What is Signal?
Signal is primarily a secure and open source messaging app that replaces your Android phone or iPhone’s regular SMS app. Messages to and from other Signal users are sent over the internet and protected by very strong end-to-end encryption.
Use Tor. Use Signal. https://t.co/NSY36coKXJ
— Edward Snowden (@Snowden) December 13, 2017
Messages to and from non-Signal contacts are sent using regular SMS text messaging and are not secure. When sending an insecure text message you are warned that it is insecure and are encouraged to invite your contact to use Signal.
This setup ensures that Signal is seamless to use when sending text messages to both other Signal users and to non-users. Because it is designed to replace your regular SMS client, Signal requires that you register with a valid phone number. I will discuss this issue more a little later.
The beauty of this system is that Signal is almost transparent in use, which should make it easier to convince friends, family, and colleagues to use the app!
In addition to text and SMS messaging, Signal also supports secure voice (VoIP) and video calls between users. Although mainly a mobile app, a desktop version also exists.
Is Signal open source?
Open source software is software whose source code has been made publicly available by its copyright holder. This means that it can be independently audited for errors and to ensure that it isn’t doing something it shouldn’t. Signal was fully independently audited in 2016 and was found to be cryptographically secure.
With closed source code there is no way to know what the code is really doing, and so closed source code cannot be trusted to keep your communications secure. For this reason, you should only trust open source apps such as Signal to keep your communications secure and private. For further discussion on this subject please see Why Open Source is so Important.
Signal uses end-to-end encryption
All secure Signal messages are encrypted on your phone before being sent, and can only be decrypted by the intended recipient(s).
This removes the need to trust any third party to keep your data safe, and no third party can access the messages in transit. The only way for an adversary to access messages sent by Signal is if it has direct physical access to your or the recipient’s phone.
Even then, Signal includes the option to encrypt all stored messages, which make it impossible to access them unless the phone owner can somehow be coerced into revealing their passcode.
Just remember that messages sent to non-Signal users are not secure!
Is Signal Private Messenger secure?
Secure Signal messages are encrypted using the Signal Protocol, which is arguably the most secure text messaging protocol ever developed. It amalgamates the Extended Triple Diffie-Hellman (X3DH) key agreement protocol, Double Ratchet algorithm, pre-keys, and uses Curve25519, AES-256, and HMAC-SHA256 as cryptographic primitives.
A great breakdown of what all this means is available here, and as noted earlier, a formal audit has found the Signal protocol to be cryptographically sound.
As of March 2017, Signal’s voice and video calls are encrypted using the same Signal Protocol that secures text messages.
Additional security features
Messages and notifications can be locked with a passphrase, and you can opt to use an “incognito keyboard” that will not learn from your typing. Signal also features disappearing messages, which is similar to Snapchat’s defining feature.
Importantly, Signal provides a mechanism to verify the identity of your contacts. Each conversation has a unique safety number (fingerprint) which you can compare with other participants and mark as verified when you are sure of their identity.
Issues With Signal Private Messenger
The following design decisions by Signal have come under criticism, although Signal has gone a long towards answering them.
In order to seamlessly replace your phone’s SMS messenger with the Signal app, Signal uses real phone numbers to match up contacts. This is regarded by some as a privacy risk, who would prefer a system of contact discovery based on email addresses or anonymous usernames.
There are, however, two very strong mitigating factors in Signal’s favor on this issue:
- Signal cannot see your contacts, and your contact list cannot be accessed by anyone other than you.
- You can register using a disposable “burner” phone or SIM card. Once registered, the Signal app does not need to run on the phone it was registered with.
Google Play Services
Until last year Signal for Android was only available from the Google Play Store, and therefore required Google Play Services to run. Although Moxie Marlinspike robustly defended this decision, many considered it a major security issue as this proprietary software gives Google the ability to perform extensive low-level surveillance on users’ devices.
Signal still recommends that you download the app via the Google Play Store, but it is now also possible to download a Google-free .apk of Signal directly from the official website.
Does Signal Keep Metadata
The Signal Protocol does not prevent a company from retaining information about when and with whom users communicate. The only metadata information that Signal itself retains is “the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.” This claim has been proven in court.
Other companies that have incorporated the Signal Protocol into their products, however, may not have such a robust attitude to users’ privacy.
As with other high profile open source privacy projects such as LEAP (which is used to run RiseUp.net), WikiLeaks-alike GlobaLeaks (endorsed by Tor devs such as Jacob Applebaum), the Guardian Project (makers of ChatSecure and Orbot) , and the Tor Project itself, Signal’s parent company, Whisper Systems, receives generous financial assistance from US government funded agencies.
Many privacy activists and open source developers argue that good math is good math regardless of where the funding comes from, and that the funding necessary to develop secure systems is otherwise very hard to come by.
This question of funding has, however, led some to question the integrity of such claims. For an excellent discussion on this subject, please see Internet privacy, funded by spooks: A brief history of the BBG by Yasha Levine.
Despite these concerns (which affect almost all major open source security projects), Signal appears to be among the most secure applications currently available. You pays your money (or not in this case), and you takes your chances…
The baseband processor
Inside every mobile phone ever built is a proprietary closed-source chip called a baseband processor. Given the nature of what little is known about this closed source chip, there is every reason to believe it could allow mobile providers to bypass any encryption used by any app running on a mobile phone.
They could readily access all content on a phone in cleartext and in realtime by the simple expedient of accessing it at the point it becomes encrypted/decrypted.
Or at least that is the theory. No evidence of this actually happening has ever been reported. It should be stressed that none of this is Signal’s, fault, and is a potential flaw in all mobile security software.
It should also be stressed that an adversary using such methods to spy on smartphone users’ encrypted communications would have to be very powerful (e.g. the NSA), and would almost certainly have to specifically target a known individual’s phone (so no blanket spying).
In response to being blocked by Egypt in December 2016, Signal introduced domain fronting. This allows Signal users in certain countries to circumvent censorship by making it look like they are connecting to a different Internet-based service.
Domain fronting is currently enabled by default in Egypt, the UAE, Oman, and Qatar, so users in those countries can access Signal as normal.
Unfortunately, users in Iran are not so lucky. Signal’s domain fronting feature relies on the Google App Engine service which is not available in Iran due to Google’s compliance with US sanctions.
How to Use Signal
When you install Signal it replaces your default SMS messenger. By default all your old messages and message history are imported, and Signal makes use of your default dialler contact list.
In use it acts just like your regular SMS messenger when dealing with non-Signal users, except for displaying an option to invite them to Signal. As usual, SMs messages cost whenever your mobile provider and payment plan specify.
When you message other Signal users you are alerted to the fact, and messages are securely encrypted. You can also start a voice, video, or group chat with them. Secure Signal conversations are transmitted over the internet and (other than any bandwidth charges from your ISP or mobile provider that might apply) are free.
Other apps that use the Signal Protocol
Thanks to its formidable reputation for secure end-to-end encryption, a number of other high profile messaging apps now also use the Signal Protocol. This includes WhatsApp, Facebook Messenger, and Skype.
Broadly speaking this can be considered a major win for privacy, as it brings secure end-to-end encrypted messaging to millions of ordinary users who would not otherwise care about privacy issues.
Do please be aware, however, that although they use the same underlying Signal Protocol, these third party apps are not as secure or private as using the Signal app itself. This is because:
- These apps are closed source so there is no way to know for sure what they are doing. It is probably unlikely, but they could, for example, send a copy of your encryption keys back to Facebook or Microsoft.
- As already noted, although companies cannot know the contents of your communications when they are encrypted with the Signal protocol, they can collect metadata related to them (who, when, where). And let’s face it, Facebook (which also owns WhatsApp) and Microsoft are known to be anathema to privacy.
That said, you probably have a lot of friends who already use WhatsApp, Facebook Messenger and Skype, so are therefore more likely actually encrypt their messages using these apps…
Signal Private Messenger: Conclusion
Signal has revolutionized private chat by introducing highly secure open source end-to-end encrypted messaging that is as easy and seamless to use as sending regular SMS text messages. Its use of real phone numbers for contact discovery does concern some, but this is heavily mitigated against.
Quite simply, if you want secure private conversations, then there is no real competition to Signal.