2 days ago

Many people have already commented saying it's good to go, but I also wanted to add, I have dug into their actual encrypted group messaging protocols a few years ago because I was interested in using it for a different use case, and I would say it's pretty well thought out. I trust it, I use it daily, and I've looked at the code. I'm not, nor have I ever been, an auditor, but I have been paid to do cryptography and red teaming/cyber security from big orgs, so I would say I have some professional experience in the matter.

[-] Zak@lemmy.world 19 points 3 days ago

Who do you want privacy from and why?

That's not a rhetorical question. It matters. If you want privacy from corporations and governments doing mass surveillance because you're against mass surveillance in principle, Signal is great! As long as you don't give janky apps permission to read your notifications, or you limit what Signal shows in its notifications, your device won't leak to those kinds of threat actors. You can't be sure everyone you talk to is as fastidious though.

If the cops, gangsters, or similar are likely to target you and the people you're talking to directly, there's a good chance just using Signal without a security plan won't keep them from getting the contents of the conversation as in this recent incident where the FBI extracted deleted messages from notification logs. To defend against that specific attack, everyone needs to configure Signal to keep message content and contact details out of the notification. Dedicated devices for secure communication set up by someone who knows what they're doing are ideal in this situation. Signal is still a good choice here, but Signal alone won't guarantee privacy.

If you're being targeted by an intelligence agency from a rich country that has allocated a significant budget to surveil you in particular, you're probably screwed. There's plenty of public information about how US government officials and contractors are required to work with classified information to get a sense of how you might try to mount a defense. It's guaranteed to be inconvenient.

[-] eldavi@lemmy.ml 8 points 3 days ago* (last edited 2 days ago)

agreed and to add to this:

Dedicated devices for secure communication set up by someone who knows what they’re doing are ideal in this situation.

becoming your own expert is unfeasible for 99.999999999999999999999999999999999% of people and expecting it is no different than expecting people to become their own lawyer, dentist, or doctor.

If you’re being targeted by an intelligence agency from a rich country that has allocated a significant budget to surveil you in particular, you’re probably screwed

the bar against protecting yourself from the local police in the united states is MUCH lower than the cia, nsa, mossad, etc. and should be the goal of most projects since it's the most realistic and the most likely to happen; there's next to nothing that can be done against he alternatives.

the alternative is that unfeasible ultra high bar and judges in the united states have a history of holding people in jail for years for contempt of court of not providing passwords or using duress like options on their electronic equipment.

[-] nutbutter@discuss.tchncs.de 41 points 3 days ago

A lot of people use Signal. It may not be the best solution out there, but it is so, so, so much better than the proprietary alternates.

One good thing is that a normie can easily use it as an alternative to WhatsApp, since the app design is so similar. I mean, it is easy for family and friends to understand and start using Signal, compared to something like Matrix or XMPP.

And if someone needs a little more hardening, they could use the fork called Molly, which has a few more security benefits over the stock app.

[-] sem@piefed.blahaj.zone 13 points 3 days ago

Shit these are great features. I had never heard of it before.

Molly is an independent Signal fork for Android with improved features:

Fully FOSS Contains no proprietary blobs, unlike Signal

Encrypted Protects database with Passphrase Encryption

Multi-Device Pair multiple devices to a single account

Material You Extra theme that follows your device palette

UnifiedPush Ungoogled notification system

Automatic Locking When you are gone for a set period of time

RAM Shredding Securely shreds sensitive data

Tor Support Supports SOCKS proxy and Tor via Orbot

[-] uuj8za@piefed.social 11 points 3 days ago* (last edited 3 days ago)

Ooh! And you can add an F-Droid repo!

load more comments (3 replies)
[-] dessalines@lemmy.ml 20 points 3 days ago

PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.

It's hosted in the US, subject to its pervasive spying laws including national security letters.

Also I need all your phone numbers.

Also no you can't host this yourself, I run the only server.

Everyone who uses signal and supports it, is falling for this pitch.

Why not signal?

[-] yogthos@lemmy.ml 4 points 2 days ago

One of the most sus things about Signal is the cult following it has. I really can't think of any other chat app that will have people coming out of the woodwork advocating for it while telling you not to use anything else. There's absolutely nothing special about Signal that would warrant this. It's at best a mediocre user experience, it still handles a lot of things like switching devices really poorly. It's open source in name only. There's just no reason why it should be this popular on its own merits.

[-] axx@slrpnk.net 1 points 1 day ago* (last edited 1 day ago)

I think you're missing historical context. There are more options now, but when Signal came out (or became Signal, after TextSecure), it was the only tool to offer such strong cryptographic properties with its then novel double ratchet algorithm. Compared to OTR and, much worse, all the other crap that was not E2E encrypted at all, it was the first really credible option on a mass scale.

The crypto was reviewed by well-considered experts, and came out looking strong.

Telegram fought for years trying to say they were just as good and in fact better, which is entirely disingenuous considering it's not an encrypted messaging app.

These things contributed to what you call the cult following. Which wouldn't be negative (a cult film has a cult following) if not intended to mean "a cult like Scientology".

[-] yogthos@lemmy.ml 2 points 1 day ago

But that's precisely what makes the whole thing cultish in a negative sense. A decade ago you could make the argument that Signal was doing something special, but that hasn't been the case for a long time. The continued adherence to the app is utterly irrational today.

load more comments (23 replies)
[-] electric_nan@lemmy.ml 30 points 3 days ago

Yes. You will find a lot of randos saying no, but the consensus among security professionals and researchers is that it is still the current standard. Not to say that it doesn't deserve scrutiny or criticism, or that other projects aren't important to develop.

load more comments (3 replies)
[-] communism@lemmy.ml 12 points 3 days ago

As per usual, the answer is "depends on your threat model". For a lot of sensitive communications, the centralised design and therefore ability to correlate metadata is a no-go. But if you're just using it e.g. as a WhatsApp replacement to message your friends, it's fine. It's still the most polished and normie-friendly e2ee foss messenger.

[-] IratePirate@feddit.org 16 points 3 days ago* (last edited 3 days ago)

While centralisation continues to be a problem (as the recent AWS outage has shown), Signal continues to be the a sufficient compromise between privacy and usability that a non-technical user will actually use.

That said, I'm making contingency plans to set up an alternative for close family in case the US goes full retard and makes it inaccessible.

load more comments (4 replies)
[-] Unifier2661@lemmy.today 5 points 2 days ago

Signal for people I know IRL, Simplex for those I don't.

[-] lemmy@monero.you 9 points 3 days ago

if you are super private person or want to be anonymous, maybe you can choose SimpleX.

[-] utopiah@lemmy.ml 10 points 3 days ago

IMHO the question depends on :

  • who you are (boring, rando, political dissident, journalist, etc)
  • who you talk to (family, friends, work, etc)
  • what alternatives actually exist

So... sure Signal is not perfect but if you can't convince your family members to move to DeltaChat it sure beats using WhatsApp, Telegram, etc.

load more comments (1 replies)
[-] emotional_soup_88@programming.dev 12 points 3 days ago

https://github.com/mollyim/mollyim-android

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 21 Apr 2026
106 points (89.0% liked)

Privacy

48148 readers
419 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz