I feel like the quote and setup here doesn't make sense.
Yes design can contribute to human mistakes, like "oh noes I texted my friends to pickup milk at the store when I meant to text my wife while I was out on a walk".
The context in this case was a high ranking official and secret information. The onus is on that person far more than a casual text to your wife while out for a walk.
Personally I think it should be a job disqualifying mistake. The biggest security risks are always those people who the rules don't apply to and have no consequences.
OP covers this, literally the second paragraph of the article says:
"Maybe better to blame the government itself, which is a system, too. We can and should hold it accountable for securing its messaging, whether that means holding its people accountable or improving its own secure apps.
But this post is about the Signal side."
It is possible to have a world where (a) He shouldn't have been using Signal and (b) The wrong person was added to the chat because of Signal's design.
As a citizen, (a) is more important than (b).
As a UI designer, (a) is really not your field, but you can learn something from (b).
For this blog post, the author's putting on their "UI designer hat" and discussing (b).
Fair point. But it's a gray area because "should" only gets you so far. At some point, you have to start assessing their design against what's actually happening in the real world.
I'd feel better about Signal's role in this if they made it clearer in their comms that they understand they shouldn't be used.
They weren’t. They were using approved software preinstalled on the phones given to them by their IT departments. Signal was approved during the Biden administration.
"Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). An Exception to Policy (E2P) request must be submitted by the appropriate Component for use of an unmanaged messaging app that is critical to fulfilling mission operations at https://rmfks.osd.mil/dode2p. "
In all of this, the question of its encryption hasn't come up? Me texting my mom about family drama that wants to be secret doesn't have the same threat model as actual war plans, but has the encryption itself been deemed sufficiently unbreakable that it's down to UX issues that are the problem and I don't have to worry about anybody uninvited listening in when texting family secrets on signal?
Not an expert, but it's one of those things where you can never be 100% sure somebody doesn't have a top secret algorithm. But to the best of mainstream knowledge, yes, the encryption is fine.
But watch out for quantum computing next decade. That has a chance to make today's encryption breakable.
“If Signal completely changed its philosophy and design goals, a group of highly level government officials, who shouldn’t have been using the app to plan a military mission in the first place (and were warned as such literally the day before) may not have accidentally added a member of the press to their group chat”
I feel like the quote and setup here doesn't make sense.
Yes design can contribute to human mistakes, like "oh noes I texted my friends to pickup milk at the store when I meant to text my wife while I was out on a walk".
The context in this case was a high ranking official and secret information. The onus is on that person far more than a casual text to your wife while out for a walk.
Personally I think it should be a job disqualifying mistake. The biggest security risks are always those people who the rules don't apply to and have no consequences.
OP covers this, literally the second paragraph of the article says:
"Maybe better to blame the government itself, which is a system, too. We can and should hold it accountable for securing its messaging, whether that means holding its people accountable or improving its own secure apps.
But this post is about the Signal side."
It is possible to have a world where (a) He shouldn't have been using Signal and (b) The wrong person was added to the chat because of Signal's design.
As a citizen, (a) is more important than (b).
As a UI designer, (a) is really not your field, but you can learn something from (b).
For this blog post, the author's putting on their "UI designer hat" and discussing (b).
I feel like that article wants to have its cake and eat it too.
It's using an example where ... Signal shouldn't have even been used. That's not a good gateway to talk about Signal.
Fair point. But it's a gray area because "should" only gets you so far. At some point, you have to start assessing their design against what's actually happening in the real world. I'd feel better about Signal's role in this if they made it clearer in their comms that they understand they shouldn't be used.
No.
No amount of design compensates for a high-ranking government official sharing top-secret information using their personal unsecured devices.
They weren’t. They were using approved software preinstalled on the phones given to them by their IT departments. Signal was approved during the Biden administration.
"Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). An Exception to Policy (E2P) request must be submitted by the appropriate Component for use of an unmanaged messaging app that is critical to fulfilling mission operations at https://rmfks.osd.mil/dode2p. "
https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-...
https://www.snopes.com/news/2025/03/27/biden-authorized-sign...
Approved for non secret uses. You can use Signal to say, “Let’s meet at 9:30”. Not, “Dropping bombs after lunch onto XYZ”
In all of this, the question of its encryption hasn't come up? Me texting my mom about family drama that wants to be secret doesn't have the same threat model as actual war plans, but has the encryption itself been deemed sufficiently unbreakable that it's down to UX issues that are the problem and I don't have to worry about anybody uninvited listening in when texting family secrets on signal?
Not an expert, but it's one of those things where you can never be 100% sure somebody doesn't have a top secret algorithm. But to the best of mainstream knowledge, yes, the encryption is fine. But watch out for quantum computing next decade. That has a chance to make today's encryption breakable.
“If Signal completely changed its philosophy and design goals, a group of highly level government officials, who shouldn’t have been using the app to plan a military mission in the first place (and were warned as such literally the day before) may not have accidentally added a member of the press to their group chat”