Mastodon Feed
nadim@infosec.exchange ("Nadim Kobeissi") wrote:
Regarding my recent critiques of Signal:
Over the past few months, I have not hesitated to voice strong criticism against Signal, a platform that many in the privacy and security community regard as one of the most robust tools available for secure communication. My critiques have centered on what I perceive to be significant technical and institutional failings—issues that are not merely theoretical but have tangible implications for the security and privacy of millions of users worldwide. However, despite these criticisms, I must emphasize that Signal remains, in many ways, one of the best solutions we have. This essay seeks to balance my harsh criticisms with an acknowledgment of Signal's continued importance while underscoring the urgent need for accountability and reform within the organization.
The main issue with Signal today is not the technology itself but the institutional rot and lack of accountability that have taken root within the organization. The security community has been too deferential, too willing to give Signal a pass on issues that would not be tolerated from other organizations. This must change. Signal needs a watchdog—a mechanism of external accountability that can hold the organization to the high standards it claims to uphold.
Technical Failings: A Case of Mismanagement, Not Ineptitude
My concerns about Signal's technical direction are rooted in specific, actionable issues that the organization has, thus far, handled poorly. The implementation of usernames, for example, was executed in a manner that arguably undermines the privacy standards Signal is supposed to champion. Rather than adopting a more privacy-preserving approach, Signal opted for a method that, while functional, exposes users to potential risks that could have been mitigated with better design choices. More specifically, Signal tied usernames to phone numbers, which gives its users a false sense of safety by encouraging them to distribute their usernames online, not necessarily realizing that their phone numbers and revealable by a simple legal request tied to that supposedly pseudonymous username.
Moreover, the degradation of Signal's security standards over time is troubling. As new cryptographic attacks emerge, one would expect Signal to be at the forefront of addressing these vulnerabilities. Instead, we've seen a slow, sometimes dismissive response to these threats despite their practical implications and despite them being presented at top-tier security conferences (one random example: https://cs-people.bu.edu/kaptchuk/publications/ndss21.pdf) which not only erodes trust but also puts users at unnecessary risk. The recently handling of Signal Desktop's security weaknesses—initially radically downplayed and then suddenly addressed when public pressure mounted—is a stark example of this reactive, rather than proactive, approach.
Signal's approach to censorship circumvention further illustrates this trend. The reliance on random people running NGINX proxy Docker containers, advertised haphazardly by volunteers on social media, lacks the rigor and foresight expected of a platform that markets itself as a bastion of secure communication. Without a proper web of trust, these solutions are not only ineffective but potentially dangerous.
Institutional Failings: Accountability and Transparency in Decline
Institutionally, Signal's trajectory raises serious concerns. The organization's repeated appeals for donations, juxtaposed against a $1M USD compensation package for its new president, Meredith Whittaker (right as she wrote blog posts begging for users to donate) and a staggering $50M loan, suggest a misalignment of priorities. Signal's status as a 501c3 nonprofit should imply a commitment to frugality and transparency, yet the financial decisions being made seem more aligned with corporate self-interest than with the values of the open-source community.
The composition of Signal's board of directors exacerbates these concerns. When leadership surrounds themselves with personal friends, including individuals with controversial backgrounds especially in global activist circles, it not only undermines trust but also raises questions about the governance and decision-making processes within the organization. Signal increasingly appears to be more focused on the personal brand and career advancement of its leadership than on fulfilling its core mission.
A Call for Constructive Criticism and Vigilance
Despite these criticisms, it is important to recognize that Signal remains one of the few tools we have that can provide secure and private communication in a world where such capabilities are under constant threat. The platform's underlying technology, when properly implemented and maintained, is still among the best available. But this does not mean we should turn a blind eye to its flaws.
It bears repeating: the main issue with Signal today is not the technology itself but the institutional rot and lack of accountability that have taken root within the organization. The security community has been too deferential, too willing to give Signal a pass on issues that would not be tolerated from other organizations. This must change. Signal needs a watchdog—a mechanism of external accountability that can hold the organization to the high standards it claims to uphold.
In conclusion, while my critique of Signal has been harsh, it comes from a place of genuine concern for the platform's future and its role in the broader privacy and security ecosystem. Signal is too important to fail, but it is also too important to be allowed to continue on its current path without scrutiny. As users, donors, and members of the security community, we have a responsibility to hold Signal accountable, to demand better, and to ensure that it lives up to the promise of secure, private communication for all.
Signal can and should be better. It is not too late for the organization to course-correct, but that will only happen if we refuse to let our respect for the platform blind us to its flaws. Constructive criticism, combined with a commitment to transparency and accountability, is the only way forward.
For reference, my recent threads on Signal:
- Today's thread on Signal's censorship-circumvention strategy: https://x.com/kaepora/status/1822884292596224393
- Critiques of Signal's new leadership: https://x.com/kaepora/status/1811336288521347109
- Research publications that Signal has downplayed and ignored: https://x.com/kaepora/status/1810613043685888399