This seems like a perfect use case to support Signal. Have large, corporate or govt entities, pay for a custom fork of the app, built by the app developers themselves.

Why is telemessage getting the money ? Does the Signal Foundation not make it easy to do paid fork implementations ?

Certainly it's better for the gov't to pay Signal than to try to do it themselves.

The MobileCoin integration and the long standing refusal to support a way to use the messenger without using a phone number (or a smartphone at all) make me wary. To me they sit pretty much on the same level of trust as Meta's WhatsApp, which is a sad thing to have to conclude.

Government has a ton of policy requirements around data retention, audit logging, where their data is stored, who can access it etc, as well as technical requirements for things like encryption algorithms. They also have a requirement to operate on isolated networks.

It is difficult for an ordinary consumer messaging app to meet these requirements. Matrix is really the only competitor.

MobileCoin is prioritised ahead of allowing an iPad-like secondary device experience on Android tablets, for example.

In any case, saying their priorities are misaligned because they don't scratch your particular itch is making a mountain of a molehill.

If you're in the government, you should treat Hegseth and anyone who uses Signal and TMSIGNL as compromised.

https://en.wikipedia.org/wiki/Jonathan_Pollard

The leader of those 11 was fired because of it.

It says it right there in the article. Stop making drama.

Source: use them for several of my clients.

Signal is approved for government uses, just not non-public DOD information. They're supposed to use Signal for something like "hey, get to a SCIF so we can discuss details," then they discuss the details in a secure environment.

Sort of like the drug dealers from The Wire

Not approved for non-public DOD information: https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-...

The DOD memo does not supersede other DOD instructions referenced by the memo requiring RMF and NIAP things.

> Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar apps. CISA recommends an end-to-end encrypted messaging app that is compatible with both iPhone and Android operating systems, allowing for text message interoperability across platforms.

https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...

https://investigations.cooley.com/2025/01/15/federal-law-enf...

TeleMessage is/was an Israeli company [1], but was acquired last year by Smarsh [2], itself a subsidiary of K1 Investment Management, both US companies. It me whether the company moved. While not necessarily related at all, their terms of service also seem to explain specific arrangements for messaging in China that appear to involve disclosures to the Chinese government.

It's unclear to me how the app works. It appears to be advertised as a fork of the Signal client which uploads all content to a remote server, thus, of course, breaking the E2E encryption, unless the archive is considered an end and the connection to it is secure. It also appears to be advertised as being the same interface as Signal.

However, both the iOS and Android Signal clients are AGPLv3. I can't find any indication that the TeleMessage clients are anything other than proprietary. So are they going the route of giving the software and source only to paying customers under AGPLv3 (with those customers then free to distribute it)? Did they completely reimplement the client? Or are they an illegal proprietary fork?

The first option seems unlikely, and the latter two seem rather ominous for the security of the app.

[1]: https://en.wikipedia.org/wiki/TeleMessage [2]: https://en.wikipedia.org/wiki/Smarsh

E2E doesn't mean what I think you think it means; specifically, it has nothing to do with what the intended recipient (or their software) does with the message.

But more generally, your point is why I mentioned "unless the archive is considered an end and the connection to it is secure."

Consider E2E protected email service. You send me the final designs over this encrypted channel. Then I put the designs onto a USB drive and give them to my printer to print. Then I hang them as billboards all over town. This is a valid use case for E2E. Yet the contents of the message ends up visible from the freeway.

You are confusing Snapchat mechanics for encryption.

I think we're talking about this from two different perspectives. You're considering a user in someone's conversation with a modified, archiving client. Yes, you obviously can't prevent that from a technical side, and it doesn't break Signal's E2E. It would be even simpler to do this with the unmodified Android Signal client, which essentially allows message exports.

I was assuming (possibly incorrectly) that TM's client was being used as an overall messaging system by the government groups involved here, which is how TM seems to advertise it: not a single user running their client, but every (or every internal) user communicating with each other using their client. In that case each user's client would be sending each message to some recipients by Signal Protocol and other recipients by, if other comments and some parts of TM's advertising are correct, SMTP. Yes, some sender-recipient pairs are E2E in that case, but that seems a bit besides the point, as there are others that aren't, and those could be vulnerable to eavesdropping and modification.

I do realize that what I wrote in the initial comment could easily be read as something other than what I meant (it isn't E2E for the messages through Signal that is broken, but separate likely non-E2E messages); I suppose I should have expected here that doing so would result in replies focusing on that interpretation.

If you want to make sure nothing is ever archived, there is no software-only solution. If you control the hardware, in theory you can mandate that everything from the OS level-up is a reproducible build and you know for a fact that the messaging client does not allow any export feature. But also, you still have the problem of someone taking a picture of the screen. The real way to do this would be to control the software, hardware, and environment, aka a SCIF. If you want me to see classified war plans, confiscate all my electronics then show me what I need to see in a controlled environment where I can’t make copies. Messaging apps just simply can’t do any of that.

If I care more about my snapchat account than I do about saving your disappearing message minus your ability to leverage snapchat into banning my account or apply outside social pressure, then your disappearing message may actually disappear. As the stakes go up, so does the leverage required for “endpoint security” to be a meaningful security boundary.

If you really need to, you can combine this with a rig that holds the phone and the camera just right, controls the lighting, and interacts with the phone via a hotdog mounted on a gantry. Come to think of it, any 3D printer can be adapted to archive Signal/Snapchat/etc. messages in a completely undetectable way. Could even reply if you rig up another phone to talk to your hot dog finger + camera robot.

One-time secret, maybe?

As long as their clients can redistribute it, its not illegal, especially if their clients have 0 interest in leaking the source code, the real trick is, has anyone who is NOT using that client hit any of the AGPL relay servers?

For context, I worked for an employer that sold a custom software solution, which used GPL'd software, client was in the military space, so I guess DOD, anyway, for over a decade nobody asked for any of the code, till some years back. I am guessing they just wanted to have it evaluated, but it was a workhorse of many many things, good luck trying to fork it, LOTS of moving pieces involved.

Nothing illegal unless someone who touches a TM SGNL server (somehow) requests the source and they reject you from having it.

But from their website, which has terms of service for each app, it really seems that they are presenting them as standard proprietary closed-source offerings.

LMAO NO! I have quite a few clients using Telemeasage, and most of them use Global Relay on the backend. It's a little terrifying actually, as Global Relay just ingests everything via SMTP. I haven't checked if they have DNSSEC or MTA-STS set up, but with how Global Relay operates I would be surprised if they did. I suspect a well-placed proxy or DNS poisoning could siphon off a good chunk of sensitive emails being sent to Global Relay.

https://www.telemessage.com/how-to-install-and-register-sign...

Head of NatSec, ladies and gentlemen. Once the domain of Kissinger, Brzezinski, Powell and Rice. Now with the opsec of a brain-damaged cocaine dealer.

(It was 1-2-3-4-5.)

Kissinger shared culpability for what happened in Cambodia, Laos, and Vietnam.

Rice shares culpability for what happened in Afghanistan and Iraq.

Hegseth may still participate in war crimes regardless of being a dim bulb. One can only hope his disability makes him less effective in causing harm deliberately, but he still may cause great harm inadvertently as well.

America needs to acknowledge that it has a multitiered system of selective criminal prosecution where some people get away with crimes because of who they are.

No, not for classified comms. They already have secure comms and SCIFs but they're not using them. This is what they should be using. And they should be following sterile opsec so they don't carry tracking and listening devices into classified meetings or strategy discussions with decision makers.

They do need better opsec for unclassified and personal comms. It would be nice™ for them to have a Signal-like app controlled by the NSA because depending on Signal or WhatsApp is vulnerable to a malicious insider. Few Meta employees have security clearances, while I don't know about Signal.

If its an app they wanted kept under wraps, it will make the while Hegseth situation seem a lot more benign.

I use Molly Messenger on a secondary phone that doesn't have a SIM, its a fork of Signal with a few differences related to encryption at rest. It still works with normal signal users just fine, on the other end you can't tell I have a different client. If the government has a similarly forked version you could likely still accidentally invite the wrong user in from their normal Signal app and they wouldn't know you're on a forked version with government archiving features.

> Instead TM SGNL appears to refer to a piece of software from a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them.

https://en.wikipedia.org/wiki/TeleMessage

That said, whether this makes the situation better or worse depends on who can actually see these archives. "Smarsh" is a US-based company, but they acquired TeleMessage, which was (is?) based in Israel.

Is there no way Signal can prevent this in the official app?

I find the Signal devs' attitude so frustrating; they deliberately disable the ability to use Signal in secondary device mode for phone-sized-devices, because they know the Correct Way To Use Signal™ is to only use it on one phone-sized-device.

It would appear they're using this app now, post-incident, because they got in trouble. (And having messages with Vance, Gabbard, etc. be visible to the press pool camera is... not a great look for the guy who accidentally added a reporter.)

https://www.nytimes.com/2025/04/15/us/politics/cia-director-...

> All of the messages from a leaked group chat have been deleted from the phone of John Ratcliffe, the C.I.A. director, the agency said in a court filing.

The agency is the CIA, to a court, saying the messages are gone.

How do you know this? Also I would not consider this a “feature”. We should assume they’re different apps, insofar as Telemessage can add whatever they please to the source

https://www.c-span.org/program/senate-committee/dni-director...

That doesn’t mean you won’t get in trouble if you flap them in a way that says “we bomb x at y o’clock” where uncleared people can hear.