Is it still viable to use Signal for privacy in 2026? It’s centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)
Thoughts?
Who do you want privacy from and why?
That’s not a rhetorical question. It matters. If you want privacy from corporations and governments doing mass surveillance because you’re against mass surveillance in principle, Signal is great! As long as you don’t give janky apps permission to read your notifications, or you limit what Signal shows in its notifications, your device won’t leak to those kinds of threat actors. You can’t be sure everyone you talk to is as fastidious though.
If the cops, gangsters, or similar are likely to target you and the people you’re talking to directly, there’s a good chance just using Signal without a security plan won’t keep them from getting the contents of the conversation as in this recent incident where the FBI extracted deleted messages from notification logs. To defend against that specific attack, everyone needs to configure Signal to keep message content and contact details out of the notification. Dedicated devices for secure communication set up by someone who knows what they’re doing are ideal in this situation. Signal is still a good choice here, but Signal alone won’t guarantee privacy.
If you’re being targeted by an intelligence agency from a rich country that has allocated a significant budget to surveil you in particular, you’re probably screwed. There’s plenty of public information about how US government officials and contractors are required to work with classified information to get a sense of how you might try to mount a defense. It’s guaranteed to be inconvenient.
agreed and to add to this:
becoming your own expert is unfeasible for 99.999999999999999999999999999999999% of people and expecting it is no different than expecting people to become their own lawyer, dentist, or doctor.
the bar against protecting yourself from the local police in the united states is MUCH lower than the cia, nsa, mossad, etc. and should be the goal of most projects since it’s the most realistic and the most likely to happen; there’s next to nothing that can be done against he alternatives.
the alternative is that unfeasible ultra high bar and judges in the united states have a history of holding people in jail for years for contempt of court of not providing passwords or using duress like options on their electronic equipment.