Signal, the most secure widely available messaging app, has become a go-to resource for journalists, leakers and other people concerned about privacy. But it’s not infallible. And its shortcomings and limitations are precisely why its use by Defense Secretary Pete Hegseth and other top Trump administration defense officials has rocked the worlds of politics and national security.
The app made headlines Monday after Atlantic editor-in-chief Jeffrey Goldberg published the bombshell news that the Trump administration had accidentally added him to a Signal group chat this month to discuss military strikes on Houthi targets in Yemen.
At first glance, it might not seem a major problem. Cybersecurity experts widely consider Signal to be the leading easy-to-use encrypted messaging service, and there are no public reports of its ever having been compromised by hackers.
Signal’s encryption protocol — the complicated algorithm that scrambles messages as they’re sent, then descrambles them for recipients — is the basis for some of the most popular messaging apps, including WhatsApp and iMessage. In 2023, Signal began updating its encryption to address the hypothetical threat of a quantum computer that could break less complicated encryption codes.
But Signal can’t protect people, even Cabinet members, if they accidentally tell it to message the wrong person, said Mallory Knodel, the founder of the Social Web Foundation, a nonprofit organization that has helped social media networks in the fediverse implement encryption.

“Signal is as secure as it gets for end to end encrypted messaging, but this leak was because they added an untrusted party to the chat,” she told NBC News over Signal.
According to the Atlantic article, Goldberg was seemingly added to a Signal group chat that included sensitive national security discussions among Hegseth, Vice President JD Vance, National Intelligence Director Tulsi…
Read the full article here