Agreed, but maybe for different reasons. Could you use Signal for government communication? Probably, but it would take intentional preparation, setup, and training of the end-users (most of whom are likely not security-minded or tech-savvy).
But practically speaking, governments should reasonably be developing an option that uses their own servers as relays, not ones controlled by a third party. Signal is run by a nonprofit (i.e. not driven by moneyed interests) and has survived court subpoenas for user data (because of how the useful data is stored encrypted at the endpoints, not the relays), but they do not have the same interests in nor are they developing a platform to keep government secrets safe.
Also, it’s a central point of failure; even if it remains entirely uncracked throughout its lifetime, if the company goes under, those server relays will go, too.
I feel pretty safe as an end-user nobody, but I would be thinking twice if I was a government official.
How secure it is remains to be seen, but using Signal or Whatsapp or similar apps for official government business is to be avoided, anyway.
Agreed, but maybe for different reasons. Could you use Signal for government communication? Probably, but it would take intentional preparation, setup, and training of the end-users (most of whom are likely not security-minded or tech-savvy).
But practically speaking, governments should reasonably be developing an option that uses their own servers as relays, not ones controlled by a third party. Signal is run by a nonprofit (i.e. not driven by moneyed interests) and has survived court subpoenas for user data (because of how the useful data is stored encrypted at the endpoints, not the relays), but they do not have the same interests in nor are they developing a platform to keep government secrets safe.
Also, it’s a central point of failure; even if it remains entirely uncracked throughout its lifetime, if the company goes under, those server relays will go, too.
I feel pretty safe as an end-user nobody, but I would be thinking twice if I was a government official.
Or any business. There’s always a back door if it’s not open source and self hosted.
Signal is open source…
Did you verify the code running on their servers is the same as the one in the repo though?
If you don’t compile and self host, it’s not safe.