this post was submitted on 03 May 2026
206 points (94.4% liked)

Technology

84411 readers
5676 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
206
German members of parliament (MPs) advised to drop Signal in favor of Wire over security concerns (cyberinsider.com)
submitted 3 days ago by Deep@mander.xyz to c/technology@lemmy.world
38 comments fedilink hide all child comments
top 38 comments
sorted by: hot top controversial new old
[–] LastYearsIrritant@sopuli.xyz 172 points 3 days ago (5 children)

This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.

They state that wire can be signed up with using an email instead of phone number, so it's less likely that someone will know the validation account used to sign up.

Feels to me like it's just a different attack vector. Maybe it's harder to do attacks on wire, but they didn't really say that in this article.

My gut says it's less attacked just cause it's less used, not that it's more secure. But I'm certainly willing to admit that I haven't looked into wire much.

[–] arcine@jlai.lu 1 points 18 hours ago

I wish they did the Mullvad thing and let you sign up with nothing at all.

[–] SrMono@feddit.org 92 points 3 days ago

It‘s her approach to frame the technology instead of acknowledging that she is the victim of a social engineering attack.

[–] nymnympseudonym@piefed.social 35 points 3 days ago (2 children)

Thank you. I do wish the public conversation were more about actual tech vs social engineering and public-vibe opinion.

I like the fact that Wire uses a separate key for every device and every 2-person pair, even in a group chat.

But I hate how much metadata that Wire leaks. I do not want my ISP/VPN provider to be able to track where I am and with whom I am messaging. IP addresses, routing paths, packet sizes, timing...

Both protocols encrypt what you say. Wire betrays where you were when you said it and gives a lot more clues about who you said it to. Exactly what you want people to use, if you are a nation-state able to monitor corporate ISPs and VPNs.

[–] RecursiveParadox@piefed.social 1 points 14 hours ago (1 children)

But I hate how much metadata that Wire leaks.

This is the first I have heard of this - can you point me to any sites?

[–] nymnympseudonym@piefed.social 1 points 11 hours ago* (last edited 11 hours ago)
[–] brbposting@sh.itjust.works 2 points 2 days ago

Interesting, didn’t know anything about Wire. Are the ISP/VPN selling your data your main concern? Foreign nations enter your mind as far as threat model? Maybe easier to speak generally on what relatively normal (but nerdy) people might do best to care about

[–] tal@lemmy.today 9 points 3 days ago* (last edited 3 days ago) (4 children)

This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.

I mean, it's not that Signal has security issues per se, but it doesn't have the German government's security people with control over what goes into releases, either.

If you remember the wake of Signalgate, the US doesn't allow use by American officials of Signal to do their communications because they don't certify it for classified information transmission and do have their own app that officials are supposed to be using.

On March 15, Secretary of Defense Pete Hegseth used the chat to share sensitive and classified details of the impending airstrikes, including types of aircraft and missiles, as well as launch and attack times.[1][2] The name of an active undercover CIA officer was mentioned by CIA director John Ratcliffe in the chat,[3] while Vance and Hegseth expressed contempt for European allies.[4][5]

A forensic investigation by the White House information technology office determined that Waltz had inadvertently saved Goldberg's phone number under Hughes' contact information. Waltz then added Goldberg to the chat while trying to add Hughes.[15] Subsequently, investigative journalists reported Waltz's team regularly created group chats to coordinate official work[16] and that Hegseth shared details about missile strikes in Yemen to a second group chat which included his wife, his brother, and his lawyer.[17]

On March 18, 2025, the Pentagon sent a department-wide memo warning, "Please note: third party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information"—a category whose release would be far less potentially damaging than that about ongoing military operations.[27] A former NSA hacker said that linking Signal to a desktop app is one of its biggest risks, as Ratcliffe suggested he had done.[28]

According to the article, German government information security people do that for Wire:

Klöckner highlighted that Wire is already provided by the Bundestag administration and is certified by Germany’s Federal Office for Information Security (BSI).

[–] 0_o7@lemmy.dbzer0.com 3 points 2 days ago

Yea, countries are looking for alternatives to US based services. No matter how secure it may seem, they can't control every aspect of the supply chain.

Signal is bound to Google and Apple's platforms to operate reliably, centralized, and these platforms are beyond evil and are well-known to bend the knee for authoritarians ^1,2^

  1. https://techcrunch.com/2023/12/06/us-senator-warns-governments-spying-apple-google-smartphone-users-via-push-notifications/
  2. https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/
[–] nymnympseudonym@piefed.social 9 points 3 days ago (2 children)

Important point about Signalgate: Hegseth & team weren't even using Signal; they were using some weird-ass fork

[–] Sturgist@piefed.ca 15 points 3 days ago (1 children)

Some weird ass fork by a company founded and staffed by Israeli ex-intel officers that allows automatic backup of chats even if they are set to delete after x days

[–] michaelalf@lemmy.world 5 points 2 days ago* (last edited 2 days ago) (1 children)

data harvesting and leaks

looks inside

Israel

Every. Fucking. Time.

[–] Sturgist@piefed.ca 1 points 18 hours ago

Shocking, I know....

[–] Jason2357@lemmy.ca 2 points 2 days ago (1 children)

And not only that, the leak happened because they added a journalist to their group chat by accident. Hilarity.

[–] nymnympseudonym@piefed.social 2 points 2 days ago

"We are clean on OpSec"

-Secretary of War Pete Hegseth

[–] Passerby6497@lemmy.world 3 points 3 days ago

Weren't they also using an insecure clone that sent their messages in plaint text to be archived?

[–] artyom@piefed.social 2 points 3 days ago

Yeah that incident was also due to a phone number issue. Someone somehow had the name associated with the phone number saved incorrectly. Something to do with iOS and how it saves numbers automatically.

[–] 14th_cylon@lemmy.zip 5 points 3 days ago

Feels to me like it’s just a different attack vector.

feels like typical security through obscurity

[–] homesweethomeMrL@lemmy.world 110 points 3 days ago (2 children)

Signal faces scrutiny following a series of phishing-based account hijackings. As previously reported, attackers impersonated Signal support staff to trick users into revealing registration codes and PINs, enabling them to re-register accounts on devices under their control. Signal clarified that its infrastructure and encryption were not compromised, attributing the incidents entirely to social engineering.

I got scammed therefore Signal insecure. Got it.

[–] IratePirate@feddit.org 40 points 2 days ago* (last edited 2 days ago) (1 children)

It was mostly German conservative figures falling for the phishing attack, and it's mostly German conservatives demanding this right now. So they're responding in a characteristically conservative fashion: zero self-awareness, zero competence in the matter, but righteousness cranked all the way up to eleven.

[–] mirshafie@europe.pub 8 points 2 days ago (1 children)

Wtf is a "Signal support staff" is it edible I'm hungry

[–] IratePirate@feddit.org 3 points 2 days ago

Our Signal Support Staffs come in many flavours. Have your taste buds hacked by tasty treats like Scammy Strawberry, Malicious Melon or Phishy Piña Colada!

[–] EntropyPure@lemmy.world 20 points 3 days ago (1 children)

A lot of journalists got that wrong in initial reporting. But as an IT administrator you can see where they are coming from with their switch to another platform.

Signal is end user software, and a very good one at that. But it is no enterprise grade software. It lacks the management and policies needed for such user groups, which Wire seems to provide. Things like a mobile number as primary account handle spells ease and low entrance hurdle for end users, and a security problem for administrations.

The fractured nature of the IT in German politics is probably still keeping the attack surface alive. As outlined here by heise:

https://www.heise.de/en/background/Signal-attacks-Political-reality-bites-the-IT-admin-11279251.html

[–] Jason2357@lemmy.ca 3 points 2 days ago (1 children)

Politicians and beurocrats shouldn't be using it anyway. They should be using something centrally auditable. I have Signal, but I talk to my colleagues in Teams for a reason. I could actually get in some trouble for using a secure back channel that cannot be FOI'd.

[–] SreudianFlip@sh.itjust.works 2 points 2 days ago

Some governments use self-managed Rocketchat and similar.

[–] nroth@lemmy.world 13 points 3 days ago (4 children)

How does being email-based instead of phone-number-based meaningfully help security? I would understand something like non-federated Matrix, where only approved users have accounts on your instance. Less phishing at the cost of convenience.

[–] luciferofastora@feddit.org 16 points 2 days ago

They have no clue what is safe or dangerous or reasonable or stupid. For a few decades now, the Internet has been "Neuland" to them, that is, unexplored country. These geriatric chucklefucks couldn't be arsed to seriously and systematically explore it if you held a gun to their head.

(I don't advocate holding guns to their head, for the record. It wouldn't solve the systematic issue underpinning their incompetence. It would also give them advance warning.)

[–] nymnympseudonym@piefed.social 2 points 2 days ago (1 children)

... or they could just use Molly if they want to sign up with just their email and not a phone number but otherwise still use all the same privacy tech

[–] leriotdelac@lemmy.zip 1 points 2 days ago (1 children)

Just checked Molly, still requires phone number to register. Isn't it an alternative app for Signal?

[–] nymnympseudonym@piefed.social 2 points 2 days ago

Damn I thought getting rid of the phone number requirement was the prime reason Molly forked so idk

[–] SreudianFlip@sh.itjust.works 1 points 2 days ago

You can also run a Matrix site federated but fully private and get similar security with more features.

[–] DreamlandLividity@lemmy.world 1 points 2 days ago

Yes, it's a dumb idea. I imagine the idea is that you can tell if an email is from a government domain or not.

[–] woelkchen@lemmy.world 15 points 3 days ago

Wire is still around? Tried it literally 10 years ago and didn't like it at all.

[–] vogi@piefed.social 8 points 3 days ago* (last edited 2 days ago) (1 children)

I do get the desire to have something more sovereign maybe even decentralised, but this is some real smooth brain behaviour. I don't even think they are following some sort of agenda, and just do not know better.

[–] nymnympseudonym@piefed.social 2 points 2 days ago

Or have someone advising them, who happens to have a vested financial interest.

Doesn't have to be nefarious. Happens all the time.

[–] Greyghoster@aussie.zone 3 points 2 days ago

Seems the solution to spam is active filtering 🤔 locking the system down to a specific European company. Be interesting to see how that plays for them. Not to mention the non availability of email addresses.

[–] Miller@lemmy.world -5 points 3 days ago (1 children)

It's an enigma why they chose it in the first instance.

[–] mpramann@discuss.tchncs.de 3 points 2 days ago

They did not "choose" it as an official tool for internal communication. It was her private phone with a by her installed Signal. Besides that: Phishing can happen on any platform, especially one that is available to the public. Signal is not issue here and swapping email registration against verification by mobile phone number won't solve anything.