This is Tux. He is a penguin. He’s also the official mascot of the Linux kernel, which is the program at the core of all Linux operating systems, and which manages system resources and communication between hardware and software. It’s where the concept of different Linux “distros” comes from, as I have previously discussed, and is the common element on which operating systems like Ubuntu, Mint, Arch, Kali - and many others - are built.

This is also Tux, but he’s encrypted. Unfortunately, he’s not encrypted well, so a lot of “signal” is visible in what should appear to be noise in a correctly-designed cryptographic algorithm.

This, too, is Tux. You’ll have to take my word for it, though, because he’s correctly encrypted, and it’s practically impossible to distinguish between the image and random noise, unless you have the encryption key.

Encryption is what brings us to Signal, an open-source, encrypted messaging service for instant messaging and voice/video calls. You may have heard a bit about it recently, but a lot of the news is confusing, misleading, or pure disinformation.

It’s important to realize that “Signal” can refer to the Signal Technology Foundation, which is a non-profit organization, founded in 2018, to “protect free expression and enable secure global communication through open source privacy technology”. It can also refer to “Signal Messenger LLC”, which is the subsidiary of the Signal Technology Foundation that is responsible for development of the Signal messaging app.

And, finally, it can refer to the Signal Protocol, which is designed to provide end-to-end encryption for voice and instant messaging. It is solid, reliable, and used not only by the Signal messaging app, but by others as well, including WhatsApp, Google, and Facebook Messenger.

The Signal application works on both mobile (Android and iOS) and desktop (Windows, macOS, and Linux), and is both free and open-source. Privacy for the individual user is a main focus of the Signal app, and since the software is open-source, this can be audited and verified.

This, in turn, brings us to “Signalgate”.

(First, I dislike the habit of appending “gate” to another name to indicate a “scandal” of some sort. It just bugs me. Sigh.)

To summarize, a group of US national security “leaders” apparently used Signal to discuss an imminent military operation in Yemen, and accidentally added journalist Jeffrey Goldberg to the chat.

On 24-Mar-2025, Goldberg published an article about the chat, expressing concerns about the use of Signal for sharing classified information, potential violation of federal records laws which require preservation of communications (which Signal does not support, generally), and about the disclosure of sensitive information to an individual (Goldberg) without proper clearance and need-to-know.

Let’s address each of these points.

Regarding whether Signal is allowed for sharing of classified information, Trump administration officials took several different tracks.

One response, from the chairman of the Senate Intelligence Committee, Senator Tom Cotton, was that "The Biden administration authorized Signal as a means of communication that was consistent with presidential record-keeping requirements for its administration — and that continued into the Trump administration.”

This carefully-worded response is, at best, misleading. In fact, while it allowed Signal for CERTAIN uses, the Biden administration specifically stated that:

Another response, from White House press secretary Karoline Leavitt, was that the story was a “hoax”, while also (along with Director of National Intelligence, Tulsi Gabbard) insisting that the information discussed was not classified. This led to Goldberg releasing the full text of the exchanges, except for the identity of a CIA operative, which was redacted at the request of a CIA spokesperson.

The idea that combat details like aircraft types, takeoff times, types of weapons and such, are not classified is laughable. It’s an obvious lie. And even without that, the identity of the CIA operative (which Goldberg responsibly redacted - even after the absurd claim that no classified information was discussed), would be enough to render the discussion “classified”.

And finally, aside from insisting that Signal was allowed, and that nothing classified was discussed anyway, Tulsi Gabbard also dodged questions about whether she participated in the chat.

So, to summarize, the chairman of the Senate Intelligence Committee said that the Biden administration authorized Signal, while the Director of National Intelligence indicated that details of military operations and the identity of a CIA operative did not constitute classified information, and then refused to confirm that she was part of the discussion in the first place.

Incredible.

There were a number of other questions, investigations, and excuses in the subsequent days, such as how National Security Advisor Mike Waltz added Goldberg in the first place, whether Signal was being used for other communications of this type (it was), whether people were using personal or government devices (neither acceptable, but personal would be worse), and the location of the participants at the time they were accessing the discussion.

This last one is important. A “perfectly” secure phone, and a “perfectly” secure communication channel – neither of which actually exists – would STILL be unacceptable in a location that was not “controlled”, as it would be trivial to simply look over a person’s shoulder to see what was on-screen. You’d think that the US government would have thought about that sort of thing before...

Oh! Wait! They did! This was exactly the sort of communication which would take place in a SCIF (Sensitive compartmented information facility). That’s what they’re for!

Which brings us to my favourite part of this whole drama.

It appears that Mike Waltz might not have been using Signal after all!

So, does this means the whole thing goes away?

No. It means it’s even worse.

Close examination of a Reuters photo, showing Michael Waltz apparently logging into something similar to Signal, led to 404 Media determining that the app in question was actually a clone of Signal called “TM SGNL”, created by a company called TeleMessage. Apparently, this company creates clones of popular messaging apps (such as Signal) that allow for the archiving of messages.

But this is good, right? It means that the question about records retention might be moot, right?

No. The application was hacked, and had numerous security issues.

Without going into detail, the hacker claims that, with minimal effort, they were able to compromise data for government contact information, some message contents (not those of Waltz and cabinet members, but that simply means that THIS hacker did not access those messages...), and back-end login credentials for US Customs and Border Protection, the cryptocurrency exchange Coinbase, and various financial services.

Apparently, TeleMessage has suspended services.

Bottom line, while this was not about Signal, this was a fiasco of epic proportions, demonstrates a near-complete lack of effective OPSEC (operational security) among senior government officials who are supposedly responsible for ensuring it, and demonstrates either absolute incompetence or a profound contempt for the services and people they are supposedly leading (or possibly both).

With all the noise out there nowadays, it’s important to try to focus on the Signal.

Cheers!