Confusions Arise Over Signal’s Security

Signal, a popular encrypted messaging app, faced scrutiny due to a security breach in March 2025. Senior Trump administration officials accidentally included Jeffrey Goldberg, editor-in-chief of The Atlantic, in a Signal group chat discussing confidential military operations in Yemen.

A few days after the incident, the Pentagon issued a department-wide advisory, cautioning against using Signal due to potential phishing threats from foreign hackers. Signal’s president defended the app’s security features, highlighting robust end-to-end encryption and minimal data collection and stating that this is a misunderstanding. The relationship between this memo and the incident is unclear. However, there was some confusion about whether the app has undisclosed vulnerabilities. That does not appear to be the case.

Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications.

One piece of misinfo we need to address is the…

— Signal (@signalapp) March 25, 2025

These developments highlight some of the practical challenges of using encrypted messaging platforms. Signal offers strong privacy protection for many cases, including sensitive ones. However, government users are required to follow specific protocols to ensure compliance. Security is not just about tools. It’s also about culture.

It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.

— Kevin Collier (@kevincollier.bsky.social) 2025-03-25T23:25:27.904Z

You can read more about Signal on their blog.