Meredith Whittaker@mer__edith
Hi, hello, we don’t have evidence of extant vulnerabilities, and haven’t been notified of anything. We follow responsible disclosure practices, and closely monitor security@signal.org + respond & fix any valid issues quickly. So if you do have more info hit us up! But beyond this...
...we’ve put a lot of thought into making sure our structure and development practices let people validate our claims, instead of just taking our word for it. This is particularly important to me, since I saw the view from inside a massive tech co and observed how widely their claims could diverge from reality when openness, validation, and an actual commitment to principles were not prioritized. Unlike almost all tech orgs we also build with the belief that the only way to keep data safe is not to collect it in the first place. You can see this in action when you clock the vanishingly small amount of data we have been able to turn over when forced. We fight all subpoenas, and when we are forced to hand anything over, we fight to unseal them and post them here: signal.org/bigbrother/
I’ve provided some links below so you can go deeper. In brief:
-- We use cryptography to keep data out of the hands of everyone but those it’s meant for (this includes protecting it from us). The Signal Protocol is the gold standard in the industry for a reason–it’s been hammered and attacked for over a decade, and it continues to stand the test of time.
-- We engage in regular professional audits (last one completed late Jan 2024).
-- We develop in the open, and leverage reproducible builds. A large community of infosec researchers closely scrutinizes every single update, combing through our repos and binaries. This means that any nefarious change that affects the security of the Signal Protocol, of our codebase, or of the binaries we ship, would be detected almost immediately even on platforms like iOS where reproducible builds are not currently possible (BTW, please pressure Apple to make them possible). This is like an immune system protecting Signal from malign forces–wherever they may be–and ensuring the safety of the millions and millions of people who rely on Signal for sensitive communications. (We’re really grateful that so many people care enough about privacy to dedicate time and energy to ensuring Signal’s robustness.)
-- Finally, we’re also a nonprofit, which means we have no incentive to hype bullshit in order to get acquired or bought out–because even if someone did buy Signal, per the 501c3 tax code the money would need to be reinvested in a mission-aligned cause.
github.com/signalapp/
signal.org/docs/
signal.org/blog/reproduci…
signal.org/blog/signal-fo…
