A massive outage on Amazon Web Services (AWS) systems on Monday sparked a new debate in the tech world. This outage affected numerous websites and applications, including the end-to-end encrypted messaging app Signal. Immediately following the incident, X (formerly Twitter) CEO Elon Musk made a striking statement. In a social media post, Musk stated unequivocally, “I no longer trust Signal.”

Security Debate Between X Owner Elon Musk and Signal

Signal President Meredith Whittaker was quick to respond to Musk’s comment on X. Whittaker stated that “Signal is trusted by the security and hacker community, as well as hundreds of millions of people.” She explained that the primary reason for this trust is the application’s open-source nature, which allows anyone to review it. She also emphasized that Signal has proven itself robust, private, and secure for over a decade. Experts say that Signal’s reliance on a centralized infrastructure like AWS does not compromise encrypted communications. Because Signal doesn’t have the keys to the encrypted data held in this infrastructure.

Elon Musk has recently been actively promoting his platform, X Chat (formerly DM), as a secure and encrypted communication method. However, security experts argue that a messaging app promising secure communication must be open source to be reliable. According to experts, if users can’t examine the code, it’s impossible to know exactly what the app is doing behind the scenes. The X platform still labels X Chat, intended to replace the traditional DM system, as “beta software.” Elon Musk had previously attracted attention with a “use Signal” post, and following this post, Signal reached record user numbers.

X’s encryption feature was originally tested in 2018, but its official announcement wasn’t until 2023. The company also announced plans to make it easier to verify that its chat features are as secure as they claim in the future. Jack Dorsey, who founded and led X as Twitter for many years, also supported the idea of ​​switching to end-to-end encryption during his time as CEO. Dorsey recently developed a geographically focused messaging app called “Bitchat.” Bitchat gained attention for its networking features, particularly during the government change in Nepal. The app can work even in local areas without internet access. A similar app, FireChat, was used during the 2014 Hong Kong protests.

Of course, Signal isn’t perfect and has faced criticism over the years. Security researchers have long criticized the app’s requirement of phone numbers for registration. Following this criticism, Signal recently addressed this issue by allowing users to register with only one username.

However, Whittaker’s comments about Signal’s openness and verifiability have drawn criticism from some developers working on Bitcoin. Bitcoin developer Peter Todd noted that the app stores on Android and iOS prevent users from verifying that the code running on their devices exactly matches the open-source code published by Signal.

Todd, who contributed to Bitcoin Core, emphasizes the importance of “reproducible builds.” This method allows end users to verify that an app was built using published open-source code. Steve Lee, who runs Spiral, a Bitcoin open-source development grantee, also noted that this issue remains an open issue in Signal’s Android version. The Bitcoin community has also criticized Signal’s reliance on centralized infrastructure, which led to the AWS outage.

Whether it’s Bitcoin or private messaging, there are often tradeoffs between perfect privacy and security and creating a user-friendly app that people will actually use. While Signal is still considered the standard for encrypted messaging, more competition in this space that offers verifiable privacy is always a positive development. So, which encrypted messaging app do you prefer for your daily communications, and why?