Technical analysis of TM SGNL, the unofficial Signal app Trump officials used

voytec · 2025-05-04T22:19:49 1746397189

> 404 Media journalist Joseph Cox published a story pointing out that Waltz was not using the official Signal app, but rather "an obscure and unofficial version of Signal that is designed to archive messages"

Wow. And that's while their entire point of using Signal is to have conversations scrapped after a week to leave no no traces of criminal activity.

khaki54 · 2025-05-05T00:25:13 1746404713

Do you think they are using the message archiving version so that they can meet organizational message retention requirements? Maybe they are using signal to ensure they have e2e encrypted messaging on their devices?

crooked-v · 2025-05-05T01:00:31 1746406831

There are already government e2e apps. The only reason to use something else is to have selective auto-deletion and/or to use personal devices for official classified data.

Mbwagava · 2025-05-04T23:11:50 1746400310

You can turn off message disappearance with the app store app so this seems like a red herring.

tedunangst · 2025-05-04T22:23:21 1746397401

I don't think it follows that they selected the archiving messenger because they wanted disappearing messages. The whole disappearing messages thing was just internet speculation.

an0malous · 2025-05-05T00:44:29 1746405869

No it was reported by the journalist who was in the chat.

> Waltz set some of the messages in the Signal group to disappear after one week

https://www.theatlantic.com/politics/archive/2025/03/trump-a...

ceejayoz · 2025-05-04T22:47:07 1746398827

Whether it was for that purpose or not, the messages did wind up disappearing. The CIA admitted it in a court filing.

https://www.nytimes.com/2025/04/15/us/politics/cia-director-...

mingus88 · 2025-05-04T22:39:22 1746398362

This TM SGNL app is compatible with legit Signal clients and servers.

It’s also possible that they are using this app to archive chats that other parties _believe_ to be disappeared.

In other words, set your chats to disappear in 5 minutes and convince your target to dish some sensitive info. They think it’s off the record, but it’s instantly archived

nine_k · 2025-05-05T01:32:57 1746408777

The counterparty should be naive or stupid to think that whatever they send has no chance to be recorded forever. They should always assume otherwise.

The only interesting use case of disappearing messages is that messages one receives will disappear securely, even if they forget about receiving such messages, or have no access to the device at the time.

jasonfarnon · 2025-05-04T23:31:06 1746401466

Maybe they wanted to use Signal to thwart eavesdropping but they had to modify it in order to comply with govt record retention requirements?

duxup · 2025-05-04T22:25:25 1746397525

Distantly reminds me of the Nixon tapes ... what could go wrong?

I wonder what the people he communicated with knew / thought?

ComputerGuru · 2025-05-04T21:32:30 1746394350

White House communications director previously revealed (after “Signalgate”) that Signal was an approved and whitelisted app for gov’t officials to have on work phones and even discuss top-secret matters on. But I haven’t heard that TeleMessage was approved (and I’d have serious questions if it were given the foreign intelligence factor). Anyone know if there is a clear answer to whether it’s been approved?

watusername · 2025-05-05T01:14:22 1746407662

According to the new 404 Media article [0] about the app's archive server actually being hacked, TeleMessage does have contracts with several governmental agencies. Still not a direct answer to the question, I know, but it tilts the answer overwhelmingly towards "yes."

[0]: https://www.404media.co/the-signal-clone-the-trump-admin-use...

ipv6ipv4 · 2025-05-04T21:59:20 1746395960

It was incontrovertibly approved as it is only installable via MDM.

A likely explanation is that the communications director (or the people informing her) wouldn’t know to distinguish between Signal the app, and a Signal compatible app that is nearly indistinguishable from Signal. A lot like Kleenex is a common term for tissue paper regardless of brand.

When the leak was first revealed, there was loud speculation about the legality of government chat messages being set to auto-delete. This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things. It makes perfect security sense to archive messages somewhere secure, off phone, for record keeping compliance while ensuring that relatively vulnerable phones don’t retain messages for very long. It’s also an easy explanation for why such an app was created in the first place. There is an obvious market for it.

ryanwatkins · 2025-05-04T23:53:00 1746402780

> It was incontrovertibly approved as it is only installable via MDM.

Only if this his standard govt issued phone. It's also been shown they are also using their own personal phones. The could easily be using unapproved phones some random DOGE'er bought gave them with an MDM setup, without any real oversight.

ceejayoz · 2025-05-04T23:07:43 1746400063

> This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things.

We only have evidence they used TeleMessage after the scandal. When the same guy let the press take a photo of his messages with Vance, Rubio, Gabbard and others.

ceejayoz · 2025-05-04T21:44:42 1746395082

The White House communications director lies continually, so the value of that statement is nil.

dashundchen · 2025-05-04T21:58:55 1746395935

I don't know why you're downvoted, she is a horrible liar.

ceejayoz · 2025-05-04T22:48:16 1746398896

She’s the deputy. Steven Cheung is the director. Both people issue Baghdad Bob style statements.

donnachangstein · 2025-05-04T21:55:24 1746395724

The correct answer is no one outside US Government IT knows for sure what is or isn't approved per their own rules. Every article (and comments therein) are just speculation and people trying to confirm their own biases, desperately looking for something to blame someone for, to produce more rage-bait and thus feed more ad clicks.

Every single article is written with the presumption that there are no actual IT people in the White House, that someone wheeled in a Starlink dish on a dessert cart in the yard which is somehow running the entire government. It's silly and ridiculous.

ceejayoz · 2025-05-04T23:32:31 1746401551

> It's silly and ridiculous.

As is putting someone with a brain parasite and anti-vax beliefs as the head of HHS, but here we are.

“Silly and ridiculous” does not mean “implausible” with this administration. It’s the standard.

mdhb · 2025-05-03T06:52:19 1746255139

The big part of this story which nobody is talking about is the fact that the app is literally controlled by a bunch of “former” Israeli intelligence officers. Who now have what is arguably the worlds most valuable access out of anyone.

harrisrobin · 2025-05-03T17:13:50 1746292430

[flagged]

uxp100 · 2025-05-04T21:30:31 1746394231

> Israel’s grip on DC’s balls is far too strong

I more or less agree.

> We’re literally an occupied nation

The language of the US under occupation is a neonazi talking point, ZOG (Zionist Occupation Government) being a phrase neonazi morons like. Maybe a coincidence.

ObliviousLib · 2025-05-05T01:52:21 1746409941

>TFW you acknowledge almost every member of your congress has an AIPAC handler and that your president and industry elites are blackmailed by a particular nation

"Those are neonazi talking points that just happen to be correct!"

jcgl · 2025-05-03T09:47:38 1746265658

What are the visually distinguishing features of this TM SGNL app compared to the official one? To my eyes, the app in the Waltz picture looks the same as the official one.

micahflee · 2025-05-03T15:26:29 1746285989

It says "Verify your TM SGNL PIN" instead of "Verify your Signal PIN". That's the only difference.

LordShredda · 2025-05-03T01:00:21 1746234021

The decision to use a signal knockoff was a planned and managed one, not just on a whim. Who's responsible for managing the phones?

harrisrobin · 2025-05-03T17:14:23 1746292463

Israeli intelligence who happen to be dual citizens and appointed by American officials.

whatshisface · 2025-05-04T21:37:57 1746394677

Don't speculate, the evidence is bad enough.

spenvo · 2025-05-04T22:32:00 1746397920

There is new reporting that a hacker has breached the parent company, TeleMessage, including live data being passed across servers in production.

https://www.404media.co/the-signal-clone-the-trump-admin-use...

It was marked as a DUPE of this discussion, despite being a major new development https://news.ycombinator.com/item?id=43890034 Hopefully that decision can be reconsidered

mullingitover · 2025-05-05T01:41:20 1746409280

http://archive.today/HqMvy

It's insane that this isn't front page news. This takes the original Signalgate breach to an order of magnitude higher level of severity.

baobun · 2025-05-05T00:13:53 1746404033

There seems to be a coordinated and consistent campaign to bury submissions from 404 Media on HN. Hopefully something can be done about that, too.

viraptor · 2025-05-05T01:12:57 1746407577

In August last year I got this from dang when reporting a dead 404 link: "The site 404media.co is banned on HN because it has been the source of too many low-quality posts and because many (most?) of their articles are behind a signup wall."

Not that I've really seen the low quality and the signup requirement doesn't stop other domains. There's quite a few things that originated from 404, so I hope HN gets over whatever it was that annoyed them originally.

pvg · 2025-05-05T00:11:38 1746403898

You can just link the new development in an ongoing story that's already on the front page, just like you did. The alternative would be a second front page thread which splits the discussion and is worse all-round.

spenvo · 2025-05-05T00:19:52 1746404392

That's a fair point, and it's your call - however, if the new (major) development is covered in this way then 1) users on the front page won't see mention of it at headline level and 2) the discussion of that development on HN will be affected by/limited to the time-decay of a post that is 12 hours older. I understand that there are tradeoffs at play, it really comes down to if the development at hand is big-enough to justify another post, and, again, that's your call.

pvg · 2025-05-05T01:19:42 1746407982

It's not my call, I'm just explaining how HN typically works. If you want some story handled differently, you should send an email to [email protected]. But 'two or more things about the same thing on the fp at the same time' is a big barrier to overcome, it almost never happens.

There is mod commentary on 'people might miss things because of the title' as well, it's mostly 'it's ok for people to click through the story or thread to figure things out' and that's also a fairly longstanding 'how HN works most of the time' thing.

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

The operating assumption here is that people are smart enough to follow the developments in the story themselves - in the the thread and outside.

watusername · 2025-05-05T01:00:16 1746406816

I concur. An analysis of potential risks and vulnerabilities is a different beast from actual proof that the app has indeed been hacked. I call for the other discussion to be restored.

Edit: Wanted to respond to the top-level comment but you get the point.

Mbwagava · 2025-05-04T23:11:08 1746400268

How does this happen when signal itself is open source?

dang · 2025-05-04T21:04:59 1746392699

I appended a 'd' to the end of the title to pre-empt objections that they're not still using it. If it's known for sure that they are, we can de-'d' that bit.

1oooqooq · 2025-05-04T22:27:56 1746397676

honest question, but you decided to go against the "don't change titles" rule to choose one unprovable point until another just as unprovable point is proven? it could be argued both ways with the same argument.

dang · 2025-05-05T00:37:08 1746405428

There's no "don't change titles" rule, though it's interesting how the actual rule gets truncated to that in people's minds! Here's the actual rule:

"Please use the original title, unless it is misleading or linkbait; don't editorialize." - https://news.ycombinator.com/newsguidelines.html

In this case I was thinking of both the 'misleading' and 'linkbait' bits of that 'unless'. (By the way, this is common HN moderation practice—bog standard, as I often say.)

> to choose one unprovable point until another just as unprovable point is proven

You might have a, er, provable point if that were the case! but I'm taking for granted that the officials in question did actually use this client, so "used" is known while "use" (which I took to mean "are still using") isn't yet known for sure. Did I miss something?

Edit: btw, in case anyone's wondering why we left the submitted title up instead of reverting it to what the article says, one reason is that the submitted title struck me as arguably less linkbaity (and therefore ok under the rule) and the other reason is that we cut authors a bit of slack when they post their own work.

1oooqooq · 2025-05-05T01:01:39 1746406899

the "use" assume nothing happened after the report (app still in managed domain). "used" assume an extra action taking place, which is a stretch imo.

but i assumed wrong that you added the "d", not that you're only exempting the submitter title. thanks for the insight into your always nice moderation.

follow up question: you work seven days a week??

（评论） (comments)

（评论）
(comments)