Minutes before the United States launched a deadly missile campaign in Yemen that reportedly killed 53 people and wounded 89, including multiple children, on March 15, the Atlantic’s Editor-in-Chief Jeffrey Goldberg was sitting in his car in a grocery store parking lot waiting for the attack.
The story is now well-known and well-memed: Days before the missile barrage, Goldberg was added to a Signal group chat called “Houthi PC small group” after President Donald Trump’s national security advisor, Michael Waltz, invited him to connect on the encrypted message application. The editor was included in the discussion inadvertently, a spokesperson for the National Security Council acknowledged to the Atlantic.
It’s whiskeyleaks, not signalgate. The problem was the users in question couldn’t put together a Duplo set without help with a toddler. Signal is great in terms of opsec if you’re not an idiot.
The illegality of self-destructing messages in this sort of discussion is an adjacent but separate matter, but it is still (supposed to be) very illegal.
But I guess it’s ok because the DUI hire is “doing his best”.
Tbf, Signal, and most modern chat clients with multi-device syncing are not great for opsec.
When it comes to privacy from mass surveillance or using your metadata to mine demographic preferences who you are talking to etc Signal sits at the top of generally available chat clients.
But it’s geared for the convenience and privacy of the average user not military security.
Eg: when it comes to group chats you just have to get one of the members of the chat to fall for a device syncing link, for then the whole group chat future messages to become available to the attacker. What’s more, no admin or other user of the chat gets to have approval or visibility privileges or notification of a new synced device for that chat or any info about the status of each of the devices on that chat.
Military security (or military grade whatever) is a buzzword that makes sense in some contexts. In a lot of them, it doesn’t.
For example, for a lot of military-grade products you can have assumptions that are not always given for a platform that messenger operate on. Like that the device is always stored in a secure location. That it’s administered by trained personnel. That the device operator has received training on proper usage etc. In fact, a lot of military systems probably couldn’t be operated securely in a John Doe context b because of environmental security requirements. In that regard, messengers have to be more secure.
For most normal users, Signal is pretty much as good as it gets. Sure, I can set up a similar bespoke e2e protocol for myself, but I’m also a software engineer with near on two decades of experience. That’s not a reasonable or feasible expectation for the vast majority of the population.
Why does that mean it’s not signalgate? The name watergate comes from the luxury Watergate hotel in Washington DC where a crime was comitted. Having this conversation on Signal is unquestionably illegal, whether extra people were invited or not, and the scandal is because the conversation being on Signal, not because somebody may have been drunk.
I don’t like using that moniker for the clusterfuck because I feel like it implies something’s wrong with Signal. There’s not. There’s something wrong with the set of drunken shitsacks that used it like complete fucking imbeciles.
There’s nothing wrong with the Watergate or pizza either.
lol true, that’s a totally fair critique of my logic