Rachel Nuwer
Almost immediately after news broke that US government officials had inadvertently shared war plans with a journalist last week, misinformation began to fly. Much of it had to do with the inner workings of Signal—the encrypted messaging app that officials were using to discuss military strikes in Yemen in a chat group to which US national security advisor Mike Waltz inadvertently added The Atlantic’s editor-in-chief, Jeffrey Goldberg.
At first, Waltz suggested that Goldberg could have added himself to the chat, which is not possible. He also speculated, falsely, that some other technical glitch in Signal could have caused Goldberg’s number to be “sucked into this group.”
The mainstream media also contributed to misunderstandings about the snafu now known as Signalgate. An NPR headline, for example, stated that members of the Pentagon had recently been warned in a memo about a “Signal vulnerability”—falsely implying that the app’s core technology had been compromised. In fact, the memo was about phishing attempts, a common cybercrime unrelated to Signalgate. The Signal account on the social media platform Bluesky addressed this concern in a post: “Phishing isn’t new, and it’s not a flaw in our encryption or any of Signal’s underlying technology. Phishing attacks are a constant threat for popular apps and websites.”
Much of the public discourse around the Signal fiasco stems from a fundamental misunderstanding of how encryption works. It has also contributed to further confusion and ill-informed speculation. To push back against the misinformation, we spoke with several encryption experts about how these technologies actually work.
No comments:
Post a Comment