| ▲ | bs7280 15 hours ago |
| A wise man told me, you know signal works because its banned in Russia. I also find it incredibly ironic that they have a problem with this, when the DoD is flagrantly using signal for classified communications. |
|
| ▲ | driverdan 8 hours ago | parent | next [-] |
| I have full confidence in Signal and their encryption but this argument doesn't make sense to me. It could be the opposite, that Russia knows it's compromised by the US government and don't want people using it. I don't believe that's the case but the point is you can't put too much weight on it. |
| |
|
| ▲ | bsimpson 10 hours ago | parent | prev | next [-] |
| My personal connections who are in the military use it for texting from undisclosed locations. I've heard from people who have worked with the Signal foundation that it was close to being endorsed for private communication by one branch of government, but that endorsement was rescinded because another branch didn't want people knowing how to stay private. |
| |
|
| ▲ | joekrill 12 hours ago | parent | prev | next [-] |
| They aren't taking issue with Signal, per se... they are upset that people are sharing the whereabouts and movements of ICE officers. Signal just seems to be the medium-of-choice. And this just happens to give them a chance to declare Signal as "bad", since they can't spy on Signal en masse. |
|
| ▲ | huhtenberg 11 hours ago | parent | prev | next [-] |
| It doesn't mean much. Roblox is banned in Russia. They've been just gradually banning everything not made in Russia. |
|
| ▲ | cyberge99 14 hours ago | parent | prev | next [-] |
| You know it works because they banned it in Russia? Works for whom? |
| |
| ▲ | NewsaHackO 12 hours ago | parent [-] | | Yes, at best it implies Russia cannot easily get confidential information from them. Everyone else, the jury is still out for. | | |
| ▲ | jjk166 11 hours ago | parent [-] | | There aren't a lot of things I would claim Russia is a leader in, but state sponsored hacking and spying on its own people would both definitely make the list. That's not to say no one has cracked it, but if the Russians couldn't do it there aren't many who could. |
|
|
|
| ▲ | OhMeadhbh 11 hours ago | parent | prev | next [-] |
| Sure, but using Signal for classified info is a violation of policy. |
|
| ▲ | psunavy03 15 hours ago | parent | prev [-] |
| The DOD is not using "flagrantly using Signal." The Secretary of Defense, whatever his preferred pronouns are, is breaking the law. |
| |
| ▲ | kodyo 14 hours ago | parent [-] | | CISA recommended Signal for encrypted end-to-end communications for "highly targeted individuals." https://www.cisa.gov/sites/default/files/2024-12/guidance-mo... | | |
| ▲ | Cornbilly 12 hours ago | parent | next [-] | | The best part is that, in trying to comply with this guidance, the government chose Telemessage to provide the message archiving required by the Federal Records Act. The only problem is that Telemessage was wildly insecure and was transmitting/storing message archives without any encryption. | |
| ▲ | paulryanrogers 12 hours ago | parent | prev | next [-] | | Recommendations to the private sector don't condone violating security and retention laws for people working in the public sector. | | |
| ▲ | sedivy94 11 hours ago | parent [-] | | Military personnel are currently only allowed to use Signal for mobile communications within their unit. Classified information is a different story, though. |
| |
| ▲ | Scrounger 6 hours ago | parent | prev | next [-] | | I don't think I agree with the following from this guide: > Do not use a personal virtual private network (VPN). Personal VPNs simply shift residual risks from your
internet service provider (ISP) to the VPN provider, often increasing the attack surface. Many free and
commercial VPN providers have questionable security and privacy policies. However, if your
organization requires a VPN client to access its data, that is a different use case. | | |
| ▲ | mmooss 4 hours ago | parent [-] | | What do you disagree with? > Personal VPNs simply shift residual risks from your internet service provider (ISP) to the VPN provider, often increasing the attack surface. That's true. A VPN service replaces the ISP as the Internet gateway with the VPN's systems. By adding a component, you increase the attack surface. > Many free and commercial VPN providers have questionable security and privacy policies. Certainly true. > if your organization requires a VPN client to access its data, that is a different use case. Also true: That's not a VPN service; you are (probably) connecting to your organization's systems. There may be better VPN services - Mullvad has a good reputation around here - but we really don't know. Successful VPN services would be a magnet for state-level and other attackers, which is what the document may be concerned with. |
| |
| ▲ | thomasrognon 12 hours ago | parent | prev [-] | | Come on, man. We're talking about classified information, not general OPSEC advice. I worked in a SCIF. Literally every piece of equipment, down to each ethernet cable, has a sticker with its authorized classification level. This system exists for a reason, like making it impossible to accidently leak information to an uncleared contact in your personal phone. What Hegseth did (and is doing?) is illegal. It doesn't even matter what app is used. |
|
|
