Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/
One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: https://npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability. The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 2/
Phishing isn’t new, and it’s not a flaw in our encryption or any of Signal’s underlying technology. Phishing attacks are a constant threat for popular apps and websites. 3/
In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. If you’re interested in learning more, this WIRED article from February 19th (over a month ago) goes into more detail:
https://wired.com/story/russia-signal-qr-code-phishing-attack/ 4/
@signalapp Yeah, can't really call "idiot added Jeff Goldberg to the group chat because he confused him for Jeff Goldblum" a sophisticated phishing attack
@signalapp I am joking. Although... The best jokes carry a kernel of truth.