In the past few days… a lot has happened. Those events have encouraged a large number of people to download Signal.
Signal is developed by the Signal Foundation a 501(3)(c) non-profit which pays the core development team. Because it is a non-profit that means they’ll have no reason to add features weakening privacy or security for profit unlike Facebook appears to have done with WhatsApp.
Additionally, their apps for iOS and Android plus the Server they run which routes your messages are open source and developed publicly on Github. There is always the risk that Signal changes their apps before releasing them to the App Store and because they are open source it’s possible to build a running copy for you self to use instead.
The design of the protocol Signal uses tries to store as little as possible on their servers and route directly to other users avoiding their server where practical. Messages are designed to be verified, private, and plausibly deniable3.
The UI of Signal is similar to WhatsApp so it’s familiar to non-technical users. A key feature of Signal is bringing safe and easy encryption to the masses and they try to make things as easy to use as possible. Performing verification of other users is also simple and can be done either in person or via some other hard-to-fake communication method where you can be sure the other person is who you think it is (like video chat)4.
While Signal has been working to remove the need for a Phone number they currently still require one. Others will be notified when you join if they have your phone number in their contacts and already signed up with Signal. If it matters to you then I recommend paying for a burner phone somewhere and using that to create your account. It’s also possible to use Google Voice, Blur, or Twilio to get a virtual number too.
But that’s all you need. Besides your phone number signal will only have a copy of your Signal Contacts encrypted with the Pin you give it. This is part of the plan to allow non-phone-number accounts.
Now in November 2021 we’ve since learned that the changes to WhatsApp were much more boring UX changes being made to support businesses. Many people downloaded Signal and while some use it many continue to use WhatsApp including myself.
It’s a good thing that many were exposed to and learned about Signal because it shows people do want to have private communications.
In the end you should also download and use Signal.
They removed a line which expressly said the private key would never leave your device. Some people mentioned it was because of a business feature that allowed businesses to give their private key to Facebook in order manage messages for them. Regardless, it is concerning. ↩︎
This also does not help with all the previous issues of WhatsApp backing up messages without encryption leading to actual cases of messages that were encrypted when sent being revealed later. ↩︎
Plausible deniability (or OTR) means that messages you receive are fully verified to you, but could be faked . You can l ↩︎
Could the person you are talking to be faked? There exists technology to make convincing fake video streams, but they require a lot of videos of the person being faked to then be analyzed by a ton of computing power to create an uncanny version of them. Not to mention there is the question of voice (also could be faked similarly, meaning requires lots of recorded examples) and then simply what to say and how to say it. Plus it must be done in real-time so it can’t be edited… The odds of pulling this off are impossible. Those worth doing this to would have additional layers of security and those without those layers of security are not worth the effort needed to fake video chats like this.5 ↩︎
You could even argue… do you need to do the video chat? Are you worth hacking on signal? This is perfectly reasonable question and you may not really need to do verification. However, by verifying you make it impossible to trick either side into thinking you’re talking to the real person by simply sitting in the middle. Since it’s so little effort to verify the codes via Video, and also re-verify if someone gets a new phone without transferring their secret codes, that it makes it extremely difficult and expensive to break the trust established. ↩︎