No security

[hfOx3915]

• [x] I have searched open and closed issues for duplicates
• [x] I am submitting a bug report for existing functionality that does not work as intended
• [x] I have read https://github.com/signalapp/Signal-Android/wiki/Submitting-useful-bug-reports
• [x] This isn't a feature request or a discussion topic

---

Bug description

Signal offers no security

Steps to reproduce

• Install Signal
• Get involved in something liable to piss off the country you're in (works slightly better if the country is a US "ally")
• Communicate about your plans (or anything else) with other associates over Signal

Actual result: You and/or your conspirators get caught thanks to Signal's generous leaking of metadata.

This is even without going into issues with data found at rest and in transit through its single provider, it being a central point of failure and trivial to DoS. Not to mention the zero assurances of active non-cooperation with the opponent. For passive cooperation, simply accessing one of the conspirators phone's will retrieve incriminating data and because of its amazingly poor security, with physical access it is trivial to impersonate the user.

And let us not talk about the amateurish, unprofessional and immature cynical attitude towards those who point out that this app does not live up to its self-generated hype, which causes people to trust it more than it deserves, putting them at risk (for ex #7553, #7676, many others).

Expected result: You and/or your conspirators do not get caught. Ideally, communications would be resilient to DoS and device data + application would be panic-wipeable.

[pgerber]

Hi @hfOx3915, it seem you'd like to discuss some changes/features you'd like to see rather than reporting a bug. As per contributing guidelines, request like this should be posted in the community forum.

See you in the forum. I'm very interested to hear how you'd solve "with physical access it is trivial to impersonate the user" and keep Signal usable for everyone at the same time. Seems like a pretty hard problem to me.

[hfOx3915]

@pgerber I consider a "secure" messenger being so trivially insecure a fundamental design bug. The only way it could not be a bug is if the secure claim is for marketing purposes only and not actually in the requirements.

I'm very interested to hear how you'd solve "with physical access it is trivial to impersonate the user" and keep Signal usable for everyone at the same time

A usable panic button with destructive response would have been an adequate mitigation measure in the case at hand.

[hfOx3915]

Let @greyson-signal closing of this issue without comment be a testament to how much of a crap the developers of this faux-security app give about their users.

[pgerber]

@hfOx3915 , I'm sure @greyson-signal's thumbs up on my post means he agrees with me that the forum is the right place to discuss all of this. May it be adding a panic button or abandoning Signal for something superior.