Signalling virtue

Dear Reader,

Can I encourage you to try something today? Go to Signal.org and get hold of the Signal messaging app, and/or go to your app store and download Signal for your phone. And while it’s downloading, come back here and I’ll tell you why I’ve become so fond of it, and why you might actually want another messaging app.

To put it in a nutshell, Signal is like WhatsApp but without selling your soul. Imagine what a good time Faust would have had without that awkward business with the Devil, and you get the idea. Well, OK… you don’t quite have to sell your soul to Facebook to use WhatsApp, but you do have give away your privacy, your friends’ privacy, endure a lot of advertising, and so forth. (More info in an earlier post.)

For Apple users, Signal is rather like Messages, which I also like and use a lot, but you can use Signal with your non-Apple friends too, on all of your, and all of their, devices.

Signal:

  • is well-designed and nice to use.
  • runs on iOS, Android, Windows, Mac, Linux, tablets, desktop and mobile.
  • uses proper end-to-end encrypted communications, unlike some alternatives such as Telegram.
  • is Open Source, so if you doubt any aspect of it, you can go and see how it works.
  • is free: supported by grants and donations. No advertisements.
  • allows most of the interactions you expect on a modern messaging service: group chats, sharing files and images, audio and video chat, etc.

Now, of course, it has the problem that all networks initially have: what happens if none of my friends are on it? And yes, that can be an issue, but it’s becoming less so. When I first signed up, I think I knew about three other users. Now, over 100 of my contacts are there, and more arrive every week. When I see them pop up, I send them a quick hello message just to welcome them and let them know I’m here too. It’s a bit like wondering if you’re at the wrong party because you know so few people here, and then over time more and more of your friends walk through the door.

How do you find them? Well, like WhatsApp, Signal works on phone numbers, and when you sign up you have the option to let it scan your contacts list and see if any of them are on Signal too. Unlike Facebook/WhatsApp, however, your contacts’ details aren’t transmitted to the company’s servers and used to build the kind of personal profiles that FB keeps even on people who aren’t members.

Signal instead encrypts (hashes) the phone numbers in your contacts, truncates the encrypted form so it can’t be used to match the full phone number, sends those truncated versions to their servers, and if it finds matches for any truncated other account numbers it sends the encrypted possible matches back to you for your app to check. Security experts will realise that this isn’t perfect either, but it’s so much better than most of the alternatives that you can be much more comfortable doing it. Here’s a page talking about it with a link to more detailed technical descriptions about how they’re trying to make it even more secure. And here’s the source code for all their software in case you don’t trust what they say and want to check it out for yourself.

So in recent months, if I’ve wanted to set up group chat sessions to discuss the care of an elderly relative, or plan a boating holiday with friends, or discuss software development with colleagues in another timezone, I tell people that I disconnected from Facebook a few years back so I don’t do WhatsApp, but have you tried Signal? It’s pretty much the same, with all the bad bits taken out, and works much better on the desktop and on tablets, in my now-rather-dated experience, than WhatsApp ever did.

So give it a try, and if you find that not many friends are there, don’t delete it. Just wait a bit… and tell all your friends about this post, of course!

Enjoyed this post? Why not sign up to receive Status-Q in your inbox?

4 Comments

Whilst Signal seems to have a lot of brain share these last couple of years, I’d encourage you to take a bit more of a closer look, especially from an Open Source and Security perspective.

I have some concerns about it which mean that it’s hard to switch from Whatsapp.
Switching is the key: if I was choosing from scratch, I’d probably choose it, but the benefit isn’t enough to justify the costs.

Firstly (and unlike you) I have a Facebook account, although I don’t use it very much.
This means that I already have a relationship with that company and Whatsapp doesn’t really add much risk to that. Having a new relationship with a new company (especially one that has proven to be untrustworthy on a number of occasions) is another risk in the threat model.

Given that Signal is all about “security”, that argument about risk and threat model is important.

Moreover, the licensing situation is grim.

It claims all the open source credentials but doesn’t deliver. It’s not possible to ship a modified copy of the code that can join the main Signal network and it’s not possible to audit the code that runs on your device. ( See https://www.jwz.org/blog/2021/04/signal-hops-on-the-dunning-krugerrand-bandwagon/ and https://www.jwz.org/blog/2018/08/signal/ )

It’s also marketed as a “secure” option but security is not their first priority. Being a social network and “growth at any cost” is their number one priority and this is not compatible with the possibility of being significantly more secure than Whatsapp in the real world. ( https://www.jwz.org/blog/2017/03/signal-leaks-your-phone-number-to-everyone-in-your-contacts/ )

Finally, if you run a non-default keyboard (IME on Android – Input Method Editor) (and possibly even if you run the default one), it can’t possibly offer any of the security guarantees it claims to. This is less of a problem for those of us who use the Roman alphabet, but is a major weakness in, for example, Asian countries. ( See https://twitter.com/RealSexyCyborg/status/1197695368105824256 )

Now, lots of the security problems can’t be fixed in any messenger because of the underlying mobile platforms. However, as Signal is marketed as the “Secure” option it is up to Signal to explain these issues transparently to users, and they don’t. Not only that, they try to deny that they exist. ( See https://twitter.com/RealSexyCyborg/status/1198220333376892928 and my comment at the time https://twitter.com/databasescaling/status/1198255453739900928 “From the users’ perspective, security is a system thing, not a component thing. If something doesn’t work securely in intended and reasonable use-cases then it’s not secure. End of story. Signal are making a strong claim, therefore this use is not unreasonable. => it’s insecure.” )

If you treat Signal as simply any other messaging option, everything’s fine. But if you try to rely too much on its security properties then you’re probably not doing yourself any favours.

I think you’ve said it before, but the reason that the market for these apps exists in the first place is that Android phones don’t have the unified messaging experience of the IOS ones.

    Thanks Andy; much of that may be true, though it does seem that JWZ (whose blog posts you link to) has a chip on his shoulder here. He made claims (many years ago) that Signal repeatedly denied and he had only anecdotal evidence to back it up, where they had the source code to prove it. (And they certainly used to have a way that you could audit the code running on your phone to check it matched their published version.). And some of his complaints have been addressed in the intervening years.

    I agree that it’s not perfect, especially if absolute secrecy is your aim. Those who want that probably shouldn’t run Android either. 🙂 If you can’t trust your keyboard, it’s a bit rough to blame the app.

    And for most people, I’m not sure that there’s a better cross-platform option? At least not one that’s readily usable?

    Things based on Matrix, for example, are better on the Open Source front, but not on security, and I doubt any non-geeks would want to use them at present. 🙂

I’m not sure that replacing one centralised closed solution by another centralised semi-closed solution is a good idea.

I advocate for matrix wherever I go. Yes, it leaks some metadata but it’s not as bad given its decentralised nature. Otherwise it’s as secure as Signal is.

    Well, I’m not worried about centralisation per se so much as what they keep at the centre!

    I agree though that Matrix is a more appealing underlying architecture, but the last time I looked at it the clients were pretty dire; the kind of software you have to be a real OSS enthusiast to want to use! I should take another look and see if they’ve improved and are easy for normal users.

    In the meantime, I stick to my assertion that moving from WhatsApp to Signal is a very significant move in the right direction, and one that non-geeks can enjoy doing 🙂

Got Something To Say:

Your email address will not be published.

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

*

© Copyright Quentin Stafford-Fraser