# Signal

> Source: https://fuckyc.org/services/signal/
> Website: https://signal.org/
> Categories: Messaging
> KYC: optional — Phone number historically required for registration; usernames are now supported for in-app discovery, but a phone or registration-token is still part of signup.
> Status: active
> Jurisdiction: United States (Signal Foundation, non-profit)
> Fiat on-ramp: no
> Payment methods: donation
> Founded: 2014
> Open source: yes
> Custodial: no
> Last verified: 2026-01-01

## Verdict

Signal has the strongest cryptography in mainstream messaging and the most invasive registration model — a real phone number. The username feature reduces in-app exposure of the number; it does not remove the number from registration. For threat models that exclude any phone-number-derived identifier, see SimpleX or Session.

## Strengths

- Reference end-to-end encryption protocol (Signal Protocol) — used by WhatsApp, Wire, others.
- Sealed Sender, private contact discovery, and other metadata-minimization measures shipped over years.
- 2024-era username support reduces phone-number exposure in-app, though signup still uses a number.

## Caveats

- Phone number registration is the dominant privacy caveat — it binds the account to a number, even if it isn't displayed to contacts.
- U.S. non-profit operator; servers in U.S.
- SMS-fallback removal (2022) removed a privacy footgun but also a feature.
- Facts need re-verification by operator (last seeded 2026-01).

---

## What Signal is

A non-profit-run end-to-end encrypted messenger with the most-audited E2E protocol in production.

## Threat-model fit

When E2E rigor is paramount and phone-number registration is tolerable.

## Sources

- [Signal blog](https://signal.org/blog/) — accessed 2026-01-01
- [Signal support](https://support.signal.org/) — accessed 2026-01-01