This seems like a perfect use case to support Signal. Have large, corporate or govt entities, pay for a custom fork of the app, built by the app developers themselves.
Why is telemessage getting the money ? Does the Signal Foundation not make it easy to do paid fork implementations ?
Certainly it's better for the gov't to pay Signal than to try to do it themselves.
MobileCoin is prioritised ahead of allowing an iPad-like secondary device experience on Android tablets, for example.
Source: use them for several of my clients.
Signal is approved for government uses, just not non-public DOD information. They're supposed to use Signal for something like "hey, get to a SCIF so we can discuss details," then they discuss the details in a secure environment.
Sort of like the drug dealers from The Wire
https://investigations.cooley.com/2025/01/15/federal-law-enf...
TeleMessage is/was an Israeli company [1], but was acquired last year by Smarsh [2], itself a subsidiary of K1 Investment Management, both US companies. It me whether the company moved. While not necessarily related at all, their terms of service also seem to explain specific arrangements for messaging in China that appear to involve disclosures to the Chinese government.
It's unclear to me how the app works. It appears to be advertised as a fork of the Signal client which uploads all content to a remote server, thus, of course, breaking the E2E encryption, unless the archive is considered an end and the connection to it is secure. It also appears to be advertised as being the same interface as Signal.
However, both the iOS and Android Signal clients are AGPLv3. I can't find any indication that the TeleMessage clients are anything other than proprietary. So are they going the route of giving the software and source only to paying customers under AGPLv3 (with those customers then free to distribute it)? Did they completely reimplement the client? Or are they an illegal proprietary fork?
The first option seems unlikely, and the latter two seem rather ominous for the security of the app.
[1]: https://en.wikipedia.org/wiki/TeleMessage [2]: https://en.wikipedia.org/wiki/Smarsh
E2E doesn't mean what I think you think it means; specifically, it has nothing to do with what the intended recipient (or their software) does with the message.
But more generally, your point is why I mentioned "unless the archive is considered an end and the connection to it is secure."
As long as their clients can redistribute it, its not illegal, especially if their clients have 0 interest in leaking the source code, the real trick is, has anyone who is NOT using that client hit any of the AGPL relay servers?
For context, I worked for an employer that sold a custom software solution, which used GPL'd software, client was in the military space, so I guess DOD, anyway, for over a decade nobody asked for any of the code, till some years back. I am guessing they just wanted to have it evaluated, but it was a workhorse of many many things, good luck trying to fork it, LOTS of moving pieces involved.
Nothing illegal unless someone who touches a TM SGNL server (somehow) requests the source and they reject you from having it.
But from their website, which has terms of service for each app, it really seems that they are presenting them as standard proprietary closed-source offerings.
LMAO NO! I have quite a few clients using Telemeasage, and most of them use Global Relay on the backend. It's a little terrifying actually, as Global Relay just ingests everything via SMTP. I haven't checked if they have DNSSEC or MTA-STS set up, but with how Global Relay operates I would be surprised if they did. I suspect a well-placed proxy or DNS poisoning could siphon off a good chunk of sensitive emails being sent to Global Relay.
https://www.telemessage.com/how-to-install-and-register-sign...
They are using a Signal clone that is run by a group of Israeli intelligence officers??
I don’t think that part of the story has broken yet properly. When you go to google maps for the address listed for that company you actually get a company called “Cyberint” which seems extremely not good.
https://maps.app.goo.gl/L7vVHw5x4VdgS8859?g_st=com.google.ma...
Worse.. when you take a look at the bios for the company on their website I see that it’s filled with supposedly “ex” Israeli intelligence officers including the CEO among others. https://www.telemessage.com/team/
That seems like a MUCH MUCH bigger deal than they currently known story.
Like several orders of magnitude bigger than the original signalgate story.
The implication here is that a bunch of Israeli intelligence officers have maybe the best access of anyone in the world right now in that they have a real time feed of every conversation that the US national security advisor is a part of.
No, not for classified comms. They already have secure comms and SCIFs but they're not using them. This is what they should be using. And they should be following sterile opsec so they don't carry tracking and listening devices into classified meetings or strategy discussions with decision makers.
They do need better opsec for unclassified and personal comms. It would be nice™ for them to have a Signal-like app controlled by the NSA because depending on Signal or WhatsApp is vulnerable to a malicious insider. Few Meta employees have security clearances, while I don't know about Signal.
Head of NatSec, ladies and gentlemen. Once the domain of Kissinger, Brzezinski, Powell and Rice. Now with the opsec of a brain-damaged cocaine dealer.
A blatant AGPL violation, no? Were they using Signal in the Biden admin or do these contracts get setup in prep for the new team?
If its an app they wanted kept under wraps, it will make the while Hegseth situation seem a lot more benign.
I use Molly Messenger on a secondary phone that doesn't have a SIM, its a fork of Signal with a few differences related to encryption at rest. It still works with normal signal users just fine, on the other end you can't tell I have a different client. If the government has a similarly forked version you could likely still accidentally invite the wrong user in from their normal Signal app and they wouldn't know you're on a forked version with government archiving features.
That said, whether this makes the situation better or worse depends on who can actually see these archives. "Smarsh" is a US-based company, but they acquired TeleMessage, which was (is?) based in Israel.
Is there no way Signal can prevent this in the official app?
I find the Signal devs' attitude so frustrating; they deliberately disable the ability to use Signal in secondary device mode for phone-sized-devices, because they know the Correct Way To Use Signal™ is to only use it on one phone-sized-device.
It would appear they're using this app now, post-incident, because they got in trouble. (And having messages with Vance, Gabbard, etc. be visible to the press pool camera is... not a great look for the guy who accidentally added a reporter.)
https://www.nytimes.com/2025/04/15/us/politics/cia-director-...
> All of the messages from a leaked group chat have been deleted from the phone of John Ratcliffe, the C.I.A. director, the agency said in a court filing.
