Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why aren't governments using Signal with proxies?
1 point by palata 4 months ago | hide | past | favorite | 7 comments
I have been wondering this for a while, but given the current geopolitical situation, it feels even more relevant than before.

Governments (and companies, actually) should not trust servers controlled by other governments for their communications. Typically, all companies using Microsoft Teams, GMail or Slack expose all their communications to those companies and to the US government.

Even when using e2ee services like WhatsApp, metadata are leaked (e.g. which politician is writing to which other politician, and when).

Signal is obviously a good candidate for such sensitive communications, with Sealed Sender and soon Key Transparency. However, metadata may leak at the network level (I believe Signal servers run on AWS, so Amazon could look at the IPs of the messages and deduce who is talking to whom, to some extent).

Now, why wouldn't governments run Signal proxies? That would completely solve the problem of the leaked IPs, right? They could even go fancy an integrate some kind of mixnet feature if needed. Signal already supports proxies, so it would just be a matter of telling their employees to connect through the proxy. Or even build a special version of Signal that only connects through the government proxy.

Would that be a bad idea? Why is nobody doing that?




If they are/were doing exactly that, would we know and could we find out? Im not sure that they aren't already; and an important part of deploying some securirty like this should be: don't disclose that youre doing this.


At least we would know that they use Signal, because they would need to either distribute a custom version of it or tell their employees to configure the proxy, right?


What if theyre using their own thing? Like a more secure Signal.


The Bundeswehrmessenger(German Army) is based on Matrix


Sure. Some use Olvid (in France, obviously), some use Threema. But for sensitive matters, Signal is known to be a better idea. If the reason to go with Matrix is to control the server, it feels like a proxy to Signal would be better, wouldn't it?

The Matrix servers have access to a lot of metadata...


They selfhost them. Any chatprotocol has access to a lot of metadata. The Bundeswehr has special requirements that matrix fullfilled better than others.


Signal's server has access to fewer metadata than a Matrix server. If the self-hosted Matrix server gets compromised, it's a lot worse than Signal (and at this point, not only for metadata).




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: