Should You Trust Signal? A Critical Analysis

Signal has risen to become one of the most ubiquitous encrypted messaging applications in the world. Everyone has at least heard of it – even if it is not their preferred communications platform. The encryption is formally verified, meaning that third-party companies and individuals have analyzed Signal’s methods and authenticated their claims about privacy and secrecy. This is common practice in the industry – other secure messaging apps like SimpleX and Threema have undergone similar verification.

However, there are compelling reasons not to trust Signal completely. The app has built a brand persona that is not entirely honest. There are numerous public posts by respected professionals that point out a variety of what they consider to be significant flaws. This article summarizes these key concerns and encourages you to do your own research to verify these facts independently.

Signal’s Strengths and Claims

Before diving into the criticisms, it’s important to acknowledge what Signal does right:

• End-to-end encryption for all messages, calls, and attachments
• Open source protocol that has been audited and formally verified
• Strong security against third-party interception of messages
• No ability to read your messages (according to Signal)
• No collection of metadata about who is communicating with whom

Key Concerns About Signal’s Trustworthiness

1. Phone Number Requirement

The Issue: Even though Signal has recently adopted usernames as a way of sharing contact information, you still need a phone number to sign up. This requirement is claimed to be a benefit, offering a way to “protect” users from spam.

The Problem: This prevents most people from signing up without disclosing a phone number that is tied to their identity. Regardless of whether a country requires Know Your Customer (KYC) identity verification for cell service, a phone number acts as a globally unique identifier that follows you everywhere.

The Risk: When someone has your phone number, it becomes relatively easy to determine your location anywhere in the world. With specialized knowledge and the right equipment – especially at a nation-state level with access to tools like SS7 and Pegasus spyware – this tracking capability becomes even more concerning. Physical security is a significant component of overall security, and this phone number requirement fundamentally undermines it.

2. Not Truly Open Source

The Claim: Signal presents itself as completely open source software.

The Reality: While much of Signal’s code is open source, it’s not entirely transparent. Most notably, Signal has a closed-source “anti-spam” component. They claim this piece is proprietary and have not allowed the code to be reviewed publicly. Even when you compile the code from public sources yourself, this component is provided as a prebuilt binary blob.

The Problem: Though Signal claims it doesn’t scan message contents or perform invasive monitoring, users have no way to verify this independently. Security through obscurity isn’t real security. Withholding technical details about an app does little to actually protect a system, as any experienced security professional can attest.

A true indication of this issue was demonstrated when Signal developed MobileCoin integrations for over a year without the public’s knowledge, as they stopped updating their public source repositories. This raises serious questions about what Signal considers “open source” to mean and demonstrates their comfort with deploying non-public software.

3. Questionable Funding Sources

The Background: It is public information that Signal received much of its original seed development money from entities known as “Radio Free Asia” and the “Open Technology Fund.” These organizations have documented ties to the U.S. government.

The Question: What motivation would government-linked entities have to provide millions of dollars in funding to a specific chat application when there are dozens of alternatives available? This becomes particularly concerning when coupled with the other privacy and security issues.

Current Situation: As of late 2023, the government is no longer supporting continued funding for Signal. According to Signal’s own blog post, the costs to run Signal are estimated to reach $50 million USD per year by 2025, and they now rely primarily on donations from users and philanthropists.

4. Centralized Control

The Problem: Unless you run a private Signal server AND compile the application from source with changes that direct messages only to your server, ALL communication travels through servers controlled by Signal, located under US jurisdiction. Signal claims they don’t keep significant logs or store messages, but users must simply trust their word.

The Technical Barrier: Signal has never implemented a way to change the main server that the standard app (Google Store / Apple Store / Official version) connects to. The server address is hard-coded into the application, making it extremely difficult for users to operate their own servers. Running and maintaining a custom Signal fork is not a trivial task, requiring significant technical expertise.

The Contrast: Other secure messaging apps like SimpleX allow users to easily add and remove relay servers as desired, providing much greater flexibility and control.

5. Encryption vs. Security

The Reality Check: Just because the encryption is good doesn’t mean the overall system is secure. Encrypted messaging applications and secure phones have become commodities, but encryption is rarely broken directly. Instead, attackers find ways to bypass encryption entirely, accessing messages when they’re already decrypted on the device—similar to reading a message over someone’s shoulder.

Nation-State Capabilities: This end-run around encryption is an advertised capability of spyware commonly employed by nation-states, such as the Pegasus spyware developed by NSO Group. Once deployed, such tools can access already-decrypted messages, rendering even the strongest encryption ineffective.

Signal vs. True Anonymity

Signal has never promised anonymity, only security. It’s important to separate these unique concepts and recognize the differences. Different systems have different threat models – the things they’re trying to protect against. Trust, privacy, and anonymity are distinct facets that address different problems under the umbrella of security.

Many users are trying to separate their true identity from their device so that only trusted contacts know who is actually on the other side of the conversation. Signal’s design choices run counter to this approach to safety and privacy.

Resources for Further Research

For those interested in verifying these claims independently, here are some resources worth investigating:

1. I don’t trust Signal – A detailed critique of Signal’s approach
2. Signal’s BigBrother page – Signal’s own information about government requests
3. Signal is expensive – Signal’s blog post about their funding and costs
4. Pegasus spyware – Information about the surveillance capabilities nation-states can deploy against phones

Conclusion

These concerns are not conspiracy theories or ad hominem arguments. This is not an attack on Signal’s encryption technology. The question is whether Signal is worthy of the blind trust that many people place in it.

If you truly value privacy and anonymity, it’s worth considering alternatives that don’t require phone numbers tied to your identity, offer true decentralization, and provide transparent code that can be fully audited. At minimum, be aware of Signal’s limitations and adjust your security expectations accordingly.

Remember: A system is only as secure as its weakest link, and in the case of Signal, the phone number requirement and centralized control represent significant vulnerabilities that shouldn’t be ignored.

This article is based on publicly available information and research. I encourage readers to verify all claims independently and draw their own conclusions.