Comment Re:Signal is secure? (Score 1) 44
Because of a combination of two reasons:
1) The protocol used by signal and their implementation are both open and well studied.
2) The Signal protocol (like many modern secure p2p-communication protocols such as Allo, Whatsapp, Wickr, etc.) uses end-to-end encryption and authentication. So the central server (along with the rest of the network infrastructure between end points) can do little more then deny service to uses.
Caveat: AFAIK beyond service denial, at worst the servers could do some traffic analysis (only the *encrypted* and padded data) and maybe swap the order in which messages are delivered to users in a given chatroom. (So could your ISP.) Of course traffic analysis can lead to non-trivial privacy breaches too but exposure to this threat is (currently) the price we all pay if we want messaging to work over an extremely asynchronous network with high churn & latency and low bandwidth & availability. In particular clients can message each other even when they (and in fact almost all other clients) are rarely and unevenly online with no guaranteed overlap time.