this post was submitted on 03 May 2026
207 points (94.4% liked)

Technology

84413 readers
3915 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
207
German members of parliament (MPs) advised to drop Signal in favor of Wire over security concerns (cyberinsider.com)
submitted 4 days ago by Deep@mander.xyz to c/technology@lemmy.world
39 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] LastYearsIrritant@sopuli.xyz 173 points 3 days ago (5 children)

This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.

They state that wire can be signed up with using an email instead of phone number, so it's less likely that someone will know the validation account used to sign up.

Feels to me like it's just a different attack vector. Maybe it's harder to do attacks on wire, but they didn't really say that in this article.

My gut says it's less attacked just cause it's less used, not that it's more secure. But I'm certainly willing to admit that I haven't looked into wire much.

[–] arcine@jlai.lu 1 points 1 day ago

I wish they did the Mullvad thing and let you sign up with nothing at all.

[–] SrMono@feddit.org 92 points 3 days ago

It‘s her approach to frame the technology instead of acknowledging that she is the victim of a social engineering attack.

[–] nymnympseudonym@piefed.social 35 points 3 days ago (2 children)

Thank you. I do wish the public conversation were more about actual tech vs social engineering and public-vibe opinion.

I like the fact that Wire uses a separate key for every device and every 2-person pair, even in a group chat.

But I hate how much metadata that Wire leaks. I do not want my ISP/VPN provider to be able to track where I am and with whom I am messaging. IP addresses, routing paths, packet sizes, timing...

Both protocols encrypt what you say. Wire betrays where you were when you said it and gives a lot more clues about who you said it to. Exactly what you want people to use, if you are a nation-state able to monitor corporate ISPs and VPNs.

[–] RecursiveParadox@piefed.social 1 points 1 day ago (1 children)

But I hate how much metadata that Wire leaks.

This is the first I have heard of this - can you point me to any sites?

[–] nymnympseudonym@piefed.social 2 points 23 hours ago* (last edited 22 hours ago) (1 children)
[–] RecursiveParadox@piefed.social 2 points 8 hours ago

Thanks for the very detailed reply! I'll check into it.

[–] brbposting@sh.itjust.works 2 points 3 days ago

Interesting, didn’t know anything about Wire. Are the ISP/VPN selling your data your main concern? Foreign nations enter your mind as far as threat model? Maybe easier to speak generally on what relatively normal (but nerdy) people might do best to care about

[–] tal@lemmy.today 9 points 3 days ago* (last edited 3 days ago) (4 children)

This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.

I mean, it's not that Signal has security issues per se, but it doesn't have the German government's security people with control over what goes into releases, either.

If you remember the wake of Signalgate, the US doesn't allow use by American officials of Signal to do their communications because they don't certify it for classified information transmission and do have their own app that officials are supposed to be using.

On March 15, Secretary of Defense Pete Hegseth used the chat to share sensitive and classified details of the impending airstrikes, including types of aircraft and missiles, as well as launch and attack times.[1][2] The name of an active undercover CIA officer was mentioned by CIA director John Ratcliffe in the chat,[3] while Vance and Hegseth expressed contempt for European allies.[4][5]

A forensic investigation by the White House information technology office determined that Waltz had inadvertently saved Goldberg's phone number under Hughes' contact information. Waltz then added Goldberg to the chat while trying to add Hughes.[15] Subsequently, investigative journalists reported Waltz's team regularly created group chats to coordinate official work[16] and that Hegseth shared details about missile strikes in Yemen to a second group chat which included his wife, his brother, and his lawyer.[17]

On March 18, 2025, the Pentagon sent a department-wide memo warning, "Please note: third party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information"—a category whose release would be far less potentially damaging than that about ongoing military operations.[27] A former NSA hacker said that linking Signal to a desktop app is one of its biggest risks, as Ratcliffe suggested he had done.[28]

According to the article, German government information security people do that for Wire:

Klöckner highlighted that Wire is already provided by the Bundestag administration and is certified by Germany’s Federal Office for Information Security (BSI).

[–] nymnympseudonym@piefed.social 9 points 3 days ago (2 children)

Important point about Signalgate: Hegseth & team weren't even using Signal; they were using some weird-ass fork

[–] Sturgist@piefed.ca 15 points 3 days ago (1 children)

Some weird ass fork by a company founded and staffed by Israeli ex-intel officers that allows automatic backup of chats even if they are set to delete after x days

[–] michaelalf@lemmy.world 5 points 3 days ago* (last edited 3 days ago) (1 children)

data harvesting and leaks

looks inside

Israel

Every. Fucking. Time.

[–] Sturgist@piefed.ca 1 points 1 day ago

Shocking, I know....

[–] Jason2357@lemmy.ca 2 points 3 days ago (1 children)

And not only that, the leak happened because they added a journalist to their group chat by accident. Hilarity.

[–] nymnympseudonym@piefed.social 2 points 3 days ago

"We are clean on OpSec"

-Secretary of War Pete Hegseth

[–] 0_o7@lemmy.dbzer0.com 3 points 3 days ago

Yea, countries are looking for alternatives to US based services. No matter how secure it may seem, they can't control every aspect of the supply chain.

Signal is bound to Google and Apple's platforms to operate reliably, centralized, and these platforms are beyond evil and are well-known to bend the knee for authoritarians ^1,2^

  1. https://techcrunch.com/2023/12/06/us-senator-warns-governments-spying-apple-google-smartphone-users-via-push-notifications/
  2. https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/
[–] Passerby6497@lemmy.world 3 points 3 days ago

Weren't they also using an insecure clone that sent their messages in plaint text to be archived?

[–] artyom@piefed.social 2 points 3 days ago

Yeah that incident was also due to a phone number issue. Someone somehow had the name associated with the phone number saved incorrectly. Something to do with iOS and how it saves numbers automatically.

[–] 14th_cylon@lemmy.zip 5 points 3 days ago

Feels to me like it’s just a different attack vector.

feels like typical security through obscurity