Meredith Whittaker, the head of Signal, has admitted that the service organization could improve how it handled the recent phishing attacks targeting its users. Speaking to the newspaper “Spiegel”, Whittaker acknowledged, “Looking back, there are a number of things we could have done differently”.
Despite admitting these operational errors, she strongly defended the inherent security of the service, clarifying that Signal itself had not been hacked and that its end-to-end encryption remains “robust”. The admission comes amid reports derived from “Spiegel” detailing sophisticated phishing campaigns that successfully compromised the accounts of prominent users, including CDU members Julia Klöckner and cabinet member Verena Hubertz. These ongoing attacks are reportedly linked to Russia.
In response to the incident, Whittaker announced several planned updates to the app. Future versions will introduce additional warning alerts when receiving messages from unknown senders, and the process for accepting new contacts will no longer be possible with a single click.
Whittaker also addressed criticisms concerning Signal’s crisis communication. Some critics felt that the delay in the initial public statement in March was an attempt to shift blame only onto the affected users. She promptly corrected that notion, assuring the public that it was “by no means our intention”. However, she also admitted that while the attacks were clearly focused on user behavior, pointing fingers at individuals was unfair. She expressed disappointment, though not surprise, at the mockery faced by the affected politicians on social media, remarking that she perceives a “certain arrogance” within parts of the tech industry that is “not nice”.
Beyond the immediate security crisis, Whittaker used the platform to highlight the fundamental need for better financial support. She emphasized that Signal operates on donations and is utilized globally by journalists, politicians, and industry leaders for highly sensitive communications. She contrasted this voluntary funding model with defense start-ups, such as Helsing, which receive billions of dollars based merely on promises. According to Whittaker, Signal functions as a “critical infrastructure that is already working” but it lacks proportional support, a situation she labeled a “gross imbalance”.
Finally, she made an implicit appeal regarding Germany’s obligation to the platform. When discussing calls, such as the one from Bundestag Vice-President Andrea Lindholz, to consider a federal ban on Signal, Whittaker dismissed the idea of restricting its use. She argued that all platforms of Signal’s size are susceptible to such risks. Furthermore, she warned that any efforts to ban the service would merely cause users to migrate to other services, many of which she described as “by nature significantly less secure” than Signal.
