Jeff Goldberg claims to have been part of a top-secret Signal chat. He provided evidence that he was. The question is, how did that happen?
One theory has it that the head of NPR, who also happens to sit on Signal's board, somehow engineered this. That is stupid absurd. Signal keeps zero metadata, all it has is phone numbers and even those can't be seen. This ain't Musk taking over Twitter, where meta data and user info abounds.
Signal is very nearly as anonymous and it is CERTAINLY as encrypted as any app out there. It uses AES and the Signal Protocol, both open-source, both as bullet-proof as anyone knows how to make encryption. There are no known backdoors or hacks to either method.
Signal encryption is end-to-end, which means it makes no bloody difference if your contact is in the Pentagon or the Kremlin. In neither case can outside parties read your messages. It makes no bloody difference what tower you connect to, whether the tower is compromised or not. The message was encrypted on the device BEFORE it was transmitted to the tower. That means the encrypted message still can't be read, even if the enemy entirely owns the tower. Same with receiving a message - only the endpoint device can decrypt it.
Signal may be "consumer-grade", but in this case that means Signal is as good or BETTER than "military-grade", which latter category is often decades behind the consumer industry due to the government acquisition train (cf, DOGE's work in the Social Security database, or the IRS software nightmare or NASA/Space Shuttle nonsense). Talk to any military personnel. When you mention "military-grade", they laugh.
This Signal breach was solely, only, entirely, without question or any other concern, the fault of one of the people already in the Signal group chat. Can Signal be compromised via phishing scams? Sure. But so can EVERY encryption method out there, approved or not, authorized or not. This breach is not due to inadequate tech, it is human operator error. Period.
Now, how did this happen?
The problem is the contact list inside the Signal app. Signal's contact list itself cannot be locked, but you can block individual contacts or groups and set privacy settings to control who can see your phone number. You can also set a PIN for account recovery and registration lock.
If this was done on secure phones, the techs should have locked down that contact list. But to do that, they have to have a pre-approved list of numbers to load on the phones. Now, maybe that happened, but maybe Jeffrey Goldberg was on a pre-approved BIDEN list of contacts, so he might already have been on the pre-approved list. It might be that this is not the first classified Signal session Jeff has been involved with from the White House, it's just the first one WE KNOW ABOUT because he kept his mouth shut about the one's he attended under Biden.
Jeffrey Goldberg says Mike Waltz sent him a 'connection request' on Signal, but that's not a thing in Signal, so he's clearly lying about that. Everyone involved in publicizing this scandal on BOTH sides have demonstrated they don't know a damn thing about the actual tech or how it works, which is why he is currently getting away with that bald-faced lie.
Signal servers hold zero metadata, so it's not like the server was compromised, because there's no data on the server to compromise. The last time the FBI tried to warrant out contact data, Signal's CEO told them exactly that. Even Signal can't tell you what data it is transmitting or who is transmitting it.
Somebody on that chat either deliberately, or very mistakenly, added Goldberg to the chat. Could Goldberg have assigned some high official's name to his own phone number, to see if he could infiltrate a Signal communication? Yes. Is that felony fraud in communications? Yeah, probably.
And that, boys and girls, is everything you need to know about Signal. I use it, I recommend it, and I continue to stand by the recommendation because I actually know how it works. If Jeff Goldberg did what was described in the previous paragraph, he needs to be jailed. Everyone needs to curate their Signal contact lists. But, again, that's human error, not Signal's error.
No comments:
Post a Comment