On Monday, a major outage at Amazon Web Services disrupted a large number of websites and apps, including the end-to-end encrypted messenger Signal. In response, X Executive Chairman and Chief Technical Officer Elon Musk declared that he no longer trusts Signal. “I don’t trust Signal anymore,” Musk stated plainly.
Signal President Meredith Whittaker responded to Musk’s post on X, emphasizing the app’s reputation: “Signal is trusted by the security and hacker community, and hundreds of millions of others, BECAUSE they can examine it, and because on examination, it has shown to be robust, private, and secure—for over a decade.”
### Musk’s Promotion of X Chat
In recent months, Musk has been promoting the use of X Chat as a secure, encrypted communication method between users. However, security experts argue that any encrypted messaging app should be open source to be truly trusted with secure communications. After all, how can users be sure what the app is doing if they cannot review the code themselves?
X labels X Chat—intended to eventually replace the traditional direct messaging system—as beta software on their platform. While there were reports in 2018 that X (then known as Twitter) was testing end-to-end encryption, the feature did not receive an official support announcement until 2023. The company has also stated plans to make it easier for users to verify the safety and security of their chat features.
Jack Dorsey, co-founder of X (originally Twitter) and former CEO, was supportive of moving towards end-to-end encryption during his tenure. More recently, Dorsey developed a geographically-focused messaging app called Bitchat over a weekend. Bitchat gained attention during the recent overthrow of the Nepalese government because of its mesh networking features, which allow it to function locally without internet access. An app with similar capabilities, FireChat, was used during the Hong Kong protests as early as 2014.
### Signal Is Not Perfect Either
Of course, Signal itself is not without flaws and has faced criticism over the years. One common concern raised by security researchers was Signal’s reliance on phone numbers, which many viewed as a privacy risk. The app has recently addressed this issue by allowing users to sign up with just a username.
Notably, Whittaker’s comments about Signal’s openness and verifiability faced pushback from multiple developers in the Bitcoin community. Peter Todd, known for contributing to Bitcoin Core and for being suggested as the alleged Bitcoin creator Satoshi Nakamoto in a recent HBO documentary, pointed out that app stores on Android and iOS hinder users’ ability to confirm that the open-source code published by Signal matches the app installed on their devices.
Todd’s work with Bitcoin Core emphasizes reproducible builds, a process that allows end users to verify that the software they run is built from the exact open-source code released to the public. Similarly, Steve Lee, who leads Bitcoin open-source development grant provider Spiral, highlighted an open issue related to reproducible builds for Signal on Android.
Bitcoin purists also criticize Signal for relying on centralized infrastructure, which contributed to the AWS-related downtime experienced recently. This reliance is seen as a drawback compared to decentralized networks like Bitcoin.
### Striking a Balance
Whether discussing Bitcoin or private messaging, there are often trade-offs between achieving perfect privacy and security versus creating a user-friendly app that people will actually use. Signal remains the gold standard for encrypted messaging, but encouraging more competition in this space is beneficial—so long as such alternatives offer privacy that is truly verifiable and trustworthy.
https://gizmodo.com/signal-president-spars-with-elon-musk-over-trust-in-private-messengers-2000674571