Suche

Is Signal as privacy-friendly as advertised?

 

Story, security, privacy… here’s everything you need to know about Signal.

Signal: an almost unknown app…  

In January 2021, WhatsApp made the headlines of most of the world’s media as the instant messaging application announced that it was moving even closer to Facebook by sharing user data with its parent company.   

While this announcement had a disastrous effect on WhatsApp’s image, it benefited a previously unknown instant messaging application: Signal. According to the Sensory Tower Institute, the number of Signal downloads is estimated at 47 million worldwide between January 4 and 17.  

Signal: a story of convictions 

Signal

Signal’s founder, Moxie Marlinspike, at a TechCrunch event (September 2017).
Source: Steve Jennings/Getty Images for TechCrunch 

Created in 2014 by cryptographer Moxie Marlinspike, Signal enables secure communication through end-to-end data encryption.  

Self-taught, Moxie Marlinspike learned the nuts and bolts of computer science on his own. According to the Time, “he always had a distrust for authority, but Snowden’s leaks appeared to crystallize his views. In a post published on his blog in June 2013, which is no longer accessible online, Marlinspike wrote about the danger these new surveillance capabilities posed when exercised by a state that you could not trust […] It is possible to develop user-friendly technical solutions that would stymie this type of surveillance,” he wrote. 

If the young man insists on the technical possibility of these convictions, it is because he developed an end-to-end encryption protocol that guarantees the privacy of exchanged information between two people, called “Textsecure Protocol,” which later became “Signal Protocol”. Note that this protocol is available in open-source, in other words, accessible to everyone on the Internet.  

“In 2010 Marlinspike launched two apps—one for text messaging and another for phone calls—based on the protocol. In 2014 he merged them, and Signal was born,” continues the Time article.  

Signal: the app of geeks and activists 

Although his intentions were good–hearted, Moxie Marlinspike was struggling to make his app a success. Signal mainly attracted cybersecurity experts, a relatively small user base.  

Marlinspike then looked towards Brian Acton’s help, who is none other than the co-founder of WhatsApp. According to Time, “in 2016, with Facebook’s blessing, they worked to integrate the Signal Protocol into WhatsApp, encrypting billions of conversations globally. 

Marlinspike told Wired magazine, “The big win for us is when a billion people are using WhatsApp and they don’t even know it’s encrypted,” before adding: “At this point, I think we’ve already won the future”.  

As Facebook acquired WhatsApp, the disagreements between Brian Acton and the parent company multiplied. Acton left WhatsApp and invested part of his fortune in the Signal Foundation, more precisely, 50 million dollars. An investment that made the app “user-friendly,” i.e., pleasant and straightforward to use daily.  

Signal then gradually became the favorite application of journalists, whistleblowers, and activists from all countries. On Signal’s home page, a quote from Edward Snowden (a former NSA agent who denounced mass surveillance) is a testament to this.  

Signal

Quote from Edward Snowden. Source: signal.org/en.

Today, Brian Acton is the Executive President of the Signal Foundation, and Moxie Marlinspike is its co-founder. 

Signal: is user data confidential? 

Signal guarantees full encryption of shared messages, calls or media, and does not take any information except the user’s phone number required when creating the account. It is stored as metadata (information about specific data) and is not linked to the user.  

The messages are indecipherable and are only visible to the user himself and the recipient of the messages. “We can’t read your messages or listen to your calls, and no one else can either,” Signal publishes on its website.  

Signal’s encryption info can be found here: https://signal.org/docs/ 

Signal: is the data monetized? 

Signal operates on a specific business model. It began with the Open Technology Fund, a nonprofit organization funded by the U.S. Congress, which provides nearly $3 million in grants to Signal for countering censorship and surveillance. 

Even today, the app survives only thanks to donations. It writes on site: “Signal is an independent nonprofit. We’re not tied to any major tech companies, and we can never be acquired by one either. Development is supported by grants and donations from people like you.  

This feature allows the app to offer an experience without any advertising or tracking, as the website explains: “There are no ads, no affiliate marketers, and no creepy tracking in Signal”.  

Information verified within the Terms of Use of the application: “Signal is designed to never collect or store any sensitive information. Signal messages and calls cannot be accessed by us or other third parties because they are always end-to-end encrypted, private, and secure.  

In a Privacy Policy that does not exceed 500 words, Signal states on the data sent to the third party: “We work with third parties to provide some of our Services. For example, our Third-Party Providers send a verification code to your phone number when you register for our Services. These providers are bound by their Privacy Policies to safeguard that information”. 

Where is users’ data hosted? 

To date, it’s difficult to answer this question accurately. Signal’s most recent statements on the subject date back to May 2018 and suggest that Signal uses the Amazon Web Services cloud. 

Note that the hosted data is almost non-existent. As Forbes wrote in January 2021, Signal stores only “one item of metadata—your own phone number—and even that is not linked to your identity“.   

Signal

Comparison of user data by messaging apps, by Apple, reported in Forbes magazine, January 2021 

What does the future hold for Signal? 

In 2016, Moxie Marlinspike thought he had already “won the future”. In January 2021, its application was “at the numero uno position on the Play Store in the US, the UK, Germany, Lebanon, and France, among others. In other countries such as India, Brazil, and Singapore, the messaging service finds a spot in the top three,” writes Android Police

Use Signal

— Elon Musk (@elonmusk) January 7, 2021

 

Signal is now being praised by influential personalities, such as Tesla’s president Elon Musk, who tweeted “Use Signal” on January 7 and triggered more than 100,000 downloads between the night of January 7 and 8, according to Business Insider.  

May 15, 2021, will be the effective date of the new WhatsApp terms of use. Another date that could benefit Signal.  

Incident Response Hotline

Ein Cybersecurity Incident, bei dem Sie sofortige Hilfe benötigen?

Kontaktieren Sie unsere 24/7/365 Incident Response Hotline.