Comment by bs7280

Comment by bs7280 5 days ago

18 replies

View on Hacker News

A wise man told me, you know signal works because its banned in Russia. I also find it incredibly ironic that they have a problem with this, when the DoD is flagrantly using signal for classified communications.

driverdan 5 days ago

I have full confidence in Signal and their encryption but this argument doesn't make sense to me. It could be the opposite, that Russia knows it's compromised by the US government and don't want people using it. I don't believe that's the case but the point is you can't put too much weight on it.

Reply View 1 reply
  • herewulf 5 days ago

    Wouldn't the Russian government just say that then?

    Reply View 0 replies
joekrill 5 days ago

They aren't taking issue with Signal, per se... they are upset that people are sharing the whereabouts and movements of ICE officers. Signal just seems to be the medium-of-choice. And this just happens to give them a chance to declare Signal as "bad", since they can't spy on Signal en masse.

Reply View 0 replies
bsimpson 5 days ago

My personal connections who are in the military use it for texting from undisclosed locations.

I've heard from people who have worked with the Signal foundation that it was close to being endorsed for private communication by one branch of government, but that endorsement was rescinded because another branch didn't want people knowing how to stay private.

Reply View 1 reply
huhtenberg 5 days ago

It doesn't mean much. Roblox is banned in Russia.

They've been just gradually banning everything not made in Russia.

Reply View 0 replies
cyberge99 5 days ago

You know it works because they banned it in Russia? Works for whom?

Reply View 2 replies
  • NewsaHackO 5 days ago

    Yes, at best it implies Russia cannot easily get confidential information from them. Everyone else, the jury is still out for.

    Reply View 1 reply
    • jjk166 5 days ago

      There aren't a lot of things I would claim Russia is a leader in, but state sponsored hacking and spying on its own people would both definitely make the list. That's not to say no one has cracked it, but if the Russians couldn't do it there aren't many who could.

      Reply View 0 replies
OhMeadhbh 5 days ago

Sure, but using Signal for classified info is a violation of policy.

Reply View 0 replies
psunavy03 5 days ago

The DOD is not using "flagrantly using Signal." The Secretary of Defense, whatever his preferred pronouns are, is breaking the law.

Reply View 7 replies
  • kodyo 5 days ago

    CISA recommended Signal for encrypted end-to-end communications for "highly targeted individuals."

    https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...

    Reply View 6 replies
    • Cornbilly 5 days ago

      The best part is that, in trying to comply with this guidance, the government chose Telemessage to provide the message archiving required by the Federal Records Act.

      The only problem is that Telemessage was wildly insecure and was transmitting/storing message archives without any encryption.

      Reply View 0 replies
    • paulryanrogers 5 days ago

      Recommendations to the private sector don't condone violating security and retention laws for people working in the public sector.

      Reply View 1 reply
      • sedivy94 5 days ago

        Military personnel are currently only allowed to use Signal for mobile communications within their unit. Classified information is a different story, though.

        Reply View 0 replies
    • Scrounger 5 days ago

      I don't think I agree with the following from this guide:

      > Do not use a personal virtual private network (VPN). Personal VPNs simply shift residual risks from your internet service provider (ISP) to the VPN provider, often increasing the attack surface. Many free and commercial VPN providers have questionable security and privacy policies. However, if your organization requires a VPN client to access its data, that is a different use case.

      Reply View 1 reply
      • mmooss 5 days ago

        What do you disagree with?

        > Personal VPNs simply shift residual risks from your internet service provider (ISP) to the VPN provider, often increasing the attack surface.

        That's true. A VPN service replaces the ISP as the Internet gateway with the VPN's systems. By adding a component, you increase the attack surface.

        > Many free and commercial VPN providers have questionable security and privacy policies.

        Certainly true.

        > if your organization requires a VPN client to access its data, that is a different use case.

        Also true: That's not a VPN service; you are (probably) connecting to your organization's systems.

        There may be better VPN services - Mullvad has a good reputation around here - but we really don't know. Successful VPN services would be a magnet for state-level and other attackers, which is what the document may be concerned with.

        Reply View 0 replies
    • thomasrognon 5 days ago

      Come on, man. We're talking about classified information, not general OPSEC advice. I worked in a SCIF. Literally every piece of equipment, down to each ethernet cable, has a sticker with its authorized classification level. This system exists for a reason, like making it impossible to accidently leak information to an uncleared contact in your personal phone. What Hegseth did (and is doing?) is illegal. It doesn't even matter what app is used.

      Reply View 0 replies