[MalPearce]

Well, that’s yet another reason why Signal is entirely inappropriate for this level of opsec chatter. Phone numbers are unvalidated. Names can be pseudonyms.

The approved apps should vet who goes onto the chat before they join. One of those apps automatically blocks unknown and unauthorized joiners for example. You cannot just loop in an unknown phone number without it warning you that it can’t verify the name or number.

If I join a certain type of chat, in a certain app, with a particular phone number, the host will see something like, “MP-J6-Cyber” (J6-Cyber being a NATO CCC code and function, not a reference to January 6th). In other words, they know I am someone with the right clearance who has a legitimate need to know.

If you set up a chat to discuss an ongoing military operation but cannot be sure that every attendant has the right to be there, you’re using the wrong app. End of story.

[A_perfect_lady]

Well, that’s yet another reason why Signal is entirely inappropriate for this level of opsec chatter. Phone numbers are unvalidated. Names can be pseudonyms. The approved apps should vet who goes onto the chat before they join. One of those apps automatically blocks unknown and unauthorized joiners for example. You cannot just loop in an unknown phone number without it warning you that it can’t verify the name or number.

Ah, I see. That's where the weakness lies. It's good in terms of encryption and privacy, but there's no bouncer at the door, so to speak. Okay, that makes sense. Thank you!