this post was submitted on 21 Apr 2026
2 points (75.0% liked)

Privacy

48207 readers
602 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
2
Signal in 2026? (lemmy.ml)
submitted 5 days ago by guymontag@lemmy.ml to c/privacy@lemmy.ml
21 comments fedilink hide all child comments
 

Is it still viable to use Signal for privacy in 2026? It's centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)

Thoughts?

top 21 comments
sorted by: hot top controversial new old
[–] listless@lemmy.cringecollective.io 3 points 5 days ago (1 children)

The client is open source, so it doesn't matter what the server code is, you can see everything the client sends and therefore tell what possible data is being collected.

It's run by a non-profit so there's no shareholders to please.

Your messages and decryption key are not stored on their servers.

It's been independently audited.

They have publicly posted responses to user information requests where they only provide the account creation date and last access time.

The (admittedly incompetent) US government recommends using Signal (for non-classified information) and top officials have been caught using it (Houthi Working Group).

You can never be 100% sure, but it appears to have excellent security and privacy.

[–] slazer2au@lemmy.world 1 points 5 days ago (1 children)

Not to mention the FBI admitted that the only data from Singal they get is when the account signed up and when they last connected and they are very unhappy about so little information.

[–] dogs0n@sh.itjust.works 1 points 5 days ago

And the phone number! But still not a crime to be using signal (yet).

[–] airikr@lemmy.ml 1 points 5 days ago* (last edited 4 days ago)

If you don't care about sharing your phone number with Signal and a third-party company (Signal refuses to state what company it is) that send the text message with the activation code to you. And if you don't care that everything will be saved on servers maintained by Amazon in USA.

Then yes, Signal is the right app for you even in 2026.

But if you do care (and you should) about your phone number and the location of your data, you should focus on something more privacy like XMPP (Snikket would be the easiest way to setup your own server) and SimpleX.

XMPP (for an example Snikket) uses OMEMO and OMEMO is based on Signal Protocol.

[–] nutbutter@discuss.tchncs.de 2 points 5 days ago (1 children)

A lot of people use Signal. It may not be the best solution out there, but it is so, so, so much better than the proprietary alternates.

One good thing is that a normie can easily use it as an alternative to WhatsApp, since the app design is so similar. I mean, it is easy for family and friends to understand and start using Signal, compared to something like Matrix or XMPP.

And if someone needs a little more hardening, they could use the fork called Molly, which has a few more security benefits over the stock app.

[–] sem@piefed.blahaj.zone 1 points 5 days ago (1 children)

Shit these are great features. I had never heard of it before.

Molly is an independent Signal fork for Android with improved features:

Fully FOSS Contains no proprietary blobs, unlike Signal

Encrypted Protects database with Passphrase Encryption

Multi-Device Pair multiple devices to a single account

Material You Extra theme that follows your device palette

UnifiedPush Ungoogled notification system

Automatic Locking When you are gone for a set period of time

RAM Shredding Securely shreds sensitive data

Tor Support Supports SOCKS proxy and Tor via Orbot

[–] uuj8za@piefed.social 1 points 5 days ago* (last edited 5 days ago)

Ooh! And you can add an F-Droid repo!
https://molly.im/fdroid/

[–] AtHeartEngineer@lemmy.world 1 points 5 days ago

Many people have already commented saying it's good to go, but I also wanted to add, I have dug into their actual encrypted group messaging protocols a few years ago because I was interested in using it for a different use case, and I would say it's pretty well thought out. I trust it, I use it daily, and I've looked at the code. I'm not, nor have I ever been, an auditor, but I have been paid to do cryptography and red teaming/cyber security from big orgs, so I would say I have some professional experience in the matter.

[–] Zak@lemmy.world 1 points 5 days ago (1 children)

Who do you want privacy from and why?

That's not a rhetorical question. It matters. If you want privacy from corporations and governments doing mass surveillance because you're against mass surveillance in principle, Signal is great! As long as you don't give janky apps permission to read your notifications, or you limit what Signal shows in its notifications, your device won't leak to those kinds of threat actors. You can't be sure everyone you talk to is as fastidious though.

If the cops, gangsters, or similar are likely to target you and the people you're talking to directly, there's a good chance just using Signal without a security plan won't keep them from getting the contents of the conversation as in this recent incident where the FBI extracted deleted messages from notification logs. To defend against that specific attack, everyone needs to configure Signal to keep message content and contact details out of the notification. Dedicated devices for secure communication set up by someone who knows what they're doing are ideal in this situation. Signal is still a good choice here, but Signal alone won't guarantee privacy.

If you're being targeted by an intelligence agency from a rich country that has allocated a significant budget to surveil you in particular, you're probably screwed. There's plenty of public information about how US government officials and contractors are required to work with classified information to get a sense of how you might try to mount a defense. It's guaranteed to be inconvenient.

[–] eldavi@lemmy.ml 1 points 5 days ago* (last edited 5 days ago)

agreed and to add to this:

Dedicated devices for secure communication set up by someone who knows what they’re doing are ideal in this situation.

becoming your own expert is unfeasible for 99.999999999999999999999999999999999% of people and expecting it is no different than expecting people to become their own lawyer, dentist, or doctor.

If you’re being targeted by an intelligence agency from a rich country that has allocated a significant budget to surveil you in particular, you’re probably screwed

the bar against protecting yourself from the local police in the united states is MUCH lower than the cia, nsa, mossad, etc. and should be the goal of most projects since it's the most realistic and the most likely to happen; there's next to nothing that can be done against he alternatives.

the alternative is that unfeasible ultra high bar and judges in the united states have a history of holding people in jail for years for contempt of court of not providing passwords or using duress like options on their electronic equipment.

[–] captain_aggravated@sh.itjust.works 0 points 5 days ago (1 children)

The stories I've heard where Signal messages have been extracted or otherwise accessed was from beyond either end. Someone invited a journalist to a private group chat. Someone handed someone else an unlocked device. The most alarming one is apparently Apple uploads every push notification your device gets to their servers. So if you are concerned about privacy there's a feature in Signal to set push notifications to only say "you got a message" and not include the sender or message contents in the notification.

I haven't heard of Signal itself leaking messages.

[–] stegosaur@lemmy.world 0 points 4 days ago (1 children)

This is not true for Signal. Other apps may send the notification content but signal uses FCM to push a simple notification to wake the device and tell signal to fetch the actual notification. You can use the full text / info notification and know that Google does not see it.

https://discuss.grapheneos.org/d/1279-sandboxed-google-play-for-push-notifications-breaks-privacy/9

[–] captain_aggravated@sh.itjust.works 0 points 3 days ago (1 children)

That is true for Signal, the FBI extracted Signal message content from Apple's push notification system: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/

The only thing to learn is everything is bullshit and nothing has ever been okay.

[–] stegosaur@lemmy.world 1 points 3 days ago* (last edited 3 days ago)

We are both right 😆

It is true for Signal on Apple devices.

It is not true for Signal on Android devices*

*Well I'm using grapheneOS so I feel more comfortable in my case but a regular Android device with full access Google Play Services? That I'm not so sure about. It's conceivable that Google has a way to read the final notification (FCM push -> Signal fetches and displays message -> Google can read all notifications on the device, FCM or otherwise) 😬

[–] dessalines@lemmy.ml 0 points 5 days ago (1 children)

PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.

It's hosted in the US, subject to its pervasive spying laws including national security letters.

Also I need all your phone numbers.

Also no you can't host this yourself, I run the only server.

Everyone who uses signal and supports it, is falling for this pitch.

Why not signal?

[–] bad_news@lemmy.billiam.net 0 points 5 days ago* (last edited 2 days ago) (1 children)

Name a more secure way to communicate with normies. They're not going to use SimpleX or Matrix...

[edit:fuck downvoters of this up the ass. Your siblings/cousins/parents/freinds are not ALL going to deal with Matrix on mobile/desktops. 100% fuck you for your puerile dedication to purity. You are Whatsapping right fucking now, hypocrite scum]

[–] dessalines@lemmy.ml 0 points 5 days ago (1 children)

People are not as stupid as these large centralized sites like signal keep telling you they are. Ppl figured out how to make accounts on different services, forums, and platforms since the internet began. It is no more difficult to make a matrix account, or install simpleX than it is anything else. My partner and I figured out simplex within 10 minutes.

[–] bad_news@lemmy.billiam.net 0 points 5 days ago (1 children)

Oh, I'm not saying people can't figure it out, but most normies won't try on principle or something. Hell, I've gotten pushback from software engineers when asking them to do Matrix. Signal is known enough that most normies will use it, though, and it at least is not explicitly known to be centrally backdoored in terms of the encryption like a Whatsapp, which in my experience is the other option normies will bear.

[–] yogthos@lemmy.ml 1 points 4 days ago

Most normies aren't using Signal either, they're all on Whatsapp and fb messenger. You'd be asking them to switch platforms to use Signal just as you would with any other app.

[–] autonomous@lemmy.world 0 points 5 days ago (1 children)

Just remember that if you, or anyone you are talking to, has notifications turned on (in the app itself), that conversation is now outside of signal and a lot easier to get to.

[–] lol_idk@piefed.social 1 points 1 day ago

Didn’t they just fix this this week?