Surveillance

The Signal Paradox: Why the World's Most Trusted "Private" Messenger Was Built With U.S. Government Money

Signal received millions from a U.S. government broadcasting agency, runs entirely on Amazon servers, and requires your phone number. None of that is conspiracy — it's in the tax filings.

Ryan Callicoat 7 min read min read
The Signal Paradox: Why the World's Most Trusted "Private" Messenger Was Built With U.S. Government Money

Open the App Store and you'll find Signal at the top of every "most secure messenger" list. Edward Snowden endorsed it. Elon Musk told his followers to use it. The EFF recommends it. Journalists at every major outlet treat it as the gold standard.

And it might genuinely be the best mainstream option available.

But there are things about Signal that almost nobody talks about — not because they're secret, but because they don't fit the story. The funding history is public. The server architecture is public. The legal exposure is public. Once you put the pieces side by side, the picture is more complicated than the marketing suggests.

This isn't a hit piece. It's the part of the conversation that keeps getting skipped.

1. Signal was built with money from a U.S. government broadcasting agency

Signal's predecessor, Open Whisper Systems, and the Signal protocol itself were funded for years by the Open Technology Fund (OTF) — a project that operated under Radio Free Asia, which is itself a subsidiary of the U.S. Agency for Global Media (formerly the Broadcasting Board of Governors). USAGM is a federal agency. Its budget is appropriated by Congress.

This isn't a leaked rumor. OTF published its grant history on its own website for years, and the relevant tax filings are public:

  • OTF's own published grant data lists Open Whisper Systems as a multi-year recipient.
  • Reporting by The Intercept and journalist Yasha Levine traced approximately $2.9 million in OTF grants flowing to Open Whisper Systems between 2013 and 2016.
  • Levine's 2018 book Surveillance Valley (PublicAffairs) documents the broader pattern: a constellation of "anti-surveillance" tools — Tor, Signal, Tails — built or sustained on grants from the same U.S. government agency that runs Voice of America and Radio Free Asia.

The standard defense is reasonable on its face: USAGM funds these tools so dissidents in China, Iran, and Russia can communicate without being tracked by those governments. That's the official mission, and it's plausible.

But it raises a question the privacy community rarely sits with: what does it mean when the same government that runs the largest signals-intelligence apparatus in human history is also the largest single funder of the encryption tools that apparatus is supposed to be defeated by?

There are only a few possible answers, and none of them are comfortable.

2. Every Signal message routes through Amazon servers in the United States

Signal is not peer-to-peer. Despite the end-to-end encryption, every message you send transits Signal's centralized infrastructure, which is hosted on Amazon Web Services in the United States. Signal has confirmed this in its own engineering posts and in court filings.

End-to-end encryption protects message content from the server operator. It does not protect:

  • Metadata — who is talking to whom, when, and how often.
  • Connection patterns — which IP addresses are reaching the server and at what times.
  • Account-creation data — the phone number you registered with.

Signal has implemented clever mitigations. Sealed Sender (introduced 2018) hides the sender's identity from Signal's own servers in many cases. Private Contact Discovery uses Intel SGX enclaves to (theoretically) prevent Signal from learning your address book.

These are real engineering accomplishments. They are also trust-the-vendor mitigations. Sealed Sender depends on Signal's clients honestly stripping the metadata. SGX has been broken multiple times by academic researchers (Foreshadow, SGAxe, Plundervolt). And the entire stack runs on infrastructure operated by a U.S. company subject to U.S. legal process — including National Security Letters and FISA Section 702 directives, which come with built-in gag orders.

We know what Signal's lawyers can be compelled to hand over because they've been forced to. In 2016, the Eastern District of Virginia served Signal a grand jury subpoena. The only data Signal could produce was the account creation date and the last connection date for the targeted phone numbers. That's a real win for Signal's design — and also a confirmation that yes, they know your phone number, and yes, they log when you connect.

3. The phone number requirement is the most obvious — and most ignored — problem

Signal requires a real, working phone number to register. This is not a minor inconvenience. It is a persistent, government-issued, real-name identifier that ties your "anonymous encrypted messenger" account to your carrier billing record, your SIM card, and (in most countries) your government ID.

If your threat model is your spouse, fine. If your threat model is anything resembling a state actor, this single design choice undermines the entire premise.

Signal has known about this for years. In 2022 they finally announced usernames as a planned feature. Usernames shipped in beta in early 2024, but the phone number is still required for registration — the username only hides it from other users, not from Signal itself or from anyone with legal access to Signal's records.

Compare this to the threat model of a Chinese journalist OTF says these tools are built for. They cannot get an anonymous SIM card. Their phone number is their identity. Signal solves the wrong half of their problem.

4. The endpoint problem: Vault 7 and Pegasus

Even if Signal's protocol were mathematically perfect — and the Signal Protocol is genuinely excellent cryptography, audited by serious researchers — encryption only protects messages in transit. It does nothing to protect messages on a compromised device.

Two well-documented programs make this concrete:

  • CIA Vault 7 (WikiLeaks, March 2017). The leaked CIA documents explicitly describe techniques for compromising iOS and Android devices to capture messages "before encryption is applied." Signal is named in the documents not as a system the CIA had broken, but as a system the CIA had routed around by owning the endpoint.
  • NSO Group's Pegasus (ongoing). Citizen Lab and Amnesty International's Security Lab have documented dozens of cases of Pegasus being deployed against journalists and dissidents — including zero-click iOS exploits that read Signal messages directly from the device.

In both cases the encryption did its job. The encryption was simply not where the battle was being fought. If you are a target worth Pegasus-tier money, Signal does not save you. Signal's own leadership has acknowledged this — but the marketing rarely does.

5. The Cellebrite incident nobody can fully explain

In April 2021, then-Signal-president Moxie Marlinspike published a strange and now-famous blog post claiming he had — entirely by coincidence, he said — come into possession of a Cellebrite forensic device that "fell off a truck" in front of him. He then published exploits for it.

Buried in that same post was an oblique line about Signal possibly including files in its application data that could exploit Cellebrite tools used to extract Signal data from seized phones. Some readers interpreted this as a veiled threat to law enforcement. Others read it as a marketing stunt. Others noted that the entire chain of events — the convenient delivery, the simultaneous exploit drop, the not-quite-deniable threat — was unusually theatrical for a company that normally publishes dry cryptography papers.

Whatever it was, it remains one of the odder incidents in modern privacy software, and it has never been satisfactorily explained.

6. So what's the actual threat model?

Here is where the conspiracy frame and the engineering frame meet:

Signal is, almost certainly, the best end-to-end encrypted messenger available to ordinary people on an ordinary phone. The protocol is real. The cryptography is real. The 2016 subpoena response is real. The leadership — including current president Meredith Whittaker, a long-time critic of surveillance capitalism — is composed of people who appear to genuinely believe in the mission.

And: Signal was built with U.S. government money. It runs on U.S. infrastructure. It requires a U.S.-trackable identifier to register. Its leaders have, at minimum, a working relationship with the same agencies that run global SIGINT. Its protections rely on you trusting that the binary in the App Store matches the open-source code on GitHub — a trust assumption Signal has been criticized for because they delayed publishing reproducible builds for years.

Both of these things can be true at once. They probably are.

The mistake isn't using Signal. The mistake is believing the marketing slogan that "Signal = private" is the end of the conversation rather than the beginning.

7. What to actually do about it

If your threat model is a curious employer, a stalker, or a non-state actor: Signal is overwhelmingly fine. Use it.

If your threat model is anything bigger than that, the rules change:

  • Assume metadata is collectable. Vary your communication times and patterns.
  • Use Signal on a device that is not your primary phone, registered to a number that is not tied to your real identity. (This is hard. That's the point.)
  • Treat the endpoint as the weak link. A fully-patched iPhone in Lockdown Mode is currently the highest-assurance commodity option, and even that is not a guarantee against state-tier adversaries.
  • For the most sensitive conversations: don't put them on a phone at all. The most secure messenger is still the one that was never invented.

And remember the part nobody on the privacy-tools podcasts will say out loud: the largest funder of the encrypted messenger you trust is the same government that runs the largest signals-intelligence operation in history. That doesn't prove anything by itself. It just means the question deserves to stay open.

Sources

  1. Open Technology Fund — Supported Projects: opentech.fund/results/supported-projects
  2. Yasha Levine, Surveillance Valley (PublicAffairs, 2018): publicaffairsbooks.com
  3. Signal — Eastern District of Virginia grand jury subpoena response: signal.org/bigbrother/eastern-virginia-grand-jury
  4. Signal — "Technology Preview: Sealed Sender for Signal" (2018): signal.org/blog/sealed-sender
  5. Signal — "Private Contact Discovery": signal.org/blog/private-contact-discovery
  6. Foreshadow attack on Intel SGX: foreshadowattack.eu
  7. SGAxe attack on Intel SGX: sgaxe.com
  8. WikiLeaks Vault 7 release: wikileaks.org/ciav7p1
  9. Citizen Lab — ForcedEntry / Pegasus zero-click exploit: citizenlab.ca
  10. Amnesty International Security Lab — Pegasus Project: securitylab.amnesty.org
  11. Signal — "Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer" (Marlinspike, 2021): signal.org/blog/cellebrite-vulnerabilities
  12. Signal — "Phone number privacy and usernames": signal.org/blog/phone-number-privacy-usernames
  13. EFF — National Security Letters: eff.org/issues/national-security-letters