Signal Is Finally Bringing Its Secure Messaging To the Masses

An anonymous reader quotes a report from Wired: [Cryptographer and coder known as Moxie Marlinspike] has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for -- not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years -- thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream. That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton had grown disaffected with what he saw as Facebook's attempts to erode WhatsApp's privacy.

Since then, Marlinspike's nonprofit has put Acton's millions -- and his experience building an app with billions of users -- to work. After years of scraping by with just three overworked full-time staffers, the Signal Foundation now has 20 employees. For years a bare-bones texting and calling app, Signal has increasingly become a fully featured, mainstream communications platform. With its new coding muscle, it has rolled out features at a breakneck speed: In just the last three months, Signal has added support for iPad, ephemeral images and video designed to disappear after a single viewing, downloadable customizable "stickers," and emoji reactions. More significantly, it announced plans to roll out a new system for group messaging, and an experimental method for storing encrypted contacts in the cloud. Many of those features might sound trivial. They certainly aren't the sort that appealed to Signal's earliest core users. Instead, they're what Acton calls "enrichment features." They're designed to attract normal people who want a messaging app as multifunctional as WhatsApp, iMessage, or Facebook Messenger but still value Signal's widely trusted security and the fact that it collects virtually no user data. Wired explains how adding simple-sounding enhancements can require significant feats of security engineering to fit within Signal's privacy constraints. Adding downloadable customizable stickers, for example, "required designing a system where every sticker 'pack' is encrypted with a 'pack key,'" reports Wired. "That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decrypted stickers or even identify the Signal user who created or sent them."

For Signal's new group messaging, Signal partnered with Microsoft Research to invent a novel form of "anonymous credentials" that let a server gatekeep who belongs in a group, but without ever learning the members' identities.

Yet still can't import vCards

[EmagGeek]

Signal still, in 2020, doesn't know what the fuck to do with received vCards.

Re:

[OrangeTide]

"modern" programmers don't know what to do with files that aren't in JSON/YAML.

The masses?

[fred911]

You can lead them to water. You can't make them drink.
Academically vetted open source math that takes computers
significant time to brute force, and is easy for Joe SixPac?

Who's going to pay the price of the defense [or loss of freedom ala Zimmerman] if adopted by the masses..

Encrypted stickers

[atisss]

Why would you ever want to encrypt stickers?

While I agree that building strong encryption into base system is good, and having stickers is good - it is simply not worth the development effort to encrypt stickers.

Compared to Telegram - they have strong 1-on-1 encryption, while groups are only device to server encrypted, i wish for something intermediate to exist - group encryption, while having authorized (encrypted) bot API should be better work direction.
Also don't underestimate the look and feel of native client. Much better to focus development on having native lightweight client (again, look at Telegram, it's amazing) - and you will get large userbase, even without having encrypted stickers.

Re:

[aaarrrgggh]

For me, once they had an iPad app that allowed you to share your account between the phone and tablet it was perfect. Anything more at this point is icing on the cake.

Surprised there isn’t more uptake though; my side of the family is pretty well hooked into it, but my wife’s side seems to resist it. I guess the facebook integration is worth something to some people...

Re:

[AmiMoJo]

I looked at Telegram but it needed a phone number to sign up, which is a big no-no. Signal can be used anonymously.

The main issue I have with Signal is that the client is extremely bloated. Telegram doesn't look much better.

Re:

[Bradmont]

I looked at Telegram but it needed a phone number to sign up, which is a big no-no. Signal can be used anonymously.

Wait, since when? Signal always used a phone number for identity, has this changed?

Re:

[AmiMoJo]

Ah, you are right, sorry. My mistake. Now I'm wondering what I signed up for without a phone number... Discord maybe.

Re:

[gbjbaanb]

possibly Wickr.

I'm really disappointed at the secure,. encrypted, privacy-oriented messaging apps that all then demand you sign up with your real-world, real-identifiable phone number.

Signal and the others like Telegram are a failure until they can remove this need for private information from the user.

Re:

[atisss]

It's just a login id, get a throwaway number if you need more security. You can use it without revealing your number to anyone

Re:

[atisss]

On the opposite, telegram client is not bloated, it is one of the few apps that i find is done right, and very lightweight. Even linux desktop version.
As for phone number - it's only used as login id (unless you intentionally share it with someone), you can use it for years, without anyone knowing your phone number. Also, it is not intended to replace signal, or be more secure, it's designed with reasonable security for the masses. And as comment below says - you still need phone number for signal

Re:

[angel'o'sphere]

Why would you ever want to encrypt stickers?
Because they contain messages.
If I sent my GF a waving bear looking out of the window of an air plane, she knows I'm about to lift off and go into flight mode.

No one else really needs to know that ...

Old geezer here.

[fredrated]

What are 'stickers' ? There important enough to need an encrypted key?

Re:Old geezer here.

[kwalker]

Think of them as bitmapped emoji. Rather than the usual single-character icons, those get turned into larger (Sometimes animated) graphics. They're generally used by themselves, rather than in the middle of sentences.

There isn't a specific need for them to be encrypted, but Signal wants to know as little as possible about you (So they can't tell anyone else, even under subpoena or threat of a beating). So they have to encrypt everything, even things like stickers.

Re:Old geezer here.

[Opportunist]

That sounds like a known-plaintext attack waiting to happen...

Re:

[jungletek]

>what more is there to know?

How modern encryption actually works?

Re:

[arglebargle_xiv]

They're apparently most of what's been added to Signal with the $50M in order to make it "more accessible". Animated emojis, stickers, dancing bunnies, and in the future cute animal noises and other kawaii bling. Apart from that, Signal now is pretty much the same as Signal several years ago.

Seriously, see if you can find a copy from several years ago and, excluding the bling, try and spot what's been added. It's just going the way of Skype now, but with more kawaii.

Re:

[JaredOfEuropa]

Why would Signal need to be anything more than it was a few years ago? Groups are useful, but I mostly use Signal to send simple text messages (perhaps with a photo attachment) to friends and colleagues. And it works well enough for that (on iOS)

control... can anyone setup a signal server ?

[johnjones]

they have control.... they can compromise the group chat, prevent key upgrades/downgrades

use a peer to peer system such as... EMAIL

we are DONE

Re:control... can anyone setup a signal server ?

[fred911]

'use a peer to peer system such as... EMAIL'

Because we all grok how secure SMTP is. It's more secure than a postcard, right?

Re:

[kwalker]

Do you run your own email server? Does EVERYONE on your group mailing list run their own email server? Then someone can compromise your group communications.

Yeah, you could use PGP but no one does (Sadly). I've gotten my computer-illiterate parents and in-laws to use Signal.

Re:

[jon3k]

I have to agree, I don't know why I should trust Signal? Signal makes the claim that no one (even they) can read your messages, but how can I trust that as someone who installs their iOS app on my phone?

Re:

[kwalker]

Well, first off, you're using a locked-down platform from Apple, so you have to trust Apple. Seond, I believe Apple doesn't allow duplicate app names on their iTunes store. However if they do, be sure to get the one from Open Whisper Systems. Finally, if you really want to, you can browse the source code [github.com]. Though you can't compile and install it yourself.

Re:

[jon3k]

Though you can't compile and install it yourself.

That's really the crux of it. I do trust Apple. Not absolutely, but enough to think they wouldn't put a back door in an application developed by a third party. But what I have no way of knowing is whether or not the Signal app that is uploaded to the App Store contains any backdoor, whether intentional or via compromise from a government agency.

Useless

[ubergeek65536]

Let me know when it works without requiring my phone number.

Re:Useless

[Kjella]

They could do that, but it'd take away the mass market ease of use. As long as you have your phone number you can reset the encryption key, your contact list will be notified but it's working around the fact that most people don't backup (or backup to the cloud) and it's a easy way to discover/recruit users. I did look into replacing the phone number with GPG keys, but the main issue was that the server was unfriendly to get running and required AWS buckets and whatnot, it was not designed to run isolated in a VM and clearly Signal expects to be running that part of the system. That plus you'd have to replace the SMS parts but those could be replaced by URL/QR generators for self-distribution.

It was all doable but way more work than I wanted to put into it, it'd be an entirely incompatible network and in the end maybe people still wouldn't use it because a malicious server could collect some metadata despite the end-to-end encryption - the open source code didn't have any metadata logging but of course nobody would know if you added some since it'd run server side. If you are that paranoid the client-server paradigm maybe isn't right for you, even when it's just a broker between end-to-end encrypted clients. Then something like Ricochet refresh [ricochetrefresh.net] or cwtch.im [cwtch.im] or GPG email over TOR is more appropriate.

Re:

[thesupraman]

The issue however is that I therefore cannot use it on ANYTHING BUT A NETWORK CONNECTED PHONE.

I have, for example, 3 old android phones. I would love to set these up with Signal accounts to use for a number of applications where a small group need to talk, however I cannot.
I also have 2 android tablets, same situation, how do I set up an account on those?

On windows I can link to a phone account, but it MUST connnect to a phone.

Please PLEASE realise that the 'auto find out friends phones' feature is nice FOR

Re:

[atisss]

I suggest trying telegram. While it asks for phone number, that is just unique login id, and you have option to not share it. Security for groups is not on same level with Signal, but for personal messages you can use end to end encryption, and it's easy to use

Re:

[antdude]

Ditto. People tell me to get it, but then I asked why it needs my phone number when I don't use my phone?

Re:

[infolation]

Signal's roadmap said it would look at using non-phone-number identifiers since 2014. [github.com]

But back in 2014, the number of countries with mandatory SIM registration laws was tiny. Now there are only 34 countries [privacyinternational.org] in the world that don't have mandatory SIM card registration laws (see below).

Gone are the days where you could walk into a corner shop and pick up an anonymous SIM. The phone number requirement is like handing over a passport.

The following countries do not have mandatory SIM card registration la

Re:

[spth]

And that lists looks longer than reality:

In those countries, registration is not required by law. Still, e.g. in Ireland, nearly all phone providers still require it.

Re:

[amorsen]

In the UK, you can buy SIM-cards from vending machines at the airport.

https://www.traveltomtom.net/d... [traveltomtom.net]

Re:

[Nocturrne]

In China, midget hitler requires everyone to register SIM cards with their CCP ID and real name. Signal works in China, but nobody wants to use it, sadly. If they want to make a difference, they need to make it work anonymously in China.

Re:

[JaredOfEuropa]

Don't care, I just want the contents of my messages to be encrypted end to end. Alternative identifiers would be useful for the really paranoid, but using phone numbers helps you discover other people in your contact list who are using Signal. When I installed it a while ago, I was happy to see a few friends already using it. And those friends noticed that I installed the app as well. Some people might not want that information to be shared, even if it remains visible between people on your contact list

Re:Terrorists everywhere are rejoicing

[Opportunist]

The price of freedom is that some assholes will abuse it. The alternative is giving up your freedom.

Besides, do you really think terrorists need signal to communicate? It's not like someone willing to blow himself up gives a shit about you knowing that it was him.

Re:

[Anonymous Coward]

They do if they don't want to get stopped before committing the deed. They send grunts to blow themselves up while they maintain a command structure. Thinking terrorists don't have a need or desire for encryption just shows a lack of imagination - there are more forms of terrorism than just suicide bombing, and there are reasons for terrorists to want their communications encrypted.

Don't take my contrary points to mean I'm arguing against privacy. Incidentally I feel the same way about the freedom to own gu

Re:Terrorists everywhere are rejoicing

[Mr. Dollar Ton]

You are a "terrorist" only after you start to implement your terror plan for real. Before that you're only committing a thought-crime.

Luckily, implementing a terror plan tends to leave evidence. It is that evidence that allows the law enforcement to discover and thwart the plan.

Re: Terrorists everywhere are rejoicing

[astrofurter]

OMG tewwawists!!! President Boosh said they hate us for our freedom. So quick, let's give up all our freedoms!!

Re:

[mark_reh]

About a week ago there was a story about how the CIA and German intelligence partnered on a company that made encryption equipment used by governments around the world. They were able to decrypt almost all messages for decades.

Why wouldn't anyone think that Signal isn't a similarly compromised system?

Encrypted communications is not available because

[Anonymous Coward]

The US government insists on having decryption enabled. They blocked PGP for years, they crippled SSL with short keys, they built the Clipper Chip and forbade it when they found people could use genuinely private keys, they tried Trusted Computing with Microsoft holding everyone's private keys in escrow and got it mostly shitcanned when it was discovered as being utterly vulnerable to tapping video or data output inside a virtual machine, and the list goes on.

Linux client

[JThundley]

Define available. The Linux .deb hasn't been updated for weeks. A recent bug means that you can only read messages in the Linux signal app, but all messages you try to send immediately fail. It's depressing how much better it works on Windows at the moment.

Re:

[itchi]

My flatpak is version 1.31.0 same as Windows and it's working perfectly.

Re:

[Bradmont]

Is it still an electron app? I just can't justify running a whole browser instance for one application but if it's a real native app I'll install it in a heartbeat (I use signal constantly on the phone)

Re:

[JThundley]

It's an electron app. Taking up 165M in Windows right now. I heard at some point they were going to release a web version, I really wish they had.

Re:

[JThundley]

I've never used flatpak before. Did you get it from Flathub? Looks like the dev uploads there, eh? Do these stay up to date? Signal runs an apt repo for Signal, I wish they'd just update their own official source. I don't like the idea of flatpaks or snaps, but I already do have some snaps on my system.

Still tied to a unique tracking identifier...

[Anonymous Coward]

So that lovely entities like facebook can harvest your social relations and feed you to advertisers, governments, or other hostile entities eager to leverage them against you.

Tying it to a phone number and proprietary software makes it completely useless for protecting your privacy and securing your communications. Which is just what they want: the masses lulled into a false sense of security, and the ability to compel installation of back doors with a mere software update.

All personal communication should be peer to peer, through an anonymizing network, with identities essentially being public keys. The association of those with people is no one else's business, and should remain confined to your address book. Which is already common sense in a way: would you publish your address book online? Of course not, yet that is exactly what people are doing without knowing it.

Neither useless nor proprietary

[virtig01]

Tying it to a phone number and proprietary software makes it completely useless for protecting your privacy and securing your communications.

Centralized maybe, but not proprietary [github.com].

Re: DATA ENCRYPTION PROBLEM

[mr.morbo]

You post this same drivel in every thread. At least you consistently use the same handle. Not sure if you are serious, a troll or a government shill.

Your drivel is an opinion, or at least that of your handler. You or they are entitled to it but you're still wrong.

Privacy is fundamental. Without privacy there isn't freedom. Whether that's privacy from your community or privacy from the government. Everybody does things in private which they would never do if they thought people were watching. Many of those t

The app seems really creepy/slimy?

[Pygmy Marmoset]

I installed it (android), put in my phone number and real name, but denied access to my contacts. A friend (who has my phone number and name in their contacts) got a message saying that I had joined signal.

Does this mean that signal sends your phone number and/or name out to every single signal user to see if there is a match?

Doesn't seem like something that says they are about privacy should be done.

Re:

[NateFromMich]

Doesn't seem like something that says they are about privacy should be done.

But that is exactly what you'd expect from something that's pretending to care about security.

Re: The app seems really creepy/slimy?

[BAReFO0t]

... and something that actually does.

So no, it is not an indicator of untrustworthiness. It merely means it's not a useful indicator at all.

Remember: Knowledge is ternary logic. (Or rather, dual binary... or dual gradient.)
It is not "I know it is bad" OR "I know it is good.".
It is "I know it is good/bad" and "I don't know if it is good/bad".
(Or rather "I am X certain that it is Y on the good/bad scale... in this context.")

Re:

[virtig01]

It means your friend (and probably most people) allow access to their contacts, and they already had you and your contact information in plain text on their servers, because they collect all that information and store it without your permission.

Signal doesn't store contact lists on their servers [signal.org].

This FAQ seems to answer how it works:

[BAReFO0t]

https://support.signal.org/hc/... [signal.org]

Here's the meat:

Signal periodically sends truncated cryptographically hashed phone numbers for contact discovery. Names are never transmitted, and the information is not stored on the servers. The server responds with the contacts that are Signal users and then immediately discards this information. Your phone now knows which of your contacts is a Signal user and notifies you if your contact just started using Signal.

I don't see, how that doesn't still allow a man in the middle or on the server, to create a social graph of the hashes.
Even if they don't have the phone numbers associated to them, it makes that association easier IMHO.

I've learned to not underestimate Moxie though.

Re: This FAQ seems to answer how it works:

[BAReFO0t]

The problem lies in communication.
He doesn't exactly have much social skills.

You might say who cares, since all that matters is that he's good at what he does.
But it's equivalent to ... You can be the best inventor in the world... if you can't sell yourself well, that means fuck-all.

It's important do do it right,
but it's equall important that people actually can see you're doing it right.

It just looks bad, I agree. But it isn't.

[BAReFO0t]

No, it doesn't. It merely uses hashes generated on the device.

I remember reading how they thought about that you can still generate a social graph from the hashes alone, and their solution twarts that, but I don't remember how. Anyone know the details?

Don't underestimate Moxie though.
I may only be presented and sold in a way that looks bad. Which is a bug too, as it hampers adoption, even if not compromising safety.

Re:

[Actually, I do RTFA]

Does your friend have Signal installed and did your friend allow access their contact list? Because if I did that, I would expect Signal to keep an ear out for "Phone Number X just registered" events and notify me. Signal has a server your registered with, right? And that server knows about all the people who registered? And anyone who vouchsafed information about their friends to Signal?

Re:

[angel'o'sphere]

No, it means that he allowed Signal to access his contacts from which you are a member.

Re: That explains the uptick in unpatched crashes

[BAReFO0t]

Interesting. I didn't have a single crash yet. (Just to add my data point.)
Are you using the beta?

I too, am not that sure that Moxie is able to check all those external patches for underhanded backdoors [underhanded-c.org] and such.
What I am sure of, though, is that the NSA, CIA, FSB, Mossad, etc, got entire deparments dedicated to nothing but injecting underhanded backdoors in open and closed source software; tough probably preferably compilers.

Adding it to WhatsApp was security theater only.

[BAReFO0t]

Like an Allied base having a Gestapo "assistant" that relays messages for them using a super-secure tunnel, to another Gestapo "assistant" at another Allied base.
Who the fuck cares if the tunnel is secure, if the end points aren't secure?

Signal's security makes a lot of features harder

[Octorian]

What I think is most notable about this article is that they go out of their way to point out how its significantly more difficult to roll out all these "user nicety" features everyone expects, when you live in a world where you can't just "let the server know everything" (like many other apps people often compare it with).

vs. telegram ?

[Tom]

How does it compare to Telegram, which seems to be a lot more popular?

I stopped following the secure messaging apps a while ago, because they seemed to be going nowhere by user count, but it seems they've picked up a bit. Most people I met last year who asked for my WhatsApp were happy with Telegram instead.

Re:

[sad_]

telegram's backend is not open, signal is open source all the way - both client & server.

Why I left Signal

[Maelwryth]

Having got at least four or five members of my family to start using Signal i ended up leaving it a year later. This was because Signal, quite rightly from a sec perspective, strips much of the metadata out of photos. Unfortunately, from a user perspective all those photos now looked like the were taken on the day I downloaded them.