Technical analysis of TM SGNL, the unofficial Signal app Trump officials used

42 comments

·May 2, 2025

voytec

> 404 Media journalist Joseph Cox published a story pointing out that Waltz was not using the official Signal app, but rather "an obscure and unofficial version of Signal that is designed to archive messages"

Wow. And that's while their entire point of using Signal is to have conversations scrapped after a week to leave no no traces of criminal activity.

khaki54

Do you think they are using the message archiving version so that they can meet organizational message retention requirements? Maybe they are using signal to ensure they have e2e encrypted messaging on their devices?

crooked-v

There are already government e2e apps. The only reason to use something else is to have selective auto-deletion and/or to use personal devices for official classified data.

tedunangst

I don't think it follows that they selected the archiving messenger because they wanted disappearing messages. The whole disappearing messages thing was just internet speculation.

an0malous

No it was reported by the journalist who was in the chat.

> Waltz set some of the messages in the Signal group to disappear after one week

https://www.theatlantic.com/politics/archive/2025/03/trump-a...

ceejayoz

Whether it was for that purpose or not, the messages did wind up disappearing. The CIA admitted it in a court filing.

https://www.nytimes.com/2025/04/15/us/politics/cia-director-...

mingus88

This TM SGNL app is compatible with legit Signal clients and servers.

It’s also possible that they are using this app to archive chats that other parties _believe_ to be disappeared.

In other words, set your chats to disappear in 5 minutes and convince your target to dish some sensitive info. They think it’s off the record, but it’s instantly archived

nine_k

The counterparty should be naive or stupid to think that whatever they send has no chance to be recorded forever. They should always assume otherwise.

The only interesting use case of disappearing messages is that messages one receives will disappear securely, even if they forget about receiving such messages, or have no access to the device at the time.

Mbwagava

You can turn off message disappearance with the app store app so this seems like a red herring.

jasonfarnon

Maybe they wanted to use Signal to thwart eavesdropping but they had to modify it in order to comply with govt record retention requirements?

duxup

Distantly reminds me of the Nixon tapes ... what could go wrong?

I wonder what the people he communicated with knew / thought?

ComputerGuru

White House communications director previously revealed (after “Signalgate”) that Signal was an approved and whitelisted app for gov’t officials to have on work phones and even discuss top-secret matters on. But I haven’t heard that TeleMessage was approved (and I’d have serious questions if it were given the foreign intelligence factor). Anyone know if there is a clear answer to whether it’s been approved?

watusername

According to the new 404 Media article [0] about the app's archive server actually being hacked, TeleMessage does have contracts with several governmental agencies. Still not a direct answer to the question, I know, but it tilts the answer overwhelmingly towards "yes."

[0]: https://www.404media.co/the-signal-clone-the-trump-admin-use...

ipv6ipv4

It was incontrovertibly approved as it is only installable via MDM.

A likely explanation is that the communications director (or the people informing her) wouldn’t know to distinguish between Signal the app, and a Signal compatible app that is nearly indistinguishable from Signal. A lot like Kleenex is a common term for tissue paper regardless of brand.

When the leak was first revealed, there was loud speculation about the legality of government chat messages being set to auto-delete. This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things. It makes perfect security sense to archive messages somewhere secure, off phone, for record keeping compliance while ensuring that relatively vulnerable phones don’t retain messages for very long. It’s also an easy explanation for why such an app was created in the first place. There is an obvious market for it.

ryanwatkins

> It was incontrovertibly approved as it is only installable via MDM.

Only if this his standard govt issued phone. It's also been shown they are also using their own personal phones. The could easily be using unapproved phones some random DOGE'er bought gave them with an MDM setup, without any real oversight.

ceejayoz

> This additional revelation, about the use of TeleMessage, shows that someone with a security background has actually thought about these things.

We only have evidence they used TeleMessage after the scandal. When the same guy let the press take a photo of his messages with Vance, Rubio, Gabbard and others.

ceejayoz

The White House communications director lies continually, so the value of that statement is nil.

dashundchen

I don't know why you're downvoted, she is a horrible liar.

ceejayoz

She’s the deputy. Steven Cheung is the director. Both people issue Baghdad Bob style statements.

donnachangstein

The correct answer is no one outside US Government IT knows for sure what is or isn't approved per their own rules. Every article (and comments therein) are just speculation and people trying to confirm their own biases, desperately looking for something to blame someone for, to produce more rage-bait and thus feed more ad clicks.

Every single article is written with the presumption that there are no actual IT people in the White House, that someone wheeled in a Starlink dish on a dessert cart in the yard which is somehow running the entire government. It's silly and ridiculous.

ceejayoz

> It's silly and ridiculous.

As is putting someone with a brain parasite and anti-vax beliefs as the head of HHS, but here we are.

“Silly and ridiculous” does not mean “implausible” with this administration. It’s the standard.

mdhb

The big part of this story which nobody is talking about is the fact that the app is literally controlled by a bunch of “former” Israeli intelligence officers. Who now have what is arguably the worlds most valuable access out of anyone.

harrisrobin

[flagged]

uxp100

> Israel’s grip on DC’s balls is far too strong

I more or less agree.

> We’re literally an occupied nation

The language of the US under occupation is a neonazi talking point, ZOG (Zionist Occupation Government) being a phrase neonazi morons like. Maybe a coincidence.

jcgl

What are the visually distinguishing features of this TM SGNL app compared to the official one? To my eyes, the app in the Waltz picture looks the same as the official one.

micahflee

It says "Verify your TM SGNL PIN" instead of "Verify your Signal PIN". That's the only difference.

LordShredda

The decision to use a signal knockoff was a planned and managed one, not just on a whim. Who's responsible for managing the phones?

harrisrobin

Israeli intelligence who happen to be dual citizens and appointed by American officials.

whatshisface

Don't speculate, the evidence is bad enough.

spenvo

There is new reporting that a hacker has breached the parent company, TeleMessage, including live data being passed across servers in production.

https://www.404media.co/the-signal-clone-the-trump-admin-use...

It was marked as a DUPE of this discussion, despite being a major new development https://news.ycombinator.com/item?id=43890034 Hopefully that decision can be reconsidered

pvg

You can just link the new development in an ongoing story that's already on the front page, just like you did. The alternative would be a second front page thread which splits the discussion and is worse all-round.

spenvo

That's a fair point, and it's your call - however, if the new (major) development is covered in this way then 1) users on the front page won't see mention of it at headline level and 2) the discussion of that development on HN will be affected by/limited to the time-decay of a post that is 12 hours older. I understand that there are tradeoffs at play, it really comes down to if the development at hand is big-enough to justify another post, and, again, that's your call.

pvg

It's not my call, I'm just explaining how HN typically works. If you want some story handled differently, you should send an email to hn@ycombinator.com. But 'two or more things about the same thing on the fp at the same time' is a big barrier to overcome, it almost never happens.

There is mod commentary on the 'people might miss things because of the title' as well, it's mostly 'it's ok for people to click through the story or thread to figure things out' and that's also a fairly longstanding 'how HN works most of the time' thing.

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

The operating assumption here is that people are smart enough to follow the developments in the story themselves - in the the thread and outside.

watusername

I concur. An analysis of potential risks and vulnerabilities is a different beast from actual proof that the app has indeed been hacked. I call for the other discussion to be restored.

Edit: Wanted to respond to the top-level comment but you get the point.

baobun

There seems to be a coordinated and consistent campaign to bury submissions from 404 Media on HN. Hopefully something can be done about that, too.

viraptor

In August last year I got this from dang when reporting a dead 404 link: "The site 404media.co is banned on HN because it has been the source of too many low-quality posts and because many (most?) of their articles are behind a signup wall."

Not that I've really seen the low quality and the signup requirement doesn't stop other domains. There's quite a few things that originated from 404, so I hope HN gets over whatever it was that annoyed them originally.

null

[deleted]

Mbwagava

How does this happen when signal itself is open source?

dang

I appended a 'd' to the end of the title to pre-empt objections that they're not still using it. If it's known for sure that they are, we can de-'d' that bit.

1oooqooq

honest question, but you decided to go against the "don't change titles" rule to choose one unprovable point until another just as unprovable point is proven? it could be argued both ways with the same argument.

dang

There's no "don't change titles" rule, though it's interesting how the actual rule gets truncated to that in people's minds! Here's the actual rule:

"Please use the original title, unless it is misleading or linkbait; don't editorialize." - https://news.ycombinator.com/newsguidelines.html

In this case I was thinking of both the 'misleading' and 'linkbait' bits of that 'unless'. (By the way, this is common HN moderation practice—bog standard, as I often say.)

> to choose one unprovable point until another just as unprovable point is proven

You might have a, er, provable point if that were the case! but I'm taking for granted that the officials in question did actually use this client, so "used" is known while "use" (which I took to mean "are still using") isn't yet known for sure. Did I miss something?

Edit: btw, in case anyone's wondering why we left the submitted title up instead of reverting it to what the article says, one reason is that the submitted title struck me as arguably less linkbaity (and therefore ok under the rule) and the other reason is that we cut authors a bit of slack when they post their own work.

1oooqooq

the "use" assume nothing happened after the report (app still in managed domain). "used" assume an extra action taking place, which is a stretch imo.

but i assumed wrong that you added the "d", not that you're only exempting the submitter title. thanks for the insight into your always nice moderation.

follow up question: you work seven days a week??