The revelation that The Atlantic’s editor-in-chief, Jeffrey Goldberg, was mistakenly added to the Signal group, which includes CIA Director John Ratcliffe, Vice President J.D. Vance, Defense Secretary Pete Hegseth, and National Security Adviser Mike Waltz, has sparked continued controversy due to discussions of war plans in the chat group that mistakenly included a journalist. Last Tuesday, a series of individuals, including the CIA Director John Ratcliffe, Vice President J.D. Vance, Defense Secretary Pete Hegseth, and National Security Adviser Mike Waltz, testified before the Senate. It was revealed that the group was discussing the future of the Yemen attack, the reasons behind it, its political implications, and how to communicate it to the public. Since Signal is an open-source messaging application that allows encryption, it is generally considered secure. Signal began to be discussed more after it was understood that even federal officials were discussing war topics on this application in the recent incident.

While American politicians heatedly debate the security loophole revealed by this incident, Signal President Meredith Whittaker defended the security of the messaging application. Whittaker described the application as the “gold standard in private communication” in a post on X. She stated, “We are an open-source, non-profit organization, and we develop and implement technologies that protect metadata, message content (end-to-end encryption), and privacy.”

Signal is a messaging service managed by Signal Messenger Company that operates on centralized servers, runs open-source, and is entirely encrypted. Open source means that the software of an application or service is made accessible, viewable, changeable, and distributable to everyone. Open-source software can be continuously improved by developers and used freely. For example, projects like Linux and Firefox are open-source. This allows security experts to verify how the application operates and ensure it remains secure.

Signal stores user data on its servers, including phone numbers, the date a user joined the service, and information on the last login. A phone number is required to create an account. However, the contacts, chats, and other communications of users are stored on the user’s device – their phone, and an option is provided to automatically delete conversations after a certain period. As indicated on the company’s website, Signal does not serve ads or belong to any organization. Therefore, unlike many other messaging applications, Signal does not track or store user data. Signal also allows users to hide their phone numbers from others.

Signal uses end-to-end encryption. This encryption feature ensures that the content sent can only be read or listened to by the sender and recipient, and that messages are not stored on any other server, preventing third parties from accessing message content, including apps like WhatsApp. Simply put, a pair of keys is generated for communicating parties. Messages are encrypted, and only the recipient can decrypt them using their corresponding key. This means that users can communicate privately and securely without any party, not even Signal itself, having access to the content of their conversations – thus ensuring user privacy.

Rocky Cole, the owner of the cybersecurity firm iVerify and a guardian of smartphone users against hackers, stated in an interview with Reuters that Signal has a “great reputation” and is commonly used in the security community. However, using Signal alone is not enough to protect sensitive data, as hackers can “hack the cell phone itself and remotely access devices.”

According to the company’s website, Signal was founded in 2012 by the entrepreneur Moxie Marlinspike and Whittaker. In February 2018, Marlinspike, along with WhatsApp co-founder Brian Acton, established the non-profit Signal Foundation that currently oversees the application. Signal is not affiliated with any major tech company according to its website and will never be acquired by any company.

Signal, once seen as an exotic messaging application used mainly by activists and privacy advocates, has now become a whisper network for journalists and even a messaging tool for government agencies. Following controversial changes to WhatsApp’s privacy policies, Signal experienced “unprecedented” growth in 2021, as WhatsApp announced a policy update that would allow user data to be shared more with Facebook (now Meta).

In 2017, the U.S. Senate approved the use of Signal for military personnel. However, Ben Wood, chief analyst of CCS Insight, stated in an interview with Reuters that he did not believe it was appropriate for high-ranking officials of Donald Trump to discuss military plans against Yemeni Houthi militants on Signal due to the risk created by the discussion of highly sensitive national security information.