Still trying to grasp the idea of archiving messages from E2E encrypted communication system into a storage that entirely breaks the purpose of using something like Signal.
It’s like encashing on the trust of Signal protocol, app while breaking its security model so that someone else can search through all messages.
OK, say you're a bank. The SEC states you need to keep archives of every discussion your traders have with anyone at any time (I'm simplifying things but you get the point). You keep getting massive fines because traders were whatsapping about deals
So now you've got several options - you can use MS Teams, which of course offers archival, compliance monitoring etc. But that means trusting MSFT, and making sure your traders only use Teams and nothing else. You can use a dedicated application for the financial industry, like Symphony or ICE Chat or Bloomberg, but they're clunkier than B2C apps.
And then the Smarsh (owners of Telemessage) salesman calls you, and says "your users can keep using the apps they love - WhatsApp, Signal - but we make it compliant". And everyone loves it (as long as no-one in your Security or Legal teams are looking too hard at the implications of distributing a cracked version of WhatsApp through your MDM...)
It definitely doesn't resolve the trust issue! I would trust MSFT a million times more than these cowboys. What it does give you is peace with your traders (who can be real divas..) - they can keep using "WhatsApp" and "Signal" and you can monitor everything
You can never control what I do on my device with the message received- I can make screenshots, or, if the app prevents that, take a picture of the screen.
The goal of signal is trusted end-to-end encrypted communication. Device/Message security on either end is not in scope for Signals threat model.
Any client-side limitations are not part of the security model because you don't control other people's devices. Even with an unmodified app, they're trivially bypassed using a rooted/jailbroken device.
There are compliance reasons where you want the communications encrypted in flight, but need them retained at rest for compliance reasons. Federal record keeping laws would otherwise prohibit the use of a service like Signal. I'm honestly impressed that the people involved actually took the extra effort for compliance when nothing else they did was above board...
Makes sense. But still debatable if the compliance requirements are acting against the security model or perhaps there are biggest concerns here than just secure communication.
So this whole app exists because Signal doesn't have a way to archive messages on iPhone. Maybe they should take the hint and see that this is actually something a lot of people would find useful, instead of keeping it the backlog for a decade.
The big part of this story which nobody is talking about is the fact that the app is literally controlled by a bunch of “former” Israeli intelligence officers. Who now have what is arguably the worlds most valuable access out of anyone.
The E2E encryption is likely not even relevant, unless I'm missing something?
The builds that are distributed would likely just send the plaintext un-encrypted message separately to the archive, and I'm guessing that means it goes right to TM servers before being dispatched elsewhere.
The language of the US under occupation is a neonazi talking point, ZOG (Zionist Occupation Government) being a phrase neonazi morons like. Maybe a coincidence.
White House communications director previously revealed (after “Signalgate”) that Signal was an approved and whitelisted app for gov’t officials to have on work phones and even discuss top-secret matters on. But I haven’t heard that TeleMessage was approved (and I’d have serious questions if it were given the foreign intelligence factor). Anyone know if there is a clear answer to whether it’s been approved?
According to the new 404 Media article [0] about the app's archive server actually being hacked, TeleMessage does have contracts with several governmental agencies. Still not a direct answer to the question, I know, but it tilts the answer overwhelmingly towards "yes."
This is so frightening. I worked in corporate security, and that was occasionally a leaking ship, but this wouldn’t even fly with our engineers even if we wanted their message history. This is negligence.
It was incontrovertibly approved as it is only installable via MDM.
A likely explanation is that the communications director (or the people informing her) wouldn’t know to distinguish between Signal the app, and a Signal compatible app that is nearly indistinguishable from Signal. A lot like Kleenex is a common term for tissue paper regardless of brand.
When the leak was first revealed, there was loud speculation about the legality of government chat messages being set to auto-delete. This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things. It makes perfect security sense to archive messages somewhere secure, off phone, for record keeping compliance while ensuring that relatively vulnerable phones don’t retain messages for very long. It’s also an easy explanation for why such an app was created in the first place. There is an obvious market for it.
> It was incontrovertibly approved as it is only installable via MDM.
Only if this his standard govt issued phone. It's also been shown they are also using their own personal phones. The could easily be using unapproved phones some random DOGE'er bought gave them with an MDM setup, without any real oversight.
This is currently my bet. This looks like something I would set up— state actors are not in my threat list. But, I’m usually being paid to protect the employer not the employee.
> This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things.
We only have evidence they used TeleMessage after the scandal. When the same guy let the press take a photo of his messages with Vance, Rubio, Gabbard and others.
If DOGE can storm into government offices and get root access to sensitive system without proper procedure, couldn't SECDEF and co. strong arm their way past the IT worker managing the MDM?
The correct answer is no one outside US Government IT knows for sure what is or isn't approved per their own rules. Every article (and comments therein) are just speculation and people trying to confirm their own biases, desperately looking for something to blame someone for, to produce more rage-bait and thus feed more ad clicks.
Every single article is written with the presumption that there are no actual IT people in the White House, that someone wheeled in a Starlink dish on a dessert cart in the yard which is somehow running the entire government. It's silly and ridiculous.
>that someone wheeled in a Starlink dish on a dessert cart in the yard
That situation was ridiculous, in that to score the marketing points, but fighting with the whitehouse IT the starlink is installed at a remote ___location with much the same point of failure as their fibre services.
I mean, have you actually met many pro-Trump IT folks? Worked with them in any capacity? Real bargain-basement shit.
If you ever get the chance to talk to a recruiter who's been in the game for a few decades, ask them about conservative brain-drain. It's a really weird phenomenon to have someone just lay out for you from a functional perspective, especially if you grew up around people doing dev work for the military back in the day.
A few decades ago, the Republican party had one foot in the anti-intellectual camp, but only one.
They were the party of young-earth creationists, religious pro-lifers, climate-deniers and gun-lovers - but also of educated fiscally conservative folks. The party would welcome economics professors and leaders of medium-sized businesses, promising no radical changes, no big increases in spending or regulation, and a generally pro-market/pro-business stance.
The genius of Trump was in realising the educated fiscally conservative folk were driving 95% of the republican policy agenda but only delivering 10% of the votes. The average Republican voter loves the idea of disbanding the IRS and replacing all taxes with tariffs on imports. Sure, you lose the educated 10% who think that policy is economic suicide - but you can more than make up for it with increased turn-out from the other 90% who are really fired up by the prospect of eliminating all taxes.
And it works - jumping into the anti-intellectual camp with both feet has delivered the house, the senate, the presidency (electoral college and popular vote), and the supreme court.
The conservative movement has a brain-drain because they've realised they don't want the votes of smart, educated people.
>> Signal was an approved and whitelisted app for ... discuss top-secret matters on.
No. Just no. Anyone who has handled TS information would know how nutz that sounds. Irrespective of software, TS stuff is only ever displayed in special rooms with big doors and a man with a gun outside. The concept of having TS on an everyday-use cellphone is just maddening.
"President Obama, a self-proclaimed BlackBerry addict, won't have to give up his smartphone for personal and professional use, after all.
But communication on the device — quickly dubbed the "BarackBerry" in news reports — will be limited to senior staff "and a small group of personal friends," White House spokesman Robert Gibbs announced Thursday. He declined to elaborate on the names of people in the president's calling circle."
You're leaving out crucial information. Obama didn't keep his BlackBerry for classified information, he was given the then-standard government secure mobile communications device, a Secure Mobile Environment Personal Encryption Device (SME-PED).
More specifically, the device Obama was given was a Sectéra Edge [0][1] by General Dynamics, a device specifically designed to be able to operate on Top Secret voice and Secret data networks. It had hardware-level separation between the unclassified and classified sides, even having separate flash memory for both. [2]
The NSA contributed to the design and certified it and another device (L3's Guardian) on the SCIP, HAIPE, Suite A/B, Type 1, and non-Type 1 security protocols.
It was absolutely not a regular BlackBerry, it didn't run any RIM software, no data ever went through RIM's servers, and secure calls were encrypted and didn't use SS7. It was a clunky purpose-designed device for the entire US government to be able to access Secret information and conduct Top Secret voice calls on the go.
Even then, there were limitations to when and where it could be used and when a SCIF was required.
The current equivalent of the SME-PED programme is the DoD's Mobility Classified Capability[3], which are specially customised smartphones again made by General Dynamics.
There is no excuse whatsoever for the current administration's use of Signal, let alone TeleMessage Signal, for Secret and Top Secret discussions on regular consumer and personal devices. It's deeply irresponsible and worse than any previous administration has done.
Your reference [0] appears to contradict what you've said here. It speaks at length about several NSA approved options as alternatives, but says Obama used a BlackBerry.
The photo attached to the article captioned "President-elect Barack Obama checks his BlackBerry while riding on his campaign bus in Pennsylvania last March." appears to show a blackberry.
I take it from the article that this was as controversial as I remember it being at the time. Thanks for posting it.
He was allowed to keep his BlackBerry for personal communication only, not classified communication, and had to use a Sectéra Edge for classified communication. [0]
The Blackberry for personal use wasn't a stock BlackBerry, but hardened by the NSA and fitted with the SecurVoice software package to encrypt voice calls, emails, and messages. The few people he had on his approved communication list were given the same devices.[1]
That BlackBerry was, again, not used for classified communication. So it's not the same thing as the current scandal.
> He was allowed to keep his BlackBerry for personal communication only, not classified communication
Presence of the senior staff on his (very limited) contact list would seem to contradict that statement. Communication with them would be, by definition, not personal.
I agree with you that our government officials should be using the secure infrastructure our patriotic service members and civil servants work so hard to build and maintain.
If you’d prefer, we can call it unclassified communication rather than personal communication. The point is that it was not used for Secret, Top Secret, or other classified communications. For that, he had the SME-PED device.
So, again, it’s not a parallel to the current situation. Nobody is saying the SecDef and other staff shouldn’t have unclassified devices as well as their classified devices, the issue is that they’ve been using the unclassified devices to conduct Secret or Top Secret discussions.
Do you have evidence that Obama discussed or viewed topsecret intel on that blackberry or are you just trying to muddy the waters with a false equivalence?
You think he used it only to discuss what flavor of ice cream was being served that day in the whitehouse dining hall? With only the senior staff? If so, I have a bridge for sale which may interest you.
Cool, I'm sure we can inspect the software to verify that, right? Or do I just have to trust someone? Surely it still used the public cell network. SS7 isn't exactly a model of perfect security. That's why we still get robocalls, and why we have special secure lines for government in the first place.
I've only ever voted green or dem. I just think the rage cycle is silly. "Not when my side does it" is bullshit no matter which side is saying it.
What are the visually distinguishing features of this TM SGNL app compared to the official one? To my eyes, the app in the Waltz picture looks the same as the official one.
In August last year I got this from dang when reporting a dead 404 link: "The site 404media.co is banned on HN because it has been the source of too many low-quality posts and because many (most?) of their articles are behind a signup wall."
Not that I've really seen the low quality and the signup requirement doesn't stop other domains. There's quite a few things that originated from 404, so I hope HN gets over whatever it was that annoyed them originally.
The main issue is the (sometimes) hard signup wall. I've been a moderator on HN for longer than 404media has existed, and I know from experience that this changes from time to time or article to article. Other paywalled sites that appear on HN (WSJ, NYT etc) have a porous paywall; you can (almost) always get around it by using an archive site like Archive.today.
If it's a good article (contains significant new information and can be a topic of curious conversation) and a paywall workaround works for that article, we'll happily allow it.
Since HN doesn't really facilitate any workarounds anyway and we've been doing manual archive links and content reposting as needed in other cases... I suspect we can handle 404 as well as a community.
> The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.
You can just link the new development in an ongoing story that's already on the front page, just like you did. The alternative would be a second front page thread which splits the discussion and is worse all-round.
That's a fair point, and it's your call - however, if the new (major) development is covered in this way then 1) users on the front page won't see mention of it at headline level and 2) the discussion of that development on HN will be affected by/limited to the time-decay of a post that is 12 hours older. I understand that there are tradeoffs at play, it really comes down to if the development at hand is big-enough to justify another post, and, again, that's your call.
It's not my call, I'm just explaining how HN typically works. If you want some story handled differently, you should send an email to [email protected]. But 'two or more things about the same thing on the fp at the same time' is a big barrier to overcome, it almost never happens.
There is mod commentary on 'people might miss things because of the title' as well, it's mostly 'it's ok for people to click through the story or thread to figure things out' and that's also a fairly longstanding 'how HN works most of the time' thing.
I concur. An analysis of potential risks and vulnerabilities is a different beast from actual proof that the app has indeed been hacked. I call for the other discussion to be restored.
Edit: Wanted to respond to the top-level comment but you get the point.
They used an internal fork delivered via MDM. There are no guarantees that Signal can make about the software running on those phones and per the reports it’s a lot of phones.
I appended a 'd' to the end of the title to pre-empt objections that they're not still using it. If it's known for sure that they are, we can de-'d' that bit.
honest question, but you decided to go against the "don't change titles" rule to choose one unprovable point until another just as unprovable point is proven? it could be argued both ways with the same argument.
In this case I was thinking of both the 'misleading' and 'linkbait' bits of that 'unless'. (By the way, this is common HN moderation practice—bog standard, as I often say.)
> to choose one unprovable point until another just as unprovable point is proven
You might have a, er, provable point if that were the case! but I'm taking for granted that the officials in question did actually use this client, so "used" is known while "use" (which I took to mean "are still using") isn't yet known for sure. Did I miss something?
Edit: btw, in case anyone's wondering why we left the submitted title up instead of reverting it to what the article says, one reason is that the submitted title struck me as arguably less linkbaity (and therefore ok under the rule) and the other reason is that we cut authors a bit of slack when they post their own work.
the "use" assume nothing happened after the report (app still in managed ___domain). "used" assume an extra action taking place, which is a stretch imo.
but i assumed wrong that you added the "d", not that you're only exempting the submitter title. thanks for the insight into your always nice moderation.
> 404 Media journalist Joseph Cox published a story pointing out that Waltz was not using the official Signal app, but rather "an obscure and unofficial version of Signal that is designed to archive messages"
Wow. And that's while their entire point of using Signal is to have conversations scrapped after a week to leave no no traces of criminal activity.
Do you think they are using the message archiving version so that they can meet organizational message retention requirements? Maybe they are using signal to ensure they have e2e encrypted messaging on their devices?
There are already government e2e apps. The only reason to use something else is to have selective auto-deletion and/or to use personal devices for official classified data.
Another reason: all of the folks on that group chat have legitimate reasons to have contacts on their phone that would be outside government apps. Foreign leadership. Journalists. Etc.
Signal is likely to be one of the main ways of communicating with those.
It wouldn't actually. The contact in his phone (incorrectly added by Apple AI from a forwarded email) would be the same regardless which app he was using.
Instead, Signal (and this forked version) would have to do its own independent contact management, maybe based on in-person scanning of QR codes plus web-of-trust.
Do you have the link to this alleged government-produced e2e software so we can inspect ourselves? I realize they have an incentive to appear incompetent, but surely there must be evidence (further than your testimony) of such gossip popping up somewhere
Are the apps usable? The jargon seems intentionally impenetrable. The editor of that document should be shot every time they used an acronym. Like i get the DOD is a profitable dick to suck but this is just embarrassing for a document intended for the public.
Anyway can you link the source? That's presumably the useful half. The marketing bit doesn't add anything.
I don't care how usable they are, this is the DoD and NSA-approved mechanism for conducting classified conversations and viewing classified data on mobile devices. The adversaries here are other countries who are very good at what they do, security is far more important than convenience.
As for further research, there's plenty online about his programme and these devices. Feel free to Google it yourself. You're asking to be spoonfed.
I don't think it follows that they selected the archiving messenger because they wanted disappearing messages. The whole disappearing messages thing was just internet speculation.
This TM SGNL app is compatible with legit Signal clients and servers.
It’s also possible that they are using this app to archive chats that other parties _believe_ to be disappeared.
In other words, set your chats to disappear in 5 minutes and convince your target to dish some sensitive info. They think it’s off the record, but it’s instantly archived
The counterparty should be naive or stupid to think that whatever they send has no chance to be recorded forever. They should always assume otherwise.
The only interesting use case of disappearing messages is that messages one receives will disappear securely, even if they forget about receiving such messages, or have no access to the device at the time.
What? The point of Signal is not message scraping, but a good E2E encryption. Message scraping is just one feature the app provides that you can turn of if you wish.
It’s like encashing on the trust of Signal protocol, app while breaking its security model so that someone else can search through all messages.
What am I missing here?
reply