If you’re a messenger that has built its entire reputation on industry-leading security and privacy, then Elon Musk suggesting to his 182 million followers that you have “known vulnerabilities that are not being addressed” is very bad news.
Elon Musk has just posted about Signal—again
Musk has history with the leading secure messenger Signal. Back in 2021, he caused something of a stir when he tweeted “Use Signal.” His voice was quickly added to the likes of Edward Snowden as an advocate for the fast-growing platform that was seen as a more secure alternative to Meta’s WhatsApp.
So, it’s a huge surprise to see him suddenly shift the other way—and yet here we are. Musk has just posted to his 182 million followers: “There are known vulnerabilities with Signal that are not being addressed. Seems odd...”
Musk was responding to a post promoting a City Journal report into Signal’s alleged government links and into NPR CEO Katherine Maher’s role as chair of the board of the Signal Foundation, suggesting a “fear that Signal may be compromised.”
The crux of the City Journal article goes back to Signal’s founding and early funding, which “raises questions about the app’s origins and its relationship with government—in particular, with the American intelligence apparatus. Such a relationship would be troubling, given how much we have learned, in recent years, about extensive efforts to control and censor information undertaken by technology companies, sometimes in tandem with American government officials.”
In short, this relates to a grant from the Open Technology Fund, a spinout from the government-funded, anti-communist Radio Free Asia dating back to the Cold War. The article claims that the radio service was linked to the U.S. government. Beyond its origins and more to the point of the X exchange, the article also references Maher’s own U.S. government relationships and career history.
Musk’s response might have been simple, but his reach and influence is anything but—and the last thing Signal needs is even the hint of this. And so, little surprise that Signal President Meredith Whittaker quickly responded to Musk that “we don’t have evidence of extant vulnerabilities, and haven’t been notified of anything. We follow responsible disclosure practices, and closely monitor security@signal.org + respond & fix any valid issues quickly. So if you do have more info hit us up!”
This was backed by a Community Note on Musk’s own platform, fact checking its boss: “Signal makes it extremely easy to verify this claim. If there were known vulnerabilities, they could be enumerated. There are none for current versions.”
So, should you be concerned? In short—no. Not only is Signal as tried and tested as any messaging platform out there, but its software is open-source and open to view. It is also the encryption backbone supporting most other leading secure messaging apps, with the exception of iMessage and Telegram.
Signal’s encryption is used today by WhatsApp, Facebook Messenger and Google Messages, and was recently called out by WhatsApp as the default standard for its opening up to third-party chats under Europe’s Digital Markets Act.
When one of the replies to Musk’s post suggests Telegram as an alternative to Signal, we really are deep inside the rabbit hole. Telegram is not end-to-end encrypted by default and its security pales when compared to Signal, to say nothing of the controversies around the make-up of its user base and communities.
Let’s put it even more simply—if Signal really had been secretly compromised, with known vulnerabilities that were unaddressed, then no messenger would be safe.
