Försvarsmakten inför krav på Signal för samtal och meddelanden – Cornucopia?
cornucopia.se

by Lars Wilderang, 2025-02-11

Translation from the Swedish Origin

In a new instruction for fully encrypted applications, the Swedish Armed Forces have introduced a mandatory requirement that the Signal app be used for messages and calls with counterparts both within and outside the Armed Forces, provided they also use Signal.

The instruction FM2025-61:1, specifies that Signal should be used to defend against interception of calls and messages via the telephone network and to make phone number spoofing more difficult.

It states, among other things:

“The intelligence threat to the Armed Forces is high, and interception of phone calls and messages is a known tactic used by hostile actors. […] Use a fully encrypted application for all calls and messages to counterparts both within and outside the Armed Forces who are capable of using such an application. Designated application: The Armed Forces use Signal as the fully encrypted application.”

The choice of Signal is also justified:

“The main reason for selecting Signal is that the application has widespread use among government agencies, industry, partners, allies, and other societal actors. Contributing factors include that Signal has undergone several independent external security reviews, with significant findings addressed. The security of Signal is therefore assumed to be sufficient to complicate the interception of calls and messages.

Signal is free and open-source software, which means no investments or licensing costs for the Armed Forces.”

Signal supports both audio and video calls, group chats, direct messages, and group calls, as well as a simple, event-based social media feature.

The app is available for iPhone, iPad, Android, and at least desktop operating systems like MacOS, Windows, and Linux.

Since Signal can be used for phone calls, the instruction is essentially an order for the Armed Forces to stop using regular telephony and instead make calls via the Signal app whenever possible (e.g., not to various companies and agencies that don’t have Signal), and no SMS or other inferior messaging services should be used.

Note that classified security-protected information should not be sent via Signal; this is about regular communication, including confidential data that is not classified as security-sensitive, as stated in the instruction. The same applies to files.

The instruction is a public document and not classified.

Signal is already used by many government agencies, including the Government Offices of Sweden and the Ministry for Foreign Affairs. However, the EU, through the so-called Chat Control (2.0), aims to ban the app, and the Swedish government is also mulling a potential ban, even though the Armed Forces now consider Signal a requirement for all phone calls and direct messaging where possible.

Furthermore, it should be noted that all individuals, including family and relationships, should already use Signal for all phone-to-phone communication to ensure privacy, security, verified, and authentic communication. For example, spoofing a phone number is trivial, particularly for foreign powers with a state-run telecom operator, which can, with just a few clicks, reroute all mobile calls to your phone through a foreign country’s network or even to a phone under the control of a foreign intelligence service. There is zero security in how a phone call is routed or identified via caller ID. For instance, if a foreign power knows the phone number of the Swedish Chief of Defence’s mobile, all calls to that number could be rerouted through a Russian telecom operator. This cannot happen via Signal, which cannot be intercepted.

Signal is, by the way, blocked in a number of countries with questionable views on democracy, such as Qatar (Doha), which can be discovered when trying to change flights there. This might serve as a wake-

https://cornucopia.se/2025/02/forsvarsmakten-infor-krav-pa-signal-for-samtal-och-meddelanden/

  • @[email protected]
    206 days ago

    I am actually a bit confused here…

    This seems like something Försvarsmakten should be able to set up their own Matrix infrastructure to use.

    Was that never considered?

    Why make yourself dependant on a foreign company’s servers at all?

    • @[email protected]
      206 days ago

      That and be dependent on an external server to create accounts. Last time I checked, French cops used a custom Matrix server for their private communications. A friend of mine is a cop and they have professional phones with custom Android ROMs and Matrix is pre-installed. I don’t understand why other countries would rely on Signal (even if I like it and stuff).

      • sunzu2
        136 days ago

        Signal is a fine way to get this done quickly but yeah I don’t fucking understand why state actors are so fucking reluctant to run their own IT infrastructure.

        JFC you are a god damn country… set up a data center, fund some FOSS for what you need… hire some monkeys to run it for you.

        I am wondering if mega corp lobby is obstructing this. Generally when common sense solutions are not being implemented it is because there is some parasite obstructing it.

        • @[email protected]
          45 days ago

          Running and hosting your own it infrastructure with your own people is considered anti-competetive in sweden so thats not happening. Instead we’re paying external consultants hundreds of dollars per hour for doing anything it-related because that is more competitive and therefore automatically somehow.

          Better off using a working service instead than that bullshit, let’s just hope the servers stay up in a crisis…

          • sunzu2
            26 days ago

            Running and hosting your own it infrastructure with your own people is considered anti-competetive in sweden so thats not happening.

            You are right… Just hire microshit, an honest foreign mega corp

      • @[email protected]
        56 days ago

        Yeah, I don’t buy the argument that Försvarsmakten makes that they should use signal because most people already have it.

        Ok, this is for unclassified comms over phone, but to me it seems dumb to use the same app I use to talk with my friends about last night’s party to talk with my unit about (unclassified) military stuff.

        Försvarsmakten could easily spin up a distributed Matrix instance, and order all personel to use that for military stuff.

        I hope that this is just a stopgap order while they get a properly secured self-hosted solution.

        • @[email protected]English
          36 days ago

          Ok, this is for unclassified comms over phone, but to me it seems dumb to use the same app I use to talk with my friends about last night’s party to talk with my unit about (unclassified) military stuff.

          Spool up a military-only network, and when anyone sees that network is in use, they know it is military traffic. When everything is on the “last night’s party” network, they can’t tell the difference.

    • UlrichEnglish
      66 days ago

      They explained why in the OP

      The main reason for selecting Signal is that the application has widespread use among government agencies, industry, partners, allies, and other societal actors. Contributing factors include that Signal has undergone several independent external security reviews, with significant findings addressed. The security of Signal is therefore assumed to be sufficient to complicate the interception of calls and messages.

  • @FlmakerOPEnglish
    76 days ago

    British Soldiers told to stop using the Whatsapp and use Signal instead of WhatsApp for security

    George Grylls, Political Reporter Monday March 21 2022, 5.00pm GMT, The Times

    British soldiers have been told to stop using Whatsapp over fears that Russia is intercepting their messages BENOIT TESSIER/REUTERS

    British soldiers are being encouraged to use the Signal messaging app instead of WhatsApp, amid reports that Russian forces used insecure UK numbers to direct airstrikes in Ukraine.

    Signal has a higher level of encryption than WhatsApp.

    Military sources said that secure channels should be used to discuss sensitive matters but denied that the advice had been issued in response to security breaches resulting from the use of British phones in Ukraine.

    https://www.thetimes.com/article/soldiers-told-to-use-signal-instead-of-whatsapp-for-security-6pxh9z5cx

  • @[email protected]
    66 days ago

    Now we can be sure the Swedish Army is fully pro-democracy (United States flavored, of course!)

    I’m joking.

    Because remember, just because the Signal company and servers are in the United States, and the app build isn’t reproducible to F-Droid standards - that doesn’t necessarily mean that the US government is listening in!

    We actually might not be!

    I know we all wish our pro-democracy pro-oligopolist-capitalist Swedish allies a happy privacy-filled military communication network!

    • @[email protected]English
      86 days ago

      Lol, right?

      Here, let’s standardize on one system that’s centrally managed and opaque.

      🤦🏼

      A much better solution would be to host their own XMPP servers with encryption required (replicated around the world of course), and allowing only their own-compiled clients to connect, and add some other validation mechanisms (MFA, etc). Like initially requiring a physical presence registration of a device.

      Also run the app in a container, which has been available on Android since at least 2010 (my company was doing it then).

      Signal is alright for the average person, but it’s got it’s own weaknesses that are unacceptable for an organization like a business, or especially military.

      • @[email protected]
        25 days ago

        XMPP sounds nice and good until you actually take a moment to look at the client selection. For example: which encryption method will they be using, and which ones support that?

        How about multi-device? Calls?