Normally I wouldn't link to meta discussion but this was such a weird borderline case that I spent over an hour trying to figure it out. Maybe that makes it interesting.
Edit: in case anyone's confused about the sequence here, micahflee posted the current thread 2 days ago. The timestamp at the top of this page is an artifact of us re-upping it (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...).
I do feel there's a pattern of me reading some interesting tech news, then thinking "wait, why didn't I see this discussed on HN?", to searching for it and finding a buried/flagged HN discussion due to it being somewhat tied to politics (what isn't?)
Someone who had a flag applied to them was flagged.
Noun to verb conjugations are unofficial English. But we love verbing our words. Google has been verbed into Googling. And when someone is the target of Google we call that getting Googled.
It's again, unofficial and unwritten and unstudied American English. So don't sweat it. It's how our slang evolves. Apologies for the lack of consistency in our language!
Hm? Where'd you get that impression?
It's certainly unofficial -- English has no official governing body, so essentially _all_ English is unofficial. However, zero-derived denominal verbs are quite common in even formal written English [0], are well studied [1], and aren't at all limited to American English [2].
----
[0] As seen in this very thread.
[1] It took me almost no time to find a random academic paper [1a] and two Wikipedia articles [1b][1c].
[1a] https://dingo.sbs.arizona.edu/~hharley/PDFs/HarleyDenominalV...
[1b] https://en.wikipedia.org/wiki/Denominal_verb
[1c] https://en.wikipedia.org/wiki/Conversion_(word_formation)
[2] https://www.thetimes.com/uk/politics/article/the-pedant-noun...
It would be if Google announced Gmail and there was a technical analysis and then it was hacked the same day, I would hope there would be a post for that.
Short version: it's not possible to have separate discussions in the way you describe. They would just get totally blended.
I like your Gmail analogy but I don't think it applies here. The "technical analysis" article is driven by the same political/security concerns as the "hacked" update.
"Show HN" is a separate thing entirely - it's true that the submitter of this article was the author (which is great), but that's not enough to make a post a Show HN (https://news.ycombinator.com/showhn.html).
The 404 media article linked in this article is an earlier article.
The 404 media article with the hack was posted last night at 6pm. So that needs a seperate post, and should not be marked duped.
It’s like encashing on the trust of Signal protocol, app while breaking its security model so that someone else can search through all messages.
What am I missing here?
OK, say you're a bank. The SEC states you need to keep archives of every discussion your traders have with anyone at any time (I'm simplifying things but you get the point). You keep getting massive fines because traders were whatsapping about deals
So now you've got several options - you can use MS Teams, which of course offers archival, compliance monitoring etc. But that means trusting MSFT, and making sure your traders only use Teams and nothing else. You can use a dedicated application for the financial industry, like Symphony or ICE Chat or Bloomberg, but they're clunkier than B2C apps.
And then the Smarsh (owners of Telemessage) salesman calls you, and says "your users can keep using the apps they love - WhatsApp, Signal - but we make it compliant". And everyone loves it (as long as no-one in your Security or Legal teams are looking too hard at the implications of distributing a cracked version of WhatsApp through your MDM...)
Edit: here's the install document for their cracked WhatsApp binary https://smarsh.my.salesforce.com/sfc/p/#30000001FgxH/a/Pb000...
These records are encrypted in storage.
What other ways are there that don't involve WhatsApp's Google Drive backup feature or scraping the web interface?
EDIT: There was another post calling them divas, alot of them act that way.
For devices the company controls they can of course use the API the above poster mentioned though
The whole "everyone thinks like us" delusion bought with the surplus of a good times window distributed all around and its still willing to return to this delusional state of affairs.
The obvious plot-holes they reveal when it comes to we do not discuss nature (the bugs in the human mind are all fixable with education) and we do not discuss nurture (all cultures are equal, and equally capable - disregard the evidence before your eyes).
You don't get to juggle and drop so many balls and do not massively loose confidence!
The rule of (finger in ears) "La-La-La" is over - the problem is- the right is a reactionary mess, that has no solutions, analysis and tools to exploit these weaknesses.
The goal of signal is trusted end-to-end encrypted communication. Device/Message security on either end is not in scope for Signals threat model.
If you don't trust the people in your chat, they shouldn't be in your chat.
I assure you, none of these people trust each other. Backstabbing is normal.
They're also likely using it to talk to foreign counterparts. Again, most of whom they don't trust a bit.
Encryption isn't just about "do I trust the recipient".
The trust level required with Signal is, "do I trust the people in this chat not to share the specific communications I am sending to them with some other party whom I do not want to have a copy".
There are many many situations where this level of trust applies that "trust" in the general sense does not apply. It is a useful property.
And if you don't have that level of trust, don't put it in writing.
TM SGNL changes the trust required to, "do I also trust this 3rd party not to share the contents of any of my communications, possibly inadvertently due to poor security practices".
This is a categorical and demonstrably material difference in security model. I do not understand why so many are claiming it is not.
That's the same level of trust really. Signal provides a guarantee that message bearer (i.e. Signal) can't see the contents, but end users may do whatever.
You can't really assume that counterparty's device isn't rooted by their company or they are themselves required by law to provide written transcripts to the archive at the end of each day. In fact, it's publicly known and mandated by law to do so for your counterparty that happens to be US government official.
The people who assume that they are talking with one of the government officials and expect records not to be kept are probably doing (borderline) illegal, like talking treason and bribes.
No, this is not a "nothing to hide argument", because those people aren't sending dickpics in their private capacity.
Because all it takes is one user to decide they trust the third party.
Right now you actually have to do more than trust everyone, you have to trust everyone they trust with their chat history. Which already can include this sort of third party.
This allows Apple (and the US intelligence community, including FBI/DHS) to surveil approximately 100% of all non-China iMessages in close to realtime (in the usual case where it’s set to backup cross-device iMessage sync keys).
(China, cleverly, requires Apple to not only store all the Chinese iCloud data in China, but also requires that it happen on machines owned and operated by a joint venture with a Chinese-government-controlled entity, keeping them from having to negotiate continued access to the data the way the FBI did.)
https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...
Yet Apple can still legitimately claim that iMessage is e2ee, even though the plaintext is being backed up in a way that is readable to them. It’s a backdoor by another name.
Everyone wins: Apple gets to say E2EE, the state gets to surveil the texts of everyone in the whole country without a warrant thanks to FISA.
But outside of that scenario, is there any advantage to iMessage using e2ee instead of just regular TLS?
Edit: Apparently it's up to you whether you want your iCloud backups to use e2ee. There's an account setting: https://support.apple.com/en-us/102651. Standard protection is a sensible default for regular who aren't tech-savvy, as with e2ee they're at risk of losing all their iCloud data if they lose their key.
Again, Apple gets to say “we have e2ee, any user who wants it can turn it on” and the FBI gets to read 100% of the texts in the country unimpeded.
If Apple really wanted to promote privacy, they’d have deployed the so-called “trust circle” system they designed and implemented which allowed a quorum of trusted contacts to use their own keys to allow you to recover your account e2ee keys without Apple being able to access it, rolled that out, and then slowly migrated their entire user base over to e2ee backups.
They have not, and they will not, because that will compromise the surveillance backdoor, and get them regulated upon, or worse. The current administration has already shown that they are willing to impose insanely steep tariffs on the iPhone.
You can’t fight city hall, you don’t need a weatherman to know which way the wind blows, etc. The US intelligence community has a heart attack gun. Tim Apple does not.
Separately it is an interesting aside that Apple’s 1A rights are being violated here by the presumptive retaliation should they publish such a migration feature (software code being protected speech).
If you are the only person out of all the people you correspond with who has ADP enabled, then everyone you correspond with is uploading the plaintext of your messages to Apple.
Effectively nobody has it on. 99%+ of users aren’t even aware of the feature’s existence.
https://daringfireball.net/linked/2023/12/05/icloud-advanced...
You have to remember that there are something like a billion+ iOS users out there. 100 million people have not written down their 27 character alphanumeric account recovery key.
Makes sense. But still debatable if the compliance requirements are acting against the security model or perhaps there are biggest concerns here than just secure communication.
Journalist? Taliban negotiator? Ex-wife?
I’ve worked for non-Federal government. Your work product is not your own, and the public interest, as expressed by the law requires that your communications and decisions can be reviewed by the government you serve.
The US government created the dark web to enable espionage — its pretty obvious why they need to read their employees mail.
You want to talk to people who want to use Signal, but you yourself don't care about E2E
You trust Telemedia, but not Telegram, or Meta. And you want convenient archiving.
A chat participant bot would also be handy if you wanted to feed everything through your Ai bot at the same time.
(I feel like I have to say this in every thread that insinuates something sinister about being a "former Israeli intelligence officer": the structure of Israel's military and mandatory service is such that just about everybody with technical skills serves in some kind of "intelligence" capacity. It's not a very big country. This is, of course, independent from any normative claims about Israel's government, politics, etc. -- it's what you'd expect in any small country that has mandatory military service with a significant intelligence component.)
Correct - they would not use that intelligence to threaten that relationship, but to maintain it. Knowing the political leanings of politicians and government officials (for example, identifying any that think that relationship is more of a cost than a benefit) is extremely valuable to that end.
(It also beggars belief in the current climate -- I would be hard-pressed to name a single member of the current administration who hasn't yelled until purple in the face about their support for Israel's current government and wartime policies.)
[1] After House Speaker Mike Johnson Pushed Through Israel Aid Package, AIPAC Cash Came Flowing In - https://theintercept.com/2024/01/20/israel-aipac-house-mike-...
[2] The Israel lobby and U.S. foreign policy - https://www.hks.harvard.edu/publications/israel-lobby-and-us...
[3] More than 95% of AIPAC-backed candidates won their election last night! Being pro-Israel is good policy and good politics! - https://x.com/AIPAC/status/1590362232915132417
Periodically, someone gets caught red-handed, a fuss is made, some diplomats get thrown out and replaced with other ones, and then everyone continues doing it.
There's a reason the US bought this app from Israelis, and it wasn't because of improved security or archive compliance.
For how much they like to beat the "buy American" drum, this contradicts that.
[1]: https://www.thedailybeast.com/israeli-spies-arent-exactly-re...
Today they may collide in most instances, who's to say tomorrow it will still be the case. For instance when Iran gets the nuclear bomb and threaten Israel with it ?
An encrypted messaging system, used by the American government, is in my opinion even worst than the supposed Huawei 5g antenna data collection.
Huawei wouldn't have had access to secret talk between top government official, at least not decrypted.
I don't know if this was your intention, but it's exceedingly likely that the US would side with Israel in all circumstances if Iran threatened Israel with a nuclear weapon, no matter who is president. In fact, the threat of Iran attacking Israel was one of the key reasons† Biden refused to unilaterally stop all arms shipments to Israel.
† Source: War by Bob Woodward.
Part of his hawkishness toward Iran comes from the kinds of national security advisers he keeps (typically all hawkish on Iran themselves, with some exceptions like General Mark Milley), and part of it comes from his admiration for "strongman" leaders like Bibi.
While some of the points you make are indeed correct it actually paints an inaccurate overall picture.
For example: not widely known but 100% true, Israel is and has been for a long time classified as the highest level of counterintelligence threat to the US on par with China, Russia, Cuba and others.
I assure you, this is a big fucking deal and not something to be waved away with “everyone’s intel, don’t worry it’s probably nothing”.
I'm saying that the fact that it's Israeli tech is not itself the biggest part of the story.
(A piece of context that's often missing from - typically charged - discussions about US/Israel relationships is the degree of dependence between the two, and how that's varied over the years. Israel's defense policies have historically been informed by a desire to be fully self-sufficient during wartime, i.e. not require active support from countries like the U.S. That policy has been deprioritized over the last 20-30 years, to the point where the US is now a significant active defense provider for Israel, rather than just an arms supplier. This is a dependency relationship that's new to the ongoing conflict, and should color any analysis of Israel's willingness to do things that would threaten its relationship with the U.S.)
I guess US gov would not like to have it be out publicly, but they must understand that this is being at least attempted and US likely does it to Israel, too.
https://www.timesofisrael.com/new-nsa-document-highlights-is...
My point here is pretty narrow: I'm sure Israel spies on the US, and we spy on them. My only doubt is whether TM SGNL itself is an element of that, or whether it's just another flavor of junk software sold to USG to paper over the gaps between technology and compliance requirements.
I mean, they stole weapons grade Uranium from United States along with nuclear secrets and we just shrugged our shoulders: https://www.theguardian.com/world/2014/jan/15/truth-israels-...
I would hope that any message archiving is being done on an organization-owned server though.
Yes, tools like Cellebrite and zero-day exploits.
Those are tools which are used to spy on people outside of the government.
This is a tool that has data created by the government.
There's compelling evidence that the messages all pass through TM servers before being archived.
https://www.404media.co/the-signal-clone-the-trump-admin-use...
The question is where the E2E encryption goes between.
The builds that are distributed would likely just send the plaintext un-encrypted message separately to the archive, and I'm guessing that means it goes right to TM servers before being dispatched elsewhere.
But is this really just evidence that a mandatory draft is actually good economic policy? Having a forced networking event where a bunch of similar skilled individual meet each other seems to be producing a ton of economic value for Israel.
I more or less agree.
> We’re literally an occupied nation
The language of the US under occupation is a neonazi talking point, ZOG (Zionist Occupation Government) being a phrase neonazi morons like. Maybe a coincidence.
(I’ve been using 30 years due to feeling that HW Bush was stronger with Israel on the particular issue of Palestine, but really, not an expert here at all)
A likely explanation is that the communications director (or the people informing her) wouldn’t know to distinguish between Signal the app, and a Signal compatible app that is nearly indistinguishable from Signal. A lot like Kleenex is a common term for tissue paper regardless of brand.
When the leak was first revealed, there was loud speculation about the legality of government chat messages being set to auto-delete. This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things. It makes perfect security sense to archive messages somewhere secure, off phone, for record keeping compliance while ensuring that relatively vulnerable phones don’t retain messages for very long. It’s also an easy explanation for why such an app was created in the first place. There is an obvious market for it.
Only if this his standard govt issued phone. It's also been shown they are also using their own personal phones. The could easily be using unapproved phones some random DOGE'er bought gave them with an MDM setup, without any real oversight.
No. Even if you managed to get the app and push it to devices, you can't just use TM-SGNL without having an archiving account from Telemessage.
Source: I manage this exact setup for several clients.
Why wouldn't the government (DOGE in this scenario) be able to get an archiving account?
edit: found their install doc! https://smarsh.my.salesforce.com/sfc/p/#30000001FgxH/a/Pb000...
We only have evidence they used TeleMessage after the scandal. When the same guy let the press take a photo of his messages with Vance, Rubio, Gabbard and others.
[0]: https://www.404media.co/the-signal-clone-the-trump-admin-use...
Read their install guide and weep at the idea of pushing cracked WhatsApp binaires through MDM https://smarsh.my.salesforce.com/sfc/p/#30000001FgxH/a/Pb000...
On a more meta note, I wonder who even works at companies founded on ideas that are just... bad. On average, I expect good engineers to push back on such business requirements and also have better job mobility so they can leave and work elsewhere. The researcher found the vulnerabilities "in less than 30 minutes" so it seems there's some lack of competence here.
Unfortunately, misguided business requirements like this won't simply disappear and I get that those can be niche offerings that attract juicy contracts.
I wouldn't be surprised if it at least 25% of HN has worked for such companies for at least 2 years of their career.
Every single article is written with the presumption that there are no actual IT people in the White House, that someone wheeled in a Starlink dish on a dessert cart in the yard which is somehow running the entire government. It's silly and ridiculous.
Veterans Affairs actually publishes a list of approved software as part of their Technical Reference Model: https://www.oit.va.gov/services/trm/ (don’t know how complete it is)
But I’m not aware of other agencies doing this. I suppose that VA, given the nature of what they do, likely feels that there is less risk in publicising this information
There’s also the FedRAMP program for centralized review of cloud services - fedramp.gov - I haven’t looked to see if Telemessage is listed as approved but I see some references to FedRAMP and Telemessage online suggesting that it may be
Another source of info is SAM.gov - https://sam.gov/opp/ab5e8a486e074d73bfe09b383ba819ab/view (that’s for NIH) - if there is an agency paying for it, you can assume they’ve approved it for use (or are in the process of doing so) even if they haven’t otherwise publicly said they are. But, not all contracts are public, so just because you can’t find it on SAM.gov doesn’t mean it doesn’t exist
As is putting someone with a brain parasite and anti-vax beliefs as the head of HHS, but here we are.
“Silly and ridiculous” does not mean “implausible” with this administration. It’s the standard.
That situation was ridiculous, in that to score the marketing points, but fighting with the whitehouse IT the starlink is installed at a remote location with much the same point of failure as their fibre services.
They were the party of young-earth creationists, religious pro-lifers, climate-deniers and gun-lovers - but also of educated fiscally conservative folks. The party would welcome economics professors and leaders of medium-sized businesses, promising no radical changes, no big increases in spending or regulation, and a generally pro-market/pro-business stance.
The genius of Trump was in realising the educated fiscally conservative folk were driving 95% of the republican policy agenda but only delivering 10% of the votes. The average Republican voter loves the idea of disbanding the IRS and replacing all taxes with tariffs on imports. Sure, you lose the educated 10% who think that policy is economic suicide - but you can more than make up for it with increased turn-out from the other 90% who are really fired up by the prospect of eliminating all taxes.
And it works - jumping into the anti-intellectual camp with both feet has delivered the house, the senate, the presidency (electoral college and popular vote), and the supreme court.
The conservative movement has a brain-drain because they've realised they don't want the votes of smart, educated people.
My point is that you have to distinguish between arguing against the output of the intellectual activity and arguing against the intellectual activity taking place.
Isn’t it rather pro-intellectual to found universities like that of Bologna in 1088 and pour massive amounts of resources into research to ensure we eventually get to the level of obstetric medicine that we have?
And isn’t it on the contrary intellectually lazy to throw your hands up and declare life to be disposable simply because you don’t know how to treat and prevent diseases and can’t be bothered to figure out how?
Source: I'm the admin who installs TM-SGNL for many users.
So... is it properly open source?
His repo, not theirs: https://github.com/micahflee/TM-SGNL-Android/commits/master/
He points out that "You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy."
No. Just no. Anyone who has handled TS information would know how nutz that sounds. Irrespective of software, TS stuff is only ever displayed in special rooms with big doors and a man with a gun outside. The concept of having TS on an everyday-use cellphone is just maddening.
More specifically, the device Obama was given was a Sectéra Edge [0][1] by General Dynamics, a device specifically designed to be able to operate on Top Secret voice and Secret data networks. It had hardware-level separation between the unclassified and classified sides, even having separate flash memory for both. [2]
The NSA contributed to the design and certified it and another device (L3's Guardian) on the SCIP, HAIPE, Suite A/B, Type 1, and non-Type 1 security protocols.
It was absolutely not a regular BlackBerry, it didn't run any RIM software, no data ever went through RIM's servers, and secure calls were encrypted and didn't use SS7. It was a clunky purpose-designed device for the entire US government to be able to access Secret information and conduct Top Secret voice calls on the go.
Even then, there were limitations to when and where it could be used and when a SCIF was required.
The current equivalent of the SME-PED programme is the DoD's Mobility Classified Capability[3], which are specially customised smartphones again made by General Dynamics.
There is no excuse whatsoever for the current administration's use of Signal, let alone TeleMessage Signal, for Secret and Top Secret discussions on regular consumer and personal devices. It's deeply irresponsible and worse than any previous administration has done.
[0] https://www.cnet.com/tech/tech-industry/obamas-new-blackberr...
[1] https://gdmissionsystems.com/discontinued-products/sectera-e...
[2] https://apps.dtic.mil/sti/tr/pdf/ADA547816.pdf
[3] https://www.disa.mil/~/media/files/disa/fact-sheets/dmcc-s.p...
The photo attached to the article captioned "President-elect Barack Obama checks his BlackBerry while riding on his campaign bus in Pennsylvania last March." appears to show a blackberry.
I take it from the article that this was as controversial as I remember it being at the time. Thanks for posting it.
The Blackberry for personal use wasn't a stock BlackBerry, but hardened by the NSA and fitted with the SecurVoice software package to encrypt voice calls, emails, and messages. The few people he had on his approved communication list were given the same devices.[1]
That BlackBerry was, again, not used for classified communication. So it's not the same thing as the current scandal.
[0] https://www.spokesman.com/stories/2009/jan/24/obamas-other-p...
[1] https://www.wired.com/2009/04/obama-to-get-back-blackberry-a...
Presence of the senior staff on his (very limited) contact list would seem to contradict that statement. Communication with them would be, by definition, not personal.
I agree with you that our government officials should be using the secure infrastructure our patriotic service members and civil servants work so hard to build and maintain.
What's clear is that NSA put a fair amount of effort into securing and maintaining that system, so much that its use was limited to the White House; Hillary Clinton wanted a similar setup (her predecessor, Condoleezza Rice, had been allowed to use unaltered "off the shelf" Blackberries under an NSA waiver, but NSA had declined to renew those waivers due to security concerns), but NSA slow-walked and effectively derailed the discussions with State's security team, perhaps because they wanted to limit the amount of technical detail discussed outside the White House, or because they were concerned that State would be unable to provide SecState with the kind of technical support necessary to secure the devices during global travel. (We all know what happened next, of course.)
So, again, it’s not a parallel to the current situation. Nobody is saying the SecDef and other staff shouldn’t have unclassified devices as well as their classified devices, the issue is that they’ve been using the unclassified devices to conduct Secret or Top Secret discussions.
Secretary of Defence Hegseth sent Secret or Top Secret information over a channel (Signal/TM Signal and a regular mobile phone) that was never cleared for classified communications. The person I was replying to was trying to equate Obama's actions to those of Hegseth (and Waltz and others), I was providing context showing that to be a false equivalence.
What Hegseth did was indefensible.
It has been eight years since Obama's presidency, had there been any use of this hardened BlackBerry for classified communications it would have emerged by now. Similarly, all messages on that device were subject to the Presidential Records Act, and are archived by NARA. You can FOIA them if you want to.
There were also no claims made during his administration that he ignored security protocols. Even his insistence on retaining a BlackBerry for unclassified communications was done through a compromise and an NSA-hardened device, not by ignoring the rules.
Similarly, how do we know that Reagan didn't hold cleartext phone calls with his aides on the Top Secret plans to contain the USSR? We don't, but in the absence of any supportive evidence over the years it's safe to assume he did not.
(I would have replied to him directly, but the comments have since been [appropriately] flagged)
In reality, no argument could ever be made if you had to prove the negative of every argument. Some other common applications of this fallacy off the top of my head:
"Well we don't have proof that children weren't trafficked in Comet Pizza, so it's proof that it did actually happen."
"We don't have proof that no kids used litterboxes at school, so it's proof that they did use litterboxes."
Whatever the reason, I have made my case. Feel free to make yours with a similar level of evidence.
> false equivalence
We're literally talking about people occupying the same positions. If anything, blackberry seems less secure. For instance, there's a global en/decryption key, and it's known: https://www.vice.com/en/article/exclusive-canada-police-obta...
1) you don't have any evidence that he used it for TS and are just trying to make a false equivalence.
2) you think secdef and potus occupy the same position.
Got it.
Doesn't that break Signal's security guarantees? For example, what if I set my message to delete in 1 hour but TM Sgnl archives it, or some other app simply ignores the retention setting?
If Signal allows it, it seems like a major vulnerability? I suppose I must trust other users - they could always screenshot a conversation. But while I trust them not to intentionally cheat me, I shouldn't have to trust them to accurately evaluate the security implementation of a software application - something most people can't do, Mike Waltz being the most famous example.
Maybe Signal should identify users unofficial clients. A downside is that it would provide significant identifying information - few people use unofficial apps.
Disappearing messages has never been a security guarantee of Signal. People can always archive things their own way (screenshots in the worst case). It's just a convenience feature, not a security thing.
What makes you say that? Has Signal posted something about it?
Retention settings are widely used for messaging security.
Also, I just used retention as an example. There could be many other holes in the unofficial client, including how it communicates with the Signal network. Maybe my messages aren't E2EE when communicating with that client. Maybe the mess up the encrytion implementation.
I mean, if you want Signal's blog post where they introduced it, it's here: https://signal.org/blog/disappearing-messages/
But also, of course Signal hasn't promised that if they're remotely competent, because that's impossible. You can't stop people from retaining messages if they want to. Now perhaps they're not remotely competent, but in reality they do know better.
> Retention settings are widely used for messaging security.
I mean, maybe people think they're using it for that, but regardless of the context, it will not provide any actual security, because that's impossible! Your recipient could get out a camera and take a photograph if that's what it comes to.
You are making the perfect the enemy of the good. As I said, two comments up: "I suppose I must trust other users - they could always screenshot a conversation. But while I trust them not to intentionally cheat me, I shouldn't have to trust them to accurately evaluate the security implementation of a software application - something most people can't do, Mike Waltz being the most famous example."
IT security professionals do use retention settings for security; it's not perfect, as you say, but it's very helpful. For example, many businesses auto-delete messages after a certain period except messages that the user intentionally preserves.
And as I said, there are other security functions in Signal that users must trust their apps to handle correctly.
They merely said: "Disappearing messages has never been a security guarantee of Signal".
Signal guarantees end-to-end encryption in transit. They don't guarantee anything that happens on the phones, because they can't. They try to help where they can, e.g. with disappearing messages. But that is a convenience tool, not a security guarantee by Signal.
My point is that they could help a lot more by verifying the clients.
> Signal guarantees end-to-end encryption in transit.
They can't guarantee that unofficial clients do E2EE. For example, what if the client sent messages in a way that leaked information, including contact information of the users?
> But that is a convenience tool
It's a security tool, it's just not guaranteed.
People have been requesting various changes to this feature for years, but hear crickets from Signal.
Anything you ship with the app can be extracted.
There are libraries for interacting with Signal services (one from Signal themselves), here is a CLI tool that uses a patched official library: <https://github.com/AsamK/signal-cli>
There was a case where a teenager in India rose to news media popularity by publishing a messaging app, which was a simple rebranding of Signal he made using some other tool which patches assets iirc.
It was blocked by Signal, but only after reports surfacing about it being an insecure rebrand.
I don't think they asked Signal Foundation for permission, they just did it. Just because you're an Israeli government contractor doesn't mean you can't get rich from piracy and modding so long as you find gullible buyers
Also, how would Signal know this isn't the official app that's accessing their network? They do have a standing policy against it but if someone copy-pastes the APK and makes modifications in parts that don't talk to your server, how's your server to know that an illegitimate client is talking to it
But tl;dr anything said on those phones is assumed to be compromised until proven otherwise by time or a whole lot of very interesting security verifications. So far the evidence that this is a very large leak looks probable based on the evidence presented.
It is also reasonable to guess that such services have access to malware similar to the infamous Pegasus and a nonzero success rate at deploying it. In short, it's careless to assume none of the phones aren't rooted by a hostile actor.
That's one of several reasons the government has rules requiring that classified conversations take place on specific approved devices which aren't used for anything else.
The compromise is only wrt the admin. Are you claiming the admin itself is compromised? What's the evidence for that?
If such a beast exists what is it called? How does it work?
I would more expect it to be a specific combination of hardware physically approved phones and software.
Did the prior administration use it exclusively?
I remember Obama allegedly refusing to part with his Blackberry.
From my understanding, the BlackBerry thing was largely for personal use.
Unfortunately this Israeli company is just incompetent, should try something from Russia next time, given that’s all the data end up to be anyway.
also keeping government honest and open is also very libertarian. covering all fronts.
The article states that "at least one line of code must've been added" to support such a feature, which I believe to be an honest and accurate assessment.
> One line
This can also be a single JMP and RTS statement, to a function that makes a screenshot, or something that takes the message.
No technical analysis of a working application has been performed. Just speculation of how this could work. I am not saying Micah is wrong. I just hoped more was available, so an actual disassemble was possible.
I would speculate that they did not recompile from source, but used the same process as used by the other applications. Intrusive by modification of the code execution, by injection, etc. That is speculation from my end, but reuses similar approaches across all of their applications.
You get a group of people, say 5, and you generate a Shamirs Secret Split key requiring a minimum of 3 shares to recover, call it the archive key, with each share encrypted to one of those people. You have the modified apps encrypt chat logs every day to a new one time use key, and encrypt that to the Archive key, and upload the encrypted logs somewhere all can access.
Now 3 people in that set of 5 people get a subpoena to disclose logs in a given time period. Each one can consent to using their archive key in an ephemeral secure enclave server to decrypt the daily log keys in the requested date ranged, and decrypt the requested logs.
This way everything is end to end encrypted unless M-of-N people agree to decrypt specific archived logs to comply with a court order.
This shit is not that hard and with the budget of the White House there are 0 excuses for not running a private server and end to end encrypted chat apps with reproducible builds using archive tactics along the lines I just described.
But, I am also not mad at them making public fools of themselves either.
Incidentally: The reason why they blur it is because of 2 network asymmetries prevalent since the 1990's that enforced a disempowering "all-clients-must-go-through-a-central-server model" of communications. Those 2 asymmetries are A) clients have lower bandwidth than servers and B) IPv4 address exhaustion and the need/insistence on NAT. It's definitely not practical to have a phone directly host the pictures posted in its group chats, but it would be awesome if the role of a messaging app's servers was one of caching instead of hosting.
In the beginning though: the very old IRC was clear on this; it was a transport only, and didn't host anything. Anything relating to message history was 100% a client responsibility.
And really I have stuck with that. My primary expectation with messaging apps is message transport. Syncing my message history on disparate devices is cool, and convenient, but honestly I don't really need it in a personal capacity if each client is remembering messages. I don't understand how having to be responsibile for the management of my own data is "less control of my life," it seems like more control. And ... I'm not sure I care about institutional entitlement to archive stuff that is intended to be totally personal.
I understand companies like to have group chats, and history may be more useful and convenient there, but that's why I'm not ever going to use Teams for personal purposes. But I'm not going to scroll back 10 years later on my messaging apps to view old family pictures. I'm going to have those saved somewhere.
There's a third asymmetry: C) power-constrained clients which are asleep most of the time. And this applies not only to battery-powered phones/tablets and laptops, but also to modern desktops which are configured by default to suspend on inactivity.
> show a sign similar to ssl warnings in browsers to the other side that this user is using an archival api service.
There is no sound way to do this and there probably never will be, especially if the protocol is interoperable and therefore the user can pick any client they please. The other client can always lie about what it's doing or circumvent detections through analogue means, e.g. pointing a camera at the screen.
Not really. The degree of malleability in cipher negotiation is widely considered to have been a Bad Move in SSL/TLS's early design, and modern (well-designed) cryptographic protocols don't enable the kinds of parametric malleability that made SSL/TLS so exploitable at the time.
Signal's protocol, for example, is perfectly interoperable; the lack of interoperability comes from a (not unreasonable) constraint at the application layer, not the protocol itself. Another example would be MLS[1], which supports fixed suites rather than parametric malleability and uses the technique from RFC 8701[2] to prevent clients from getting clever and trying to add their own extensions that undermine the fixed suites.
They took an Israeli app, that is a modified version of signal. the modification BREAKS the one thing signal is excellent at (keeping your messages encrypted so that only the desired endpoints can read them), then distributed it within the US Gov.
This is insanity!
US's enemy's couldn't manufacture a better result themselves!
What's interesting is that they also sell a hacked version of WhatsApp, and the Meta legal team haven't steamrolled them yet
in the game of nationalist geopolitics, it's only a matter of time before a current strategic ally becomes an enemy. it's the natural order of nationalism at global scale.
This is much less illegal than the other explanation - that they were using Signal to avoid having conversations recorded.
If you have a problem, you should have a problem with the mandate to record all conversations, not with installing a modified app to do it. If the person wasn't told this was happening, you should have a problem with that too, although who would accept a phone from the government and then not think it's tapped?
Did TM SGNL archived conversations at a central server for later dissemination in an decryptable manner at the central server?
I can't imagine anyone who would make the mistakes this guy makes, yet here he is; freely using his computer in clear view of a reporter with a camera.
My only theory is that they're pretending to have only 'Signal' so that when they want to they can allow hackers to "see" stuff they WANT to be seen. Like a disinformation honey pot designed to misdirect America's enemies. While they actually have a totally separate secret app that is secure and is developed by the NSA.
Screenshot of previous version: https://0x0.st/8Jqf.png
https://www.404media.co/the-signal-clone-the-trump-admin-use...
It was marked as a DUPE of this discussion, despite being a major new development https://news.ycombinator.com/item?id=43890034 Hopefully that decision can be reconsidered
Edit: Wanted to respond to the top-level comment but you get the point.
There is mod commentary on 'people might miss things because of the title' as well, it's mostly 'it's ok for people to click through the story or thread to figure things out' and that's also a fairly longstanding 'how HN works most of the time' thing.
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...
The operating assumption here is that people are smart enough to follow the developments in the story themselves - in the the thread and outside.
It's insane that this isn't front page news. This takes the original Signalgate breach to an order of magnitude higher level of severity.
Not that I've really seen the low quality and the signup requirement doesn't stop other domains. There's quite a few things that originated from 404, so I hope HN gets over whatever it was that annoyed them originally.
If it's a good article (contains significant new information and can be a topic of curious conversation) and a paywall workaround works for that article, we'll happily allow it.
The New York Times tightened its paywall markedly in August 2019, with a net effect that appearances in the top-30 stories on HN's front-page archive (the "Past" links in the site header) fell to ~25% of their previous level.
I'd asked dang at the time if HN had changed any of its own processes at the time. Apparently not.
I suspect then that this reflects frustrations and/or inability to access posted articles behind the paywall.
See: <https://news.ycombinator.com/item?id=36918251> (July 2023)
Why are these being instantly marked as dead?
See https://news.ycombinator.com/item?id=43891088 in which a user reports that moderator dang said why that happens for this domain.
> If it's a good article (contains significant new information and can be a topic of curious conversation) and a paywall workaround works for that article, we'll happily allow it.
Edit: this subthread is obsolete now - I took a phrase from the author's update to the article to use as the title above.
"Please use the original title, unless it is misleading or linkbait; don't editorialize." - https://news.ycombinator.com/newsguidelines.html
In this case I was thinking of both the 'misleading' and 'linkbait' bits of that 'unless'. (By the way, this is common HN moderation practice—bog standard, as I often say.)
> to choose one unprovable point until another just as unprovable point is proven
You might have a, er, provable point if that were the case! but I'm taking for granted that the officials in question did actually use this client, so "used" is known while "use" (which I took to mean "are still using") isn't yet known for sure. Did I miss something?
Edit: btw, in case anyone's wondering why we left the submitted title up instead of reverting it to what the article says, one reason is that the submitted title struck me as arguably less linkbaity (and therefore ok under the rule) and the other reason is that we cut authors a bit of slack when they post their own work.
but i assumed wrong that you added the "d", not that you're only exempting the submitter title. thanks for the insight into your always nice moderation.
follow up question: you work seven days a week??
> you work seven days a week??
By no means all day every day, but yes in the sense that my hours get distributed semi-randomly.
dang seems to be saying that he did add the “d” though?
FWIW I would have preferred it to be just left as “uses” per the article title.
Wow. And that's while their entire point of using Signal is to have conversations scrapped after a week to leave no no traces of criminal activity.
First, they are not supposed to use personal devices for classified conversations.
But they are allowed to use ordinary consumer devices for non-classified conversations. That even if not classified, they still might want to be secure -- or to communicate with other people who prefer signal.
But those conversations need to be archived, per government policy.
So on their ordinary consumer devices have a version of Signal on it that archives, to meet ordinary government policies.
This is all ordinary, and I believe probably the previosu administraiton had the same thing.
The only non-ordinary thing is that they insisted on using the consumer devices for classified conversations even though it violates policy, so just use the 'best' app on there for that. Which is not good enough, because you are not supposed to be having conversations including classified material on ordinary consumer devices, because they are not secure enough.
Signal is likely to be one of the main ways of communicating with those.
Instead, Signal (and this forked version) would have to do its own independent contact management, maybe based on in-person scanning of QR codes plus web-of-trust.
Some of the apps are listed in that brochure.
There's no excuse for using Signal on personal devices for classified conversations.
[0] https://www.disa.mil/~/media/files/disa/fact-sheets/dmcc-s.p...
Anyway can you link the source? That's presumably the useful half. The marketing bit doesn't add anything.
As for further research, there's plenty online about his programme and these devices. Feel free to Google it yourself. You're asking to be spoonfed.
> Waltz set some of the messages in the Signal group to disappear after one week
https://www.theatlantic.com/politics/archive/2025/03/trump-a...
https://www.nytimes.com/2025/04/15/us/politics/cia-director-...
It’s also possible that they are using this app to archive chats that other parties _believe_ to be disappeared.
In other words, set your chats to disappear in 5 minutes and convince your target to dish some sensitive info. They think it’s off the record, but it’s instantly archived
The only interesting use case of disappearing messages is that messages one receives will disappear securely, even if they forget about receiving such messages, or have no access to the device at the time.
who manages the archiving service is a general government problem, and less of one for Signal or appointees. NSA should have been operating the archiving service and not a foreign country imo.
I wonder what the people he communicated with knew / thought?
