Hackers' Pub

I think people are getting confused about why Signal isn't appropriate for national secrets. It's secure isn’t it?

If we listen to the folks who designed it, it is designed with an intent to protect journalists, activists, and regular people. It does that by making it difficult enough that a much more equiped adversary would find it to expensive (literally in money, or in other resources) to obtain the contents of the chat.

It was -not- designed to contain the conversation of a world super power’s most powerful decision makers. That is a conversation many nations around the world would be willing to devote essentially unlimited resources to attack.

Likewise, it contains features and user interface elements geared toward normal people having normal, but perhaps private, conversations. It does not contain mechanisms a channel designed for top secret, high level communications might- for instance verifying things like hardware tokens/smart cards issued by a trusted root, with coupled biometrics also verified by a trusted collective root. It does not obscure communications patterns or network paths. It doesn’t incorporate dedicated networks with trusted and verified nodes. It doesn't, as far as I know, contain a feature for a user to silently report a compromise or duress.

The hub-bub about the use of Signal is pretty much an example of the tool "failing" in a way that is due to it's unsuitability for the government/military comms but entirely suitable for its more individual, civilian-focused purpose. A tool fit for their use case should have not allowed participants that were not centrally cleared as authentic and authorized for the compartmented information within, and an entire universe of controls would have existed around it to reduce the risk of side channels and leakage.

Signal is not at fault here, and the ultimate authorities of the US DoD, US Central Intelligence Agency, and the US National Security Agency should know better.

This is a failure of understanding and fragrant disregard for TTPs/SOPs that should disqualify these people from holding those roles. They clearly don't know what they are doing, and they don't care.

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`