After Signal controversy, do private conversations online exist anymore?

Every day, we place our trust in technology. Whether in the boardroom or the living room, technology has become the linchpin of security that protects our most sensitive and private information.

And more so than any time in our history, that goes for our conversations, too. Intimate discussions with our spouse or romantic partner. Collaboration with colleagues on a proprietary work product. Details of a health condition with medical providers. An inappropriate inside joke made between friends. 

The recent controversy surrounding the use of Signal by government officials raises a somewhat existential question: Is today’s technology so sophisticated we’ve made it impossible to have a truly private, 100% secure conversation anywhere online?

This controversy offers a timely and illustrative example of the vulnerabilities every time you have a conversation through a messaging app.

Fundamentally, how do we know the person we’re talking to at the other end of the device is who they say they are? We now know from recent reporting in The Guardian that National Security Advisor Michael Waltz mislabeled journalist Jeffrey Goldberg’s number in his phone. We’re all moving fast; it’s an innocent mistake we’ve all done at some point.

However, in this case, a single point of failure led to widespread compromise, embarrassing disclosures and the release of sensitive information that could have disrupted military operations and put peoples’ lives at risk.

Using an even wider lens, the incident was possible because the encrypted app relies on cell phone numbers as the common identifier. Phone numbers, email addresses, and other similar login credentials can be hacked or compromised. Bad actors — whether nation-states or criminal groups — are actively exploiting the technology we rely on to access our most personal information.

Artificial intelligence compounds the risks.

Consider the recent deepfake incident where a convincing AI-generated video mimicked a CFO’s voice, successfully deceiving an executive into authorizing a multimillion-dollar wire transfer. Creating such deepfakes no longer requires significant resources — accessible software can now realistically replicate identities from brief voice samples or public video clips. This ease of forgery turns everyday digital tools, especially group chats, into prime targets for AI-driven chaos.

No one is immune to these rising threats. This controversy laid bare how easy top government secrets can be inadvertently shared through unsecure conversations online. Across industries, from finance to technology, decisions that shape the world unfold in similar threads. Billions hinge on a message; strategies coalesce in a shared screen.

So back to the original question: Are we too far gone to ever have genuinely private, secure conversations again?

To reject this premise, we must reject aspects of conventional wisdom as well.

After all, it was not so long ago many of us made our computer login password, “password.”

Biometrics — face scans and fingerprints — ought to replace the brittle scaffolding of phone numbers and passwords. We’re seeing similar upgrades at airports around the country. 

Automatic two-factor authentication has proven to be insufficient, which means there must be some trusted way to verify people are who they say they are online. Our challenge in this new age of digital security is how do we translate trust offline — trust built primarily on personal relationships — into a completely secure online forum.

The messaging apps, email systems and communications platforms being used by 99% of this country right now have not yet solved this challenge.

But if the incident had one glaring takeaway, it’s this: finding that solution should be an urgent priority.

The breakthroughs that new tech makes possible in our everyday lives are remarkable, from how to travel, to how we consume information, to how we stay healthy. Ignoring the equally remarkable risks that those same breakthroughs present cannot be an option.

We cannot await the inevitable. All of us must confront the inadequacy of the digital rooms where our conversations and the decisions that affect us reside. Only then, when asked if a private conversation happening online is truly private, can we respond with a confident, unwavering, clear-eyed, and resounding “YES.”

Ari Andersen is the co-founder and CEO of Kibu, a biometrics-based encrypted communications and collaboration platform.