Signalgate: The saga continues

- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

Freedom of the Press Foundation (CC BY 4.0)

It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

But his Signals

Last month we previously wrote about lessons learned from Signalgate, in which national security adviser Michael Waltz inadvertently added Jeffrey Goldberg, the editor-in-chief of The Atlantic, to a Signal group chat concerning plans for bombings in Yemen. In that group, Defense Secretary Pete Hegseth spoke about attack plans in specific detail, which critics have suggested put operational information at risk of being leaked to adversaries. This week The New York Times revealed Hegseth similarly shared attack plans with his wife and brother in a second group chat that he created from a personal device. According to NPR, the White House is now exploring the idea of replacing Hegseth as defense secretary.

What you can do

Invite the right people. Signal offers strong end-to-end encryption, meaning that only those in conversation can read your messages. But whether someone is added accidentally or intentionally, Signal cannot protect you from people in the chat. It’s therefore important to understand who is in the chat and to be careful about what you choose to share in those conversations. To learn more, read our write-up on Signal’s identifiers.
Practice regular device maintenance. Since the Signalgate story was first reported, we have received a lot of questions about what the app does and doesn’t protect. Signal offers end-to-end encryption, but if your phone is targeted with malware and the device is compromised, just like all apps, anything that happens on that device may also be compromised. This includes your Signal messages. One of the best defenses for journalists is to keep your device’s operating system and apps up to date to receive the newest security patches and make it much more costly for attackers to get into your phone. It’s also a good idea to remove unnecessary apps from your device to reduce the number of potential footholds for malware. Read our guide to mobile security for more.
Safety numbers and locking it down further. If you are looking for extra assurance that you’re talking to the right person, consider using safety numbers — a series of short codes that represent the encryption within your conversation. If you and your trusted contact see the same safety number in your conversation settings, you can be pretty certain you’re talking to the right person on the app and that your encryption is working as intended. Signal’s default settings are already quite strong, but for an exhaustive look at safety numbers and more you can do to harden your Signal settings further, check out our guide to locking down Signal.

Updates from our team

My colleague Davis Erin Anderson wrote an advice column on a question we often talk about in our training: What does your Internet Service Provider see about your web activity, and to what extent can a VPN help? Check out her post.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

–

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation

Signalgate: The saga continues

But his Signals

What you can do

Updates from our team

Related Posts

More Signalgate than we can tolerate

Advice column: What information can my VPN provider see?

Security lessons from a Signal group chat

But his Signals

Get Weekly Tips & Advice

What you can do

Updates from our team

Related Posts

More Signalgate than we can tolerate

Advice column: What information can my VPN provider see?

Security lessons from a Signal group chat

Sign Up. Take Action.