Signal post-quantum cryptography (SPQR) broke my AI Agent
Signal post-quantum cryptography (SPQR) broke my AI Agent
I run a multiple AI agent on servers. They handle tasks that can involve sensitive data — browsing, file management, code, personal context. For a few months, I used Signal as the messaging bridge between my phone and the agent, via signal-cli. It worked well. Until it didn’t.
What happened with Signal
In early April 2026, Signal rolled out SPQR — a post-quantum cryptography upgrade to the Signal Protocol. As part of the enforcement, Signal’s servers began forcibly deregistering any account that didn’t advertise SPQR support. My agent ran signal-cli v0.13.24, which predates the change. One day, the WebSocket disconnected, and when it tried to reconnect, Signal’s server responded: “User is not registered.” The agent entered a crash loop.
This wasn’t a one-off. I re-registered the account (CAPTCHA, SMS verification, the whole process), and days later it happened again. The issue is tracked in AsamK/signal-cli#1993 — every signal-cli user running a version older than 0.14.1 was affected. Upgrading wasn’t an option either: the AI platform I use (OpenClaw) couldn’t receive messages on 0.14.x, and even users who did upgrade reported getting deregistered again within hours, along with aggressive rate limiting after as few as 10 messages.
The deeper problem is structural. Signal has no official bot API. All bot usage relies on reverse-engineering the client protocol, which Signal can break at will — and does, roughly every few months. There’s no stability guarantee for anything outside their official apps.
Why not Telegram or WhatsApp
The obvious alternatives people suggest are Telegram and WhatsApp. Both are non-starters for this use case.
Privacy. My agent can access files, browse the web, and execute commands on my behalf. The conversations I have with it are not casual chat — they can contain credentials, personal information, or business context. Telegram does not end-to-end encrypt regular chats or bot interactions. Messages sit on Telegram’s servers in plaintext. WhatsApp has some encryption, but it’s owned by Meta, and its bot API (via the Cloud API) routes messages through Meta’s infrastructure. Neither platform gives me confidence that my data stays mine.
Phone numbers. Both Telegram and WhatsApp require a phone number to create an account. An AI agent doesn’t have a phone number. With Signal, I had been using a dedicated number, but that introduced its own fragility — SMS verification, CAPTCHA challenges, and the constant risk of the number being rate-limited or banned. A proper solution shouldn’t require a phone number at all.
The move to Matrix
I ended up setting up a private Matrix homeserver using Tuwunel, a lightweight Rust implementation that uses about 30MB of RAM. It runs in a small LXC container on my Proxmox host, with TLS terminated at my OPNsense firewall via HAProxy.
The setup solves every problem I had:
- No phone number required. Registration is username-based. I created two accounts: one for me, one for the bot.
- Full privacy. The server is mine. No federation, no third parties. Messages never leave my infrastructure.
- No corporate gatekeeping. Nobody can deregister my account, force a protocol upgrade on a 3-week deadline, or rate-limit my conversations. I control the server, the clients, and the upgrade schedule.
- Mature bot ecosystem. OpenClaw has first-class Matrix support — auto-join, DM handling, the works. The Matrix client-server API is well-documented and stable.
- Works everywhere. I use Element on GrapheneOS (from F-Droid, no Google Play Services needed) and Element Desktop on my workstation. Since the server is behind HAProxy with a proper domain and TLS certificate, it works from anywhere — not just my home network.
The entire migration took about an hour. The Tuwunel binary is a single Rust executable, the configuration is a single TOML file, and the database is embedded (RocksDB — no external PostgreSQL or MySQL needed).
Takeaways
If you’re building or running AI agents that communicate over messaging platforms, consider what happens when the platform decides to break your integration. Signal is a great app for human-to-human communication, but it’s structurally hostile to programmatic use. Telegram and WhatsApp are easy but leak your data.
A self-hosted Matrix server gives me independence, privacy, and stability. For a personal agent, it’s not the only option but it does a great job, and keeps the entire infrastructure independent of any provider.