Is it still viable to use Signal for privacy in 2026? It’s centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)
Thoughts?
The stories I’ve heard where Signal messages have been extracted or otherwise accessed was from beyond either end. Someone invited a journalist to a private group chat. Someone handed someone else an unlocked device. The most alarming one is apparently Apple uploads every push notification your device gets to their servers. So if you are concerned about privacy there’s a feature in Signal to set push notifications to only say “you got a message” and not include the sender or message contents in the notification.
I haven’t heard of Signal itself leaking messages.
This is not true for Signal. Other apps may send the notification content but signal uses FCM to push a simple notification to wake the device and tell signal to fetch the actual notification. You can use the full text / info notification and know that Google does not see it.
https://discuss.grapheneos.org/d/1279-sandboxed-google-play-for-push-notifications-breaks-privacy/9
That is true for Signal, the FBI extracted Signal message content from Apple’s push notification system: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
The only thing to learn is everything is bullshit and nothing has ever been okay.
We are both right 😆
It is true for Signal on Apple devices.
It is not true for Signal on Android devices*
*Well I’m using grapheneOS so I feel more comfortable in my case but a regular Android device with full access Google Play Services? That I’m not so sure about. It’s conceivable that Google has a way to read the final notification (FCM push -> Signal fetches and displays message -> Google can read all notifications on the device, FCM or otherwise) 😬
Can you trust what a Pixel is doing with its 5G modem?
I’m not an expert or even close to that, so no, not really I suppose. Can you really trust any device when it comes down to the hardware level? I wouldn’t trust an iPhone or any other phone more. Again, while I’m not an expert, I’d trust grapheneOS for software over any other mobile OS. Probably trust to that effect would be grapheneOS >>>> iOS >> everything else. But full trust in any hardware? Who really knows
This is what people don’t get when it comes to that story about the journalist. You literally have to go out of your way to invite someone into a group chat. That does not happen on accident on Signal.
I had to explain that to a few people who heard that story and were super skeptical about Signal being dangerous. Which is ironic because the same people would be using messenger and think nothing of it.
I think the thing with Signal is “Oh it’s secure. Very secure. You don’t get better security in an app you can just install and use. You can get better security but you gotta like, learn shit about security.” And that makes people use Signal without learning shit about security. So they make mistakes on their end. Those mistakes range in stupidity from “handed a cop my unlocked phone” to “didn’t know Apple and Google peek at all your push notifications.”
I mean, I think the best rule of thumb is that unless you’re a tech wizard, you don’t have online privacy. At all.
I don’t believe anything is super safe and secure online. Not even Signal.
I always treat my online activity as if I am being surveilled because I probably am. Luckily I’m a boring bitch, so I don’t really have anything to hide, but I do appreciate that I can stay in touch with friends and family without having to linger on Facebook anymore. So there’s that.
The only time I feel annoyed about people talking about Signal is when they talk about it as if it’s this super sketchy app that shares your data when literally every single friggin platform online does that and the same skeptical people use them all the time without question.
That part annoys me because people keep acting like we aren’t already completely naked and our information owned by companies who do god knows what with it. If people are aware that everything they do is being surveilled and used for whatever purpose, then I don’t really mind, but it doesn’t seem like that is the case for many people. I genuinely still cannot believe how many people jumped on the DNA test trend, for example. Like holy shit, just give them your firstborn too, while you’re at it. XD but hey, we all make stupid mistakes now and again. I remember my first smartphone having a thumbprint lock and I just did that throughout my early to mid 20s without thinking about it. At least they only have one of my thumbprints but yeah. It’s so insidious, the way the tech world has lured us into giving up our information willingly.
The worst thing anyone can do when they are online is to believe they have any privacy. That is hubris.
are you me? because i look at it the same way, plus the fact that i always expect to be hopelessly outclassed by cia/nsa/mimossad/etc. so i always presume that everything i do online or on my phone is being broadcast to them in real time.
my only hope is that i’m also so boring and inconsequential to them that they don’t give a rat’s ass at whatever i do. lol
IIRC Android has the same issue with push notifications, if you really care about privacy you should disable showing any content from any messaging app in your notifications unless you want Google or Apple to collect it
That’s why I use UnifiedPush