Signal Review: encrypted messaging, and the sustainability of its non-profit model, audit from launch to last update, question, What changed from the date of its launch till its last update (policy, pricing, incidents)?

Signal is a cross-platform encrypted messaging service that provides secure text, voice, and video communication. This Signal Review article highlights that unlike its competitors, it operates under a non-profit model governed by the Signal Technology Foundation, a 501(c)(3) charity. The app uses the open-source Signal Protocol to ensure end-to-end encryption (E2EE) for every interaction, meaning not even the service provider can access message content or metadata. It is widely considered the “gold standard” for digital privacy by security researchers and is the underlying protocol licensed by WhatsApp and Google for their own encrypted chats.

The app serves two distinct user bases: high-risk (journalists, dissidents, officials) requiring absolute secrecy, and general consumers seeking an alternative to data-harvesting platforms like Meta. As of early 2026, Signal has evolved from a bare-bones security tool into a feature-rich platform offering Stories, usernames, and high-quality video calls, attempting to compete directly with Telegram and WhatsApp while maintaining a strict “no-data-collection” policy.

Signal remains the undisputed heavyweight champion of encrypted messaging for one simple reason: it collects zero metadata. While competitors like Telegram and WhatsApp claim security, they hoard your contact lists and usage logs. Signal knows nothing about you, which means it has nothing to hand over to the FBI, even when subpoenaed. By 2026, the introduction of usernames has plugged its biggest historical leak, the requirement to share your phone number with strangers.

yet, this security comes with a sustainability cost. The Signal Technology Foundation is currently burning through cash, with 2025 operating costs estimated at $50 million against roughly $29 million in revenue. The app is free, the aggressive “Sustainer” donation prompts are a permanent fixture. If you require absolute privacy, Signal is the only choice. If you want a fun social network, it is functional austere. Avoid the integrated “MobileCoin” cryptocurrency wallet; it is a volatile, unnecessary appendage to an otherwise pristine security tool.

What Changed: Launch vs. 2026

Signal has morphed from a clunky SMS wrapper into a standalone social. Here is the audit of serious changes:

• 2014 (Launch): Launched as a merger of TextSecure and RedPhone. It was a barebones tool that replaced your default Android SMS app, encrypting texts to other Signal users while sending insecure SMS to non-users.
• 2023 (The SMS Purge): Signal removed SMS support from Android. This controversial move forced users to invite friends to the app rather than using it as an all-in-one messenger. It alienated casual users hardened security by ensuring 100% of traffic inside the app is encrypted.
• 2024-2026 (The Username Era): The most significant privacy upgrade in the app’s history. create a unique username and hide your phone number from your profile. This allows you to communicate with journalists, dates, or business contacts without revealing your real-world identity.
• 2025 (Post-Quantum Upgrade): Signal deployed the SPQR (Sparse Post-Quantum Ratchet) encryption standard. This “future-proofing” update protects your current messages from being decrypted by quantum computers decades from, a threat known as “Harvest, Decrypt Later.”

SECTION 3 of 19: Key Facts Box

The following audit aggregates verified data from Signal Technology Foundation’s Form 990 filings, GitHub repository commits, and independent security assessments conducted between 2020 and 2026.

The Sustainability Question: 2026 Financial Audit

Signal operates as a technological anomaly: a serious global infrastructure serving 100 million users without a traditional revenue engine. The sustainability of this model remains the single most significant risk factor for long-term users. As of the 2024-2025 fiscal pattern, the Signal Technology Foundation reported annual operating costs method $50 million. These costs are driven primarily by server infrastructure ($14 million), bandwidth, and verification SMS fees, which remain expensive even with the shift toward username-based identification.

The foundation’s revenue, derived from donations and grants, historically hovers between $30 million and $35 million annually, creating a structural deficit. For years, this gap was bridged by the initial $105 million zero-interest loan provided by co-founder Brian Acton in 2018. yet, 2025 marked a strategic pivot. To reduce reliance on dwindling cash reserves, Signal introduced its direct revenue feature: a $1. 99/month secure cloud backup subscription. Unlike competitors who monetize metadata, this feature encrypts data on the client side using a 64-digit recovery key that Signal’s servers never see. This move attempts to solve the “burn rate” problem without compromising the “no-knowledge” privacy architecture.

Encryption Evolution: The Post-Quantum Shift

From its launch, Signal defined the “gold standard” of encryption with its Double Ratchet algorithm. Between 2023 and 2026, the protocol underwent its most aggressive overhaul to date to counter “Harvest, Decrypt Later” attacks, where adversaries store encrypted traffic today to decrypt it once quantum computers become viable.

In late 2023, Signal deployed the PQXDH (Post-Quantum Extended Diffie-Hellman) key agreement protocol. This hybrid system combines the proven elliptic curve cryptography (X25519) with CRYSTALS-Kyber, a quantum-resistant key encapsulation method selected by NIST. By October 2025, this was further fortified with the release of the “Triple Ratchet” protocol update, adding of post-quantum security to the message exchange process itself, not just the initial handshake. This ensures that even if a device key is compromised in a post-quantum future, past conversation history remains mathematically inaccessible.

Jurisdiction and the “Empty Box” Defense

Signal is headquartered in the United States, placing it firmly under the jurisdiction of US courts and chance FISA orders. Critics frequently cite this as a vulnerability compared to Swiss-based alternatives like Threema or Proton. yet, Signal’s legal defense relies on technical architecture rather than legal shielding.

The foundation’s response to subpoenas, verified in court filings from 2016 through 2025, consistently yields the same two data points: the date an account was created and the date it last connected to the server. Because the service does not log message metadata, contact lists, or user profiles, it possesses no data to hand over. This “empty box” strategy renders the jurisdiction argument largely moot; a court cannot force a company to produce data it simply does not possess.

Operational Changes and Incidents (2020, 2026)

The platform has matured from a niche tool for cryptographers into a consumer-grade application, though not without friction. The most notable policy shift occurred in 2024 with the full rollout of usernames, allowing users to hide their phone numbers from contacts, a serious safety feature for journalists and victims of stalking.

In early 2025, the platform faced scrutiny during “Signal-gate,” where US government officials accidentally added reporters to sensitive chat groups. While media outlets framed this as a security lapse, technical audits confirmed the app functioned exactly as designed; the incident was a failure of user operational security (OpSec), not the encryption protocol. This event underscored a permanent limitation of secure messaging: encryption protects the pipe, it cannot fix human error at the endpoints.

The Gold Standard: Quantum-Resistant & Metadata-Free

Signal remains the only major messenger that mathematically guarantees the service provider knows nothing about your conversations. While WhatsApp and Telegram encrypt message content, they frequently log who you talk to, when, and for how long. Signal’s architecture is distinct because it utilizes “Sealed Sender” technology (verified active 2026), which encrypts the sender’s identity in transit. The Signal server delivers the message without knowing who sent it, rendering metadata subpoenas largely useless.

serious Evolution: From “TextSecure” to Quantum Defense (2020, 2026)

Since its early days as a bare-bones texting tool, Signal has undergone a massive architectural overhaul to address future threats. In September 2023, the foundation deployed the PQXDH (Post-Quantum Extended Diffie-Hellman) protocol. This hybrid encryption standard combines the traditional Elliptic Curve (X25519) with the quantum-resistant CRYSTALS-Kyber method.

This update protects your current messages from “Harvest, Decrypt Later” attacks, where adversaries store encrypted data today to crack it with future quantum computers. As of March 2026, this protocol is mandatory for all new chats, placing Signal years ahead of standard industry encryption.

Solved: The “Lost Phone” & Identity Problem

For years, Signal’s strict “no cloud” policy meant losing your phone meant losing your memories. That changed with two major updates verified between 2024 and 2026:

• Phone Number Privacy (Feb 2024): Signal decoupled accounts from visible phone numbers. Users can generate unique usernames (e. g., User. 55) to connect with others without revealing their mobile number. The default setting hides your number from everyone not in your contacts.
• Secure Cloud Backups (Sept 2025, Feb 2026): Signal launched an optional, zero-knowledge cloud backup service. Protected by a 64-digit recovery key known only to the user, this feature allows data recovery if a device is lost. It introduced a sustainable revenue stream: free backups for text/recent media, and a $1. 99/month subscription for up to 100GB of long-term media storage.

Financial Sustainability Audit (2023, 2026)

A serious question for any non-profit is longevity. Signal operates without VC funding or ad revenue. Verified Form 990 filings and 2026 financial disclosures show a shift toward user-supported sustainability to cover its ~$38 million annual operating costs.

Security Verification & Code Audits

Unlike closed-source competitors, Signal’s code is open for public review. The PQXDH protocol underwent formal verification in October 2023, confirming it satisfies its security properties. also, a 2025 analysis by security researchers (referencing the Oxford/QUT standards) confirmed that even with the addition of features like Stories and Usernames, the core “double ratchet” encryption remains unbroken. The introduction of paid backups was also audited to ensure payment processors (like Stripe or Google) cannot correlate payments with Signal user identities.

The “Phone Number” Tether (Anonymity Risk)

Even in 2026, Signal’s primary registration method remains a valid telephone number. While the introduction of usernames in 2024 allows you to hide this number from other users, your account is still inextricably linked to a SIM card or VoIP number at the infrastructure level. For high-risk , journalists, dissidents, or intelligence officials, this creates a permanent “digital tether” to a physical identity that state-level actors can trace via carrier metadata or SS7 vulnerabilities. Unlike Session or Threema, which generate random IDs, Signal’s architecture requires you to surrender a piece of personally identifiable information (PII) just to open the door.

The “Pig Butchering” Blind Spot

Signal’s greatest strength, absolute privacy, is also its most dangerous vector for fraud. Because the Signal Foundation cannot see your messages, they cannot scan for or block spam, phishing links, or malware. This “blind spot” has made the platform a preferred closing ground for “pig butchering” crypto scams (shā zhū pán). In these schemes, attackers build trust on dating apps or social media before moving victims to Signal, where the conversation is encrypted and unmoderated. In 2025, losses from investment fraud originating on social platforms and finalizing on encrypted apps like Signal exceeded $17 billion globally. If you receive a “wrong number” text on Signal, it is almost certainly a lure; the app provides zero algorithmic protection against it.

Data Loss and the iOS Backup Gap (2020, 2025)

For the majority of the audited period (2020 to late 2025), Signal on iOS absence a cloud backup feature, making device loss catastrophic. If an iPhone was lost, stolen, or broken, the message history was irretrievable. While Signal rolled out “Secure Backups” for iOS in November 2025, this feature is opt-in and requires the management of a 64-character recovery key. Users who fail to enable this setting or lose their key still face total data annihilation. Android users have long had local backups, the between platforms caused significant data loss incidents for years.

The MobileCoin “Bloat” Controversy

Signal’s integration of MobileCoin (MOB) for in-app payments remains a contentious “red flag” for security purists. Launched globally in 2021 and maintained through 2026, this feature a cryptocurrency wallet into a messaging tool. Critics this introduces unnecessary code complexity, attracts regulatory scrutiny from bodies like the SEC and EU financial regulators, and chance alienates users in regions where crypto is banned. For a user simply wanting secure chat, the presence of a payment protocol adds a theoretical attack surface and “feature bloat” that deviates from the core mission of lean, secure communication.

Sustainability and the $50 Million Burn

Signal operates as a non-profit 501(c)(3) with no ad revenue, no data monetization, and no subscription paywalls for core features. As of 2025, the organization’s operational costs were estimated at over $50 million annually, driven by server costs and bandwidth for high-quality video calls. The platform relies entirely on grants and user donations. While this model protects user privacy from corporate greed, it introduces a long-term stability risk. Unlike WhatsApp (Meta) or iMessage (Apple), Signal has no parent company to absorb losses, meaning a drop in donor funding could theoretically force service degradation or a shutdown.

Censorship in Authoritarian Regimes

Signal is actively blocked in major geopolitical hotspots, including China, Iran, and Russia. In 2026, Russian authorities tightened the “sovereign internet” noose, pushing state-approved alternatives like the “Max” app and throttling Signal traffic. While Signal provides a “TLS Proxy” feature to bypass simple blocks, it requires technical setup that average users fail to configure. In Iran’s 2026 internet blackouts, users without pre-configured proxies were cut off, proving that Signal is not a “magic bullet” against state-level firewall infrastructure.

Signal is a 501(c)(3) non-profit that does not sell user data, ads, or affiliate placements. yet, as of late 2025, the app has shifted from a purely donation-based model to a “freemium” utility model for data retention. While the core messaging experience remains free, users who wish to keep long-term media archives must pay a monthly fee.

1. The “Cloud Backup” Subscription (New in 2025)

In a significant operational shift, Signal launched a paid cloud backup service in late 2025. This feature addresses the app’s historical difficulty with transferring chat history between devices introduces a paywall for data longevity.

The Trap: The 45-day deletion rule for free users is a hard limit. If you rely on Signal to store family photos or documents and do not pay the $1. 99/month subscription, your media from the cloud backup after 45 days. While local storage on your device is not affected, restoring a new phone from a free cloud backup result in missing media files older than six weeks.

2. The “Sustainer” Program (Voluntary)

Signal aggressively promotes its “Sustainer” program, which is a recurring monthly donation system. Unlike the cloud storage fee, this is strictly voluntary and unlocks no functional features other than a profile badge.

• Tiers: $5 (Star), $10 (Planet), $20 (Sun).
• Mechanic: Payments are processed via Apple or Google Pay. Signal uses an anonymous credential scheme to verify the subscription without linking the payment to your Signal account identity.
• Verdict: Safe. There is no “trap” here; users can cancel at any time without losing app functionality.

3. Cryptocurrency Risks (MobileCoin / Sentz)

Signal integrates a cryptocurrency wallet for a token originally called MobileCoin (MOB), rebranded in-app as Sentz. This feature has been a point of contention since its 2021 introduction.

• Volatility Risk: The token has historically suffered from extreme price volatility and low liquidity. Users holding value in this wallet risk significant financial loss.
• Regulatory Risk: The integration of privacy-focused coins has drawn scrutiny from regulators, chance threatening the app’s availability in certain jurisdictions.
• Status (2026): The feature remains active is largely dormant user adoption. It is buried in the settings, and we advise users to ignore it entirely due to the financial risks involved.

4. Hidden Costs: SMS Removal

In 2023, Signal removed support for SMS/MMS on Android. This forced users to stop using Signal as a unified inbox.

• Data Cost: not use Signal without an active data plan or Wi-Fi. Users in regions with high data costs can no longer fallback to SMS within the same interface.
• Fragmentation: Users must maintain a separate default SMS app, increasing the “app fatigue” and management load.

5. Financial Sustainability Audit

The “trap” of any non-profit software is the risk of insolvency. Signal relies heavily on donations to cover its high operational costs, which were estimated at over $50 million annually by late 2025. The organization operates at a deficit, burning through the initial $50 million loan provided by co-founder Brian Acton.

2024 Financial Snapshot (Form 990 Data):

• Total Revenue: ~$29. 4 Million
• Total Expenses: ~$38. 0 Million
• Net Deficit: ~$8. 6 Million

Risk Assessment: Signal is currently spending more than it earns. While it holds significant assets (~$31M), this burn rate the push for the $1. 99/month backup subscription. Users should be aware that the app’s long-term survival depends on successfully converting free users to paid subscribers or securing new large- grants.

Signal is the only major messaging platform where the privacy policy is enforced by code, not just legal pledge. While competitors like WhatsApp and Telegram claim security, their business models or architectures frequently require metadata retention. Signal’s non-profit status and “Sealed Sender” technology create a vacuum where data simply does not exist to be subpoenaed.

The “Big Brother” Subpoena Log

Since 2016, Signal has publicly documented every government request for user data. As of early 2026, the results remain identical: the foundation technically cannot comply because the data is not there.

What Signal Actually Knows: The only data Signal holds is your phone number, the date you created your account, and the date you last connected to the server. They do not know who you talk to, when you talk to them, or what groups you belong to.

Major Policy & Architecture Changes (2020, 2026)

1. The Username Shift (2024) In February 2024, Signal addressed its biggest privacy flaw: the visibility of phone numbers.

• Before 2024: Anyone you messaged could see your personal phone number.
• : create a unique, ephemeral username to initiate chats. Your phone number is hidden by default from anyone who does not already have it saved in their contacts.
• The Catch: You still require a valid mobile number to register. Signal has not moved to a purely email or key-based signup system, citing spam prevention.

2. Secure Value Recovery (SVR) & The PIN Problem To allow users to recover contacts and settings when switching phones, Signal introduced Secure Value Recovery (SVR). This encrypts your data and stores it on Signal’s servers inside an Intel SGX “secure enclave.”

• The Risk: If you choose a weak PIN (e. g., 1234), and a sophisticated attacker (or state actor) finds a vulnerability in Intel’s SGX hardware, which has happened historically, they could theoretically brute-force your PIN and access your backed-up contacts.
• Mitigation: Signal enforces rate limiting and has upgraded to SVR2/SVR3 to reduce this risk. yet, users with high threat models should disable “Registration Lock” PINs or use a strong alphanumeric passphrase.

3. Post-Quantum Encryption (PQXDH) In late 2023, Signal upgraded its encryption protocol to PQXDH (Post-Quantum Extended Diffie-Hellman). This is a “harvest, decrypt later” defense. It prevents attackers from recording your encrypted traffic today and decrypting it ten years from when quantum computers become enough to break current standards.

Data Comparison: What Apps Give the FBI

Based on unsealed FBI training documents and public disclosures, here is the reality of what “private” messengers surrender under court order.

The MobileCoin Anomaly

In 2021, Signal integrated MobileCoin, a privacy-focused cryptocurrency, for peer-to-peer payments. This feature faced backlash for “bloating” a security tool with financial tech. * Privacy Audit: The integration is technically sound; Signal servers do not have access to your wallet balance or transaction history. * Status in 2026: The feature remains is largely ignored by the general user base. It does not compromise message security, it does introduce a larger attack surface for the app binary itself.

Sustainability of the Non-Profit Model

Signal is funded by the Signal Technology Foundation, started with a $50 million loan from Brian Acton (WhatsApp co-founder). * Revenue: Relies entirely on donations (“Signal Sustainers”). * Burn Rate: High. Hosting servers for millions of users (especially for video calls and large attachments) is expensive. * 2026 Outlook: The foundation has aggressively pushed for small monthly donations from users to offset server costs. Unlike Telegram, which turned to ads and premium subscriptions, Signal has maintained its refusal to monetize user data, proving—so far—that the donor model can sustain serious infrastructure.

Signal maintains a reputation as the “gold standard” for consumer encryption, largely because its core protocol remains unbroken. yet, the years between 2020 and 2026 revealed that while the math is secure, the humans and supply chains surrounding it are. The most significant shift in this period was the transition from theoretical threats to active, state-sponsored exploitation of Signal’s “Linked Devices” feature, culminating in the “Signalgate” incidents of 2025.

The “Signalgate” & Linked Device Attacks (2024, 2025)

The most damaging operational security failure in Signal’s history was not a code breach, a social engineering campaign. Starting late 2024 and peaking in early 2025, Russian state-aligned threat actors (tracked as Coldriver/Callisto) launched targeted attacks against high-value users, including Ukrainian military personnel and U. S. officials.

Attackers did not break encryption. Instead, they used “malicious QR codes” disguised as legitimate Signal group invites or security alerts. When a user scanned the code, they inadvertently authorized the attacker’s device as a “Linked Device.” This granted the attacker real-time access to all future messages sent and received, turning the user’s account into a listening post.

The was severe. In February 2025, the NSA issued a bulletin warning employees about these “Linked Device” vulnerabilities. The incident underscored a serious usability flaw: Signal’s ease of use (scanning a QR code to sync) became a weapon against its own users. It also highlighted the risks of “shadow IT,” as U. S. officials were found using Signal for sensitive government business, leading to accidental leaks of classified data in mixed chat groups.

Post-Quantum Upgrades (2023, 2025)

While battling phishing, Signal aggressively upgraded its cryptographic foundation. In September 2023, the foundation launched the PQXDH (Post-Quantum Extended Diffie-Hellman) protocol. This hybrid key-agreement protocol combines standard Elliptic Curve cryptography (X25519) with the post-quantum CRYSTALS-Kyber algorithm.

This was a preemptive strike against “Harvest, Decrypt Later” attacks, where adversaries store encrypted data today to crack with future quantum computers. In October 2025, Signal followed up with the “Triple Ratchet” (SPQR) update, further hardening the protocol against quantum adversaries even if a device’s keys are compromised.

The Twilio Supply Chain Breach (2022)

In August 2022, Signal suffered a collateral hit when Twilio, its SMS verification provider, was phished. Attackers accessed the phone numbers and SMS verification codes of approximately 1, 900 Signal users. While message history remained secure (as it is stored locally on devices, not servers), attackers successfully re-registered three accounts, allowing them to impersonate those users.

The Lesson: This incident proved that your Signal account is only as secure as your phone number carrier, unless you enable Registration Lock (Signal PIN). Without this setting, a SIM swap or SMS intercept allows an attacker to take over your identity.

The Cellebrite Feud (2020, 2021)

In late 2020, digital forensics firm Cellebrite claimed it could “decrypt” Signal. This was marketing fluff; their tool required physical access to an unlocked phone to scrape the database key. In April 2021, Signal’s then-CEO Moxie Marlinspike retaliated by publishing vulnerabilities in Cellebrite’s own software, demonstrating that a simple file placed on a phone could execute code on a police computer scanning it, chance corrupting evidence files. This neutralized Cellebrite’s credibility regarding remote Signal interception.

Sustainability of the Non-Profit Model

Signal’s refusal to collect data creates a unique security tension. Because they hold no metadata, they cannot easily detect spam waves or abuse patterns (like the 2024 spam surge) without privacy-preserving innovations. The foundation operates with a lean team, roughly 50 employees compared to thousands at Telegram or WhatsApp. This resource constraint means features like “Usernames” (launched beta in 2024 to hide phone numbers) took years to implement, leaving users to phone number scraping for longer than necessary. yet, the trade-off is clear: Signal has never been compelled to hand over user data to law enforcement because it simply does not have it.

Signal prioritizes security over raw speed and server-side conveniences. Unlike Telegram or WhatsApp, which store message history on their servers for instant syncing, Signal decrypts every message locally on your device. This architecture creates a noticeable performance trade-off: the app is slower to load message history on new devices and consumes more battery during heavy use, yet it remains the only mainstream messenger that mathematically guarantees the service provider cannot read your data.

Quick Verdict

Signal is reliable enough for daily use absence the “snappiness” and media handling power of its competitors. Video calls are functional frequently pixelated compared to FaceTime. File sharing is restricted to save bandwidth costs. It is the correct choice for safety, not for sending 4K videos or hosting 500-person webinars.

What It Does Well (Verified)

Censorship Resistance
Signal’s “Proxy Please” feature and TLS proxy support have proven resilient in hostile network environments like Iran, Russia, and China. In 2024 and 2025, the app successfully routed traffic through volunteer proxies when central servers were blocked. This decentralized method ensures communication lines remain open even when the main domain is blackholed by state firewalls.

Encryption Efficiency
The introduction of the PQXDH (Post-Quantum Extended Diffie-Hellman) protocol in late 2023 added a of protection against future quantum computer attacks. Tests show this advanced cryptography adds negligible latency to message delivery. Text messages arrive almost instantly, and the “Sealed Sender” technology successfully hides metadata without causing noticeable delays for the end user.

What Can Hurt Users (Red Flags)

Video Call Quality
Signal uses the older VP8 video codec to ensure compatibility and avoid patent problem, this results in lower visual fidelity compared to FaceTime or WhatsApp. Users on high-end devices like the iPhone 16 Pro Max frequently report pixelation and frame drops, especially during multi-party calls. The app struggles to maintain high-definition streams on unstable networks where competitors adjust.

Desktop App Resource Hog
The Signal Desktop client is built on the Electron framework, which essentially runs a dedicated web browser instance for the app. This leads to poor resource management. On average, the desktop app consumes over 700MB of RAM even when idle. Users with older laptops or limited memory find it slows down their entire system.

Aggressive Media Compression
To manage bandwidth costs, Signal aggressively compresses images and videos. A 300MB video file sent to a contact may be compressed down to 70MB, resulting in a significant loss of detail. Photographers and video editors cannot use Signal for transferring work files, a use case where Telegram excels.

Sustainability and The Non-Profit Model

Signal’s performance is directly tied to its non-profit funding model. As of 2025, the Signal Technology Foundation reported operational costs method $50 million annually. Approximately $14 million of this budget goes to infrastructure, including AWS server fees and bandwidth.

The “Free” Limit
Because Signal does not monetize user data, it cannot afford to offer unlimited cloud storage or massive file transfers. The 100MB soft limit on media files is a financial guardrail, not a technical one. While Telegram (funded by investors and premium subscriptions) allows 2GB file transfers, Signal must cap bandwidth usage to keep the lights on. This reliance on donations creates a long-term reliability risk: if funding dries up, server capacity is the thing to suffer.

Reliability History (2020, 2026)

Signal relies on Amazon Web Services (AWS) for its server infrastructure, creating a centralized point of failure.

• October 2025: A major AWS outage took Signal offline for approximately two hours. Users could not send or receive messages globally. This incident highlighted that while the protocol is decentralized, the delivery method is not.
• January 2021: The app crashed for 24 hours following a mass exodus of users from WhatsApp. The servers could not handle the spike in new registrations (millions in days). While capacity has since expanded, sudden viral spikes remain a stress test the non-profit struggles to fund in advance.
• February 2026: Minor regional outages were reported where messages failed to send, likely due to local ISP throttling or minor server instability.

User Control and Settings

Users can mitigate performance problem through settings. The “Low Data Mode” for calls reduces bandwidth usage, which can actually improve call stability on poor connections. Android users must manually exclude Signal from “Battery Optimization” settings; failing to do so frequently causes delayed notifications, as the OS kills the background process required to decrypt incoming messages.

Signal’s settings menu is a masterclass in “privacy by default” versus “privacy by choice.” Unlike competitors that bury security toggles under marketing fluff, Signal places granular control over metadata, storage, and identity directly in the user’s hands. yet, the between Android and iOS features remains a serious friction point, particularly regarding data ownership and backups.

Phone Number Privacy and Usernames

Following a major architecture overhaul in early 2024, Signal decoupled user identity from phone numbers. Users can create a unique username (e. g., user_01) to initiate chats without sharing their mobile number. This feature is not automatic; it requires manual configuration in Settings> Privacy> Phone Number.

Disappearing Messages and Storage

Signal offers the most aggressive ephemeral messaging controls on the market. Since the August 2021 update, users can enforce a global Default Timer for New Chats (Settings> Privacy). Unlike WhatsApp’s limited 24-hour/7-day/90-day options, Signal allows custom timers ranging from 4 weeks down to a single second. For storage management, the “Keep Messages” setting allows users to automatically trim conversation history exceeding a specific length (e. g., 500 messages) or time limit, preventing the app from consuming gigabytes of device storage.

The Backup Divide: iOS vs. Android

Data sovereignty varies significantly by platform. This is the single biggest inconsistency in the Signal ecosystem.

• Android: Users have full control. generate a 30-digit passphrase to encrypt a local backup file, which can be moved to any storage device or cloud service of your choice. This is free and sovereign.
• iOS: Historically, iPhone users had no backup option other than direct device-to-device transfer. In late 2025, Signal introduced Secure Cloud Backups for iOS. While this solved a serious data loss vulnerability, it introduced a tiered model: a free tier limited to 100MB of text/media, and a paid subscription ($1. 99/mo) for larger media backups. This shift marks Signal’s functional feature locked behind a paywall, justified by server storage costs.

Security and “Sealed Sender”

The Sealed Sender option (Settings> Privacy) is a unique feature that minimizes metadata. It allows the sender to transmit messages without revealing their identity to the Signal server. By default, this is enabled for contacts. Users can opt to “Allow from Anyone,” which maximizes privacy increases the risk of receiving spam or abuse from unknown parties. also, the Registration Lock is a mandatory setup for security-conscious users; it requires a PIN to re-register your phone number, preventing SIM-swap attackers from hijacking your account.

Censorship Circumvention

For users in restrictive regimes (e. g., Iran, Russia), Signal provides a built-in Censorship Circumvention tool (Settings> Privacy> Advanced). This allows traffic to be routed through a TLS proxy. Users can either input a proxy address manually or use “Signal Proxy” links shared by the community. This feature is serious for maintaining connectivity during state-sponsored internet blackouts.

Removal of SMS Support (Android)

In a controversial 2023 update, Signal removed the ability to handle standard SMS/MMS messages on Android. While this reduced utility for users wanting an “all-in-one” inbox, the Foundation security risks, plaintext SMS messages were frequently mistaken for encrypted Signal messages. Users must use a separate app for insecure SMS, a forced behavior change that prioritizes protocol integrity over convenience.

Signal operates with a “minimalist” support infrastructure that reflects its non-profit status and privacy- architecture. Unlike commercial competitors that maintain large moderation teams, Signal’s inability to access user content means its dispute resolution capabilities are strictly limited to technical functionality and metadata, rather than conduct or harassment adjudication.

Support Channels and Availability

Signal offers no telephone support, live chat, or dedicated account managers. Assistance is channeled exclusively through three digital avenues:

The Signal Support Center is technically exhaustive dense. Articles frequently assume a higher level of digital literacy than the average consumer possesses. For example, resolving “Safety Number” mismatches requires users to understand public-key cryptography concepts, which the documentation explains accurately not simply.

Response Times and Quality

Direct support performance is inconsistent. Users submitting tickets via the app’s “Contact Us” form receive an automated acknowledgement immediately, human resolution can take between 48 hours to 5 days. During periods of high user influx, such as the January 2021 WhatsApp exodus or the 2024 username rollout, response times have historically stretched to weeks.

The quality of support is generally high for technical problem. Responses frequently come from individuals with direct access to engineering resources rather than outsourced Tier 1 scripts. yet, for non-technical inquiries, such as feature complaints or policy questions, users frequently report receiving standardized “canned” replies that offer no recourse.

Dispute Resolution and Safety Reporting

Signal’s method to disputes is fundamentally different from centralized platforms like Facebook or Discord. Because Signal cannot see your messages, it cannot adjudicate harassment, bullying, or content disputes.

• Spam and Harassment: Users can report spam by selecting “Report Spam and Block” on a message request. This sends the sender’s phone number and a cryptographic “message ID” to Signal. The platform uses automated systems to identify and ban bulk spammers, no human moderator reviews the chat content.
• Group Abuse: In 2025, Signal introduced updated group admin tools, allowing admins to ban members without needing Signal’s intervention. yet, if a group itself is abusive, Signal cannot “take it down” unless the metadata (group title/avatar) violates terms, as the member list and chat history are encrypted.
• Username Squatting: With the introduction of usernames, Signal adopted a non-permanent discriminator system (e. g., User#1234). This design choice eliminates username squatting disputes, as multiple users can hold the same display name with different numerical tags. Consequently, Signal does not entertain trademark or impersonation claims over usernames.

The “Ghost Donation” Billing Trap

A serious billing flaw exists for users who contribute to the Signal Technology Foundation. Signal allows users to set up recurring monthly donations to support development. yet, these subscriptions are tied to the App Store (iOS) or Google Play (Android) ID, not just the Signal account.

The Trap: If a user deletes their Signal account or uninstalls the app without manually cancelling the recurring donation in their phone’s subscription settings, the charges continue. Support tickets regarding accidental “ghost donations” are common. While Signal’s policy states they can refund donations made in error within a specific window ( 60 days), the process is manual and requires the user to provide transaction IDs that they may no longer have easy access to. Users must proactively manage these subscriptions through their OS settings, not the app.

Documentation and Transparency Audit

Signal’s transparency regarding government requests is exemplary. They publish a running record of all legal demands, consistently showing that they have no data to surrender beyond timestamps of account creation and last connection. This transparency extends to their source code stops short of their support metrics; the foundation does not publish data on ticket volume, resolution rates, or user satisfaction scores.

The Swiss Vault: Threema

For users who can afford a small one-time fee, Threema represents the most mature, sustainability-focused alternative to Signal. Unlike Signal, which relies on US-based servers and is subject to US Cloud Act subpoenas, Threema operates entirely out of Switzerland. Its servers are physically located in Zurich, protected by of the strictest data privacy laws in the world. The primary differentiator is identity: Threema requires absolutely no phone number or email address to sign up. Users generate a random 8-digit Threema ID, severing the link between their physical identity and their digital communications.

Threema’s business model is straightforward: you pay once, and you own the app. This eliminates the reliance on grant funding or donations that sustains Signal. In 2026, the Swiss Army and thousands of European enterprises use Threema Work, a dedicated version for organizations, verifying its reliability for high- communication. The app supports full end-to-end encryption (E2EE) for calls, chats, and files, and crucially, it stores almost no metadata on its servers. Once a message is delivered, it is deleted from the server immediately.

The Nuclear Option: SimpleX Chat

If Signal’s requirement for a phone number is a dealbreaker, SimpleX Chat is the technical answer. It is the messaging platform to operate without any user identifiers, no phone numbers, no emails, and not even persistent random IDs like Threema. Instead, it uses temporary pairwise identifiers for each contact connection. This architecture means there is no central user directory for an attacker to scrape or a government to subpoena.

A 2024/2025 audit by Trail of Bits confirmed the robustness of SimpleX’s cryptographic design. The app routes messages through a decentralized network of relay servers, ensuring that no single entity can observe the full route of a message. While the user experience is less polished than Signal’s, it offers a level of anonymity that Signal’s architecture simply cannot support.

The “Convenience” Trap: Telegram

Telegram is frequently as an alternative, yet it poses a severe security risk for privacy-seeking users. Telegram is NOT end-to-end encrypted by default. Standard “Cloud Chats” are stored on Telegram’s servers, meaning the company holds the encryption keys and can access user data. Only “Secret Chats” offer E2EE, and this feature is frequently hidden in menus and not available for group chats.

The arrest of CEO Pavel Durov in France in August 2024 marked a turning point for the platform. Following the arrest, Telegram updated its privacy policy in September 2024, explicitly stating it would share IP addresses and phone numbers with authorities in response to valid legal requests regarding criminal investigations. This shift shatters the illusion of Telegram as a safe haven for dissidents or those seeking immunity from state surveillance.

Comparison of Top Secure Messengers (2026)

The Ubiquity Trap: WhatsApp

WhatsApp uses the same Signal Protocol for encryption, meaning the content of your messages is secure. Yet, the metadata surrounding those messages is harvested by Meta (Facebook). In 2025, WhatsApp updated its privacy policy to integrate more deeply with Meta’s AI systems, increasing the collection of behavioral data. This metadata, who you talk to, when, for how long, and from where, creates a detailed profile of your life without ever needing to read the text of your messages. For users seeking privacy from corporate surveillance rather than just hackers, WhatsApp is a poor substitute.

The “Cancellation” Protocol: Stopping Payments and Wiping Data

Because Signal is a non-profit 501(c)(3) rather than a SaaS business, “cancelling” refers to two distinct actions: stopping a recurring “Signal Sustainer” donation or permanently destroying your cryptographic identity. Unlike commercial apps that retain metadata for years, Signal’s architecture is designed to know as little as possible, meaning “deletion” is functionally immediate and irreversible.

1. How to Cancel Signal Sustainer (Recurring Donations)

If you support Signal financially, uninstalling the app does not cancel your monthly contribution. You must terminate the subscription through the store or processor used to set it up.

2. How to Delete Your Account (The Kill Switch)

Deleting your account wipes your private keys, removes you from all groups, and deletes your profile from the Signal server. This action is atomic: once confirmed, messages sent to you immediately fail.

• Android: Tap Profile> Account> Delete account. Enter your phone number and confirm.
• iOS: Tap Profile> Settings> Account> Delete Account. Enter your phone number and confirm.

serious Warning: This does not delete the app icon or local data on other linked devices (like your laptop). It only revokes the server identity.

3. The “Ghost Data” Problem: Cleaning Desktop Clients

Signal Desktop is a “linked” device, not a standalone account. If you delete your mobile account, the Desktop app eventually fail to connect, it retains a local, unencrypted database of your messages until you manually wipe it. Do not skip this step if you are selling your computer.

• macOS: Delete the app, then remove the folder: ~/Library/Application Support/Signal
• Windows: Uninstall the app, then delete: %AppData%RoamingSignal
• Linux: Run apt-get remove signal-desktop, then delete: ~/. config/Signal

4. Audit: What Changed in Data Removal (2020, 2026)?

From its launch as TextSecure to the 2026 build, Signal’s data removal policies have shifted in response to its feature expansion.

• SMS Support Removal (2022): Historically, Signal on Android doubled as an SMS handler. When this feature was removed in late 2022, the “delete” process became simpler required users to export plain-text SMS messages to a different app. In 2026, deleting Signal only removes encrypted Signal messages; it no longer touches your carrier SMS history.
• Registration Lock & PINs: The introduction of the Signal PIN created a “soft” retention. If you delete the app not the account, your profile (and Registration Lock) on the server for a set period to prevent number hijacking. You must use the “Delete Account” button inside the app to purge this immediately.
• Phone Number Privacy: With the rollout of usernames, deleting your account also frees up your unique username for others to claim. Unlike Telegram, Signal does not “reserve” usernames for inactive accounts indefinitely.

5. Data Recovery and Portability

Signal prioritizes secrecy over convenience. There is no cloud backup of your message history unless you manually enabled a local backup (Android only) or an iCloud/iTunes dump (iOS, which is frequently encrypted by the OS). Once you hit “Delete Account,” the decryption keys are. Forensic recovery is generally considered impossible for the average user, and extremely difficult for state-level actors, provided the device itself was not compromised before deletion.

Signal remains the undisputed heavyweight champion of encrypted communication in 2026, its armor shows hairline fractures, not from code, from the brutal economics of running a “free” service that costs $50 million a year to operate. For the average user, it is the only responsible choice for private messaging. For the high-risk target, it requires strict hygiene to avoid the phishing traps that have replaced protocol exploits as the primary threat vector.

The Sustainability Audit (2026)

The most serious risk to Signal is not cryptographic, financial. As a 501(c)(3) non-profit, Signal relies entirely on donations and grants. Our audit of their financial trajectory reveals a widening gap between user growth and revenue.

While revenue jumped significantly in 2024 due to the aggressive push of the “Signal Sustainer” program, the organization still burns cash. The deficit is currently covered by the initial $105 million loan from Brian Acton, this is a finite runway. Users must understand that Signal’s long-term survival depends on either a massive increase in donor conversion or a restructuring of its zero-data business model.

Security Posture: The “Human” Vulnerability

From 2020 to 2026, the Signal Protocol itself suffered zero confirmed cryptographic breaks. This is a remarkable engineering feat. yet, the threat has shifted to endpoint compromise.

The March 2025 “White House Leak”, where a journalist was accidentally invited to a high-level defense group chat, proved that user error is the biggest liability. also, the February 2025 advisory regarding Russian “Coldriver” hackers using malicious QR codes to link attacker devices to victim accounts highlights a serious UX flaw: the “Linked Devices” feature is dangerous if not monitored.

Feature Evolution: 2014 vs. 2026

Signal has successfully shed its “bare-bones” reputation without becoming bloatware. The introduction of usernames in 2024 was the most significant privacy upgrade in its history, allowing users to communicate without exposing their mobile phone numbers. The addition of Stories and high-bandwidth video calls has made it a viable WhatsApp competitor, though these features drive up the server costs detailed above.

Final Verdict

For the “Money is No Object” User: Signal is not a luxury product buy; it is a public utility you must support. The “Sustainer” badge is the only status symbol that matters here. It offers better call quality and privacy than any paid enterprise tool on the market.

For the “Safe Tool” User: This is the only app where “free” does not mean “you are the product.” yet, you must be vigilant. The app not save you if you scan a random QR code or invite the wrong person to a group. Security is a partnership between Signal’s code and your common sense.

Signal operates as a financial anomaly in the tech sector: a non-profit 501(c)(3) charity competing against trillion-dollar conglomerates like Meta (WhatsApp) and Apple (iMessage). Unlike its rivals, Signal generates zero revenue from data harvesting or ads. Instead, its survival relies entirely on a dwindling war chest provided by a single billionaire benefactor, Brian Acton.

The “Acton Lifeline” Analysis

Upon its incorporation in 2018, the Signal Technology Foundation received a $50 million loan from WhatsApp co-founder Brian Acton, which ballooned to $105 million by the end of that year. This loan was unsecured, carried 0% interest, and was due in 2068. Financial filings (IRS Form 990) from 2018 to 2024 reveal a serious pattern: the Foundation is not “paying back” this loan rather burning through it to cover operating costs, while Acton periodically “forgives” portions of the debt to count as revenue.

By 2024, Signal’s annual operating costs had surged to approximately $38 million, driven largely by server hosting (AWS, Google, Twilio) and bandwidth for high-quality video calls. With total assets dropping to roughly $31 million in 2024, the organization operates with a runway of less than 18 months without fresh capital injections.

Audit: Annual Burn Rate vs. Revenue (2020-2026)

The following table reconstructs the Signal Foundation’s financial health using verified IRS filings and public disclosures. Note the between “Program Expenses” (keeping the servers on) and “Public Support” (actual donations from users).

Policy and Pricing Changes (Launch to 2026)

To mitigate this burn rate, Signal has enacted specific policy shifts that impact the user experience:

• 2021 (Monetization Attempt): Signal integrated MobileCoin (MOB), a cryptocurrency, allowing peer-to-peer payments. While technically private, this move was widely interpreted as a strategy to generate transaction-based revenue or increase the value of holdings, though it failed to gain mainstream traction.
• 2023 (Cost Cutting): The removal of SMS support from the Android client was officially as a security and privacy decision. yet, forensic analysis suggests it also reduced the engineering load of maintaining legacy code for non-encrypted, cutting “dead weight” expenses.
• 2024 (Donor Solicitation): The app introduced “Sustainer” badges, aggressively prompting users to donate monthly ($5, $10, or $20). This marks a pivot from passive donation acceptance to active in-app fundraising.

The Sustainability Verdict

Signal’s “non-profit” status is technically accurate financially precarious. It does not have a sustainable business model based on user donations alone. The data indicates that for the app to exist in 2027 and beyond, it requires either a massive increase in small-donor funding (approx. 10 million users donating $5/year) or another nine-figure injection from a high-net-worth benefactor. Users should regard the service as stable for, dependent on the whims of external philanthropy rather than market mechanics.

The Signal Protocol has evolved from its 2013 origins as “TextSecure” into the industry’s most scrutinized cryptographic standard. While the 2016 audit by researchers from the University of Oxford, QUT, and McMaster University established the protocol’s initial “gold standard” status, the architecture has undergone a radical overhaul between 2023 and 2026 to address the threat of quantum computing.

The Post-Quantum Overhaul (2023, 2026)

In September 2023, Signal initiated its most significant cryptographic upgrade by implementing the PQXDH (Post-Quantum Extended Diffie-Hellman) key agreement protocol. This hybrid method combines the classical elliptic curve protocol X25519 with CRYSTALS-Kyber-1024, a post-quantum key encapsulation method. The primary objective is to neutralize “Harvest, Decrypt Later” attacks, where state-level adversaries record encrypted traffic today to decrypt it years later once quantum computers become viable.

By late 2025, Signal expanded this defense method with the introduction of the Sparse Post-Quantum Ratchet (SPQR). This update upgraded the renowned Double Ratchet algorithm into a “Triple Ratchet” system. While PQXDH secures the initial handshake, SPQR ensures that the continuous re-keying process (which occurs with every message sent) is also resistant to quantum decryption. This closes a serious gap: previously, if an attacker compromised a device’s keys after the initial handshake, they could theoretically use a quantum computer to decrypt future messages. SPQR mitigates this by injecting fresh post-quantum entropy into the ratchet stream.

Metadata and the “Sealed Sender” Reality

Signal’s “Sealed Sender” technology, introduced in 2018, remains its primary defense against metadata surveillance. This feature encrypts the sender’s identity, preventing the Signal server from knowing who is sending a message, only where it needs to go. yet, audits and academic research through 2026 highlight distinct limitations:

• Traffic Analysis: A 2021 study presented at NDSS demonstrated that “Sealed Sender” could be bypassed using statistical analysis of delivery receipts, chance identifying senders with as few as five messages. Signal has mitigated this by rate-limiting and obfuscating traffic patterns, the theoretical vulnerability remains.
• IP Exposure: The Signal server still sees the connecting IP address. While Signal does not log this data, the architecture requires trust in the server’s ephemeral memory. High-risk users (e. g., in hostile regimes) must use the built-in “censorship circumvention” (TLS proxy) or Tor to mask their IP, as the protocol itself does not anonymize the transport.

Sustainability of the Non-Profit Model

The cost of maintaining this grade of cryptographic engineering is substantial. Signal Technology Foundation’s Form 990 filings and 2026 transparency reports indicate that server costs and R&D expenses have risen sharply with the introduction of high-bandwidth features like video calls and Stories. Unlike WhatsApp, which subsidizes encryption costs via Meta’s data empire, Signal relies entirely on donations. The “Signal is Expensive” campaign in early 2026 revealed that the implementation of SPQR and the new “Signal Calling Service” (which supports 40+ person encrypted calls) significantly increased operational overhead, raising valid long-term questions about the scalability of a donation-only model for serious infrastructure.

Audit History & Incidents (2020, 2026)

For over a decade, Signal’s greatest privacy flaw was its reliance on phone numbers as the sole user identifier. This architecture forced dissidents, journalists, and victims of domestic abuse to hand over their personal digits to every contact they wished to message. In February 2024, Signal fundamentally altered this with the launch of its username architecture. This update did not remove the phone number requirement for registration. It instead decoupled the account identifier from the public-facing profile.

The “Anti-Handle” Username System

Signal’s implementation differs strictly from social media handles found on X (formerly Twitter) or Telegram. A Signal username is not a permanent identity. It is a temporary handshake method designed to initiate a connection without revealing a phone number. Once a chat is established, the username becomes irrelevant. The recipient sees only the Profile Name you have chosen.

To prevent squatting and impersonation of high-profile figures, Signal mandates that all usernames end with at least two digits (e. g., Investigator. 89). This decision eliminates the secondary market for “OG” handles that plagues other platforms. Users can change or delete their username at any time. This allows a journalist to generate a specific handle for a single investigation and burn it immediately after initial contact is made.

Audit of Privacy Controls (2024, 2026)

The introduction of usernames brought two serious privacy toggles that users must configure manually to achieve total invisibility. Our audit confirms that while the defaults protect users from casual exposure, they do not make you a “ghost” by default.

If you set “Who can find me by number” to Nobody, you from the Signal network. No one can message you unless you give them your exact, case-sensitive username. This setting is the “nuclear option” for privacy and prevents stalkers or data brokers from checking if a specific number is active on the platform.

The Missing Directory Feature

Signal explicitly refused to build a searchable directory of usernames. not type “John Smith” into a search bar and find users. You must know the exact handle, such as JSmith. 99. This friction is intentional. It prevents mass scraping of user databases and stops harassment campaigns where bad actors target users based on keywords in their bio. Telegram, by contrast, offers a global search that has frequently been exploited for spam and crypto-scams. Signal’s method prioritizes safety over discoverability.

Security Warning: The “Linked Device” Phishing Trap

While the username feature itself is secure, it has indirectly fueled a sophisticated phishing vector that surged in 2025. Because users feel safer sharing contact details via QR codes, attackers have weaponized the “Link New Device” feature.

In this attack scenario, a bad actor poses as a journalist, support agent, or verification bot. They send a QR code to the victim and claim it is for “identity verification” or “joining a secure group.” If the user scans this code with their Signal app, they are not joining a group. They are authorizing the attacker’s computer to link to their account. This grants the attacker real-time access to all future messages and past history. This is not a hack of the Signal Protocol. It is a social engineering exploit of the user interface. Signal has added warning screens to the linking process, yet users continue to fall for this scam.

Verdict on Phone Number Privacy

Signal has successfully solved the “plumber problem” where users were forced to share personal numbers with service providers or strangers just to communicate. The implementation is strong and avoids the vanity-handle pitfalls of social media. The requirement to still register with a phone number remains a point of contention for anonymity purists who prefer the email-based registration of Wire or the ID-free generation of Threema. For the vast majority of users, the current system strikes the correct balance between preventing spam and preserving privacy.

Signal does not exist in the market; it operates in active hostility toward state-sponsored surveillance. Unlike competitors that comply with local data localization laws or “soft” censorship requests, Signal’s architecture renders it technically unable to comply. Between 2020 and 2026, this refusal to compromise precipitated direct conflicts with the governments of Iran, Russia, China, and the United Kingdom.

The Proxy Wars: Iran (2021, 2022)

Signal’s major offensive against state censorship occurred in January 2021, when the Iranian government blocked the app. In response, Signal did not negotiate; it weaponized its user base. On February 4, 2021, the foundation launched “Simple TLS Proxies,” a protocol allowing any user globally to spin up a proxy server on a cheap VPS (Virtual Private Server) to route traffic for Iranians.

This strategy was stress-tested in September 2022 during the Mahsa Amini protests. As the Iranian regime cut off internet access, Signal issued a global call for volunteers to run proxies. Thousands of servers were deployed within days, creating a decentralized “hydra” network that Iranian censors struggled to blacklist faster than new nodes appeared. This marked a shift from passive resistance to active circumvention.

The Russian Blockade (August 2024)

For years, Russia tolerated Signal while banning competitors like Facebook, likely due to its lower adoption rate compared to Telegram. This changed on August 9, 2024. The Russian regulator Roskomnadzor formally blocked Signal, citing violations of “anti-terror” legislation. The ban coincided with the Ukrainian military incursion into the Kursk region, suggesting the Kremlin moved to sever secure communication lines used by both dissenters and soldiers.

Signal’s response was immediate: it activated its “Censorship Circumvention” feature for Russian IP addresses. This feature uses domain fronting, masking Signal traffic to look like HTTPS requests to major services like Google or Amazon, forcing censors to either allow the traffic or block vast swaths of the internet. While, the blockade remains a cat-and-mouse game, with users frequently requiring VPNs or updated proxies to connect.

The Western Front: The UK Encryption Showdown (2023, 2024)

The most significant threat to Signal’s existence came not from an autocracy, from the United Kingdom. The Online Safety Act (2023) proposed “client-side scanning” clauses that would require apps to scan messages for illegal content before encryption. Signal President Meredith Whittaker issued a binary ultimatum: Signal would cease operations in the UK rather than build a backdoor.

The standoff ended in a tactical victory for privacy. In late 2023, the UK government conceded that the technology to scan messages without breaking encryption was “not technically feasible,” suspending the enforcement of the clause against E2EE (End-to-End Encrypted) services. This precedent protected Signal users in the West from similar legislative attempts in the EU (Chat Control) and the US (EARN IT Act).

Technological Arms Race: The Quantum Leap (2023)

Anticipating “Harvest, Decrypt Later” attacks, where state actors hoard encrypted traffic today to decrypt it once quantum computers mature, Signal executed a serious protocol upgrade in September 2023. The introduction of PQXDH (Post-Quantum Extended Diffie-Hellman) added a of quantum-resistant key encapsulation (CRYSTALS-Kyber) to the handshake process. This ensures that even if a nation-state captures Signal traffic in 2026, a future quantum computer remain unable to retroactively decrypt the messages.

Data Denial: The “Empty” Subpoenas

Signal’s primary defense against legal coercion is data minimization. It cannot hand over what it does not possess. Transparency reports from 2020 to 2026 consistently show that in response to grand jury subpoenas and search warrants (e. g., from the Eastern District of Virginia or Santa Clara County), Signal provides the only two data points it stores:

This “null result” response has frustrated law enforcement agencies globally, confirming that Signal’s privacy claims are enforced by code, not just policy.