Signal has the reputation of being the most private messaging app. However, some of their decisions were controversial. Is Signal still safe?
First, you need to understand the line between cryptography and implementation. Cryptography is basically mathematics. Implementation is the application of cryptography in the form of computer programming code. Another way to look at this is the difference between theory and practice. You can think of cryptography as the theory and implementation as the practice.
The Signal protocol is the cryptography behind the Signal messaging app. The Signal protocol is safe. In fact, it is the gold standard in which other messaging apps implement: WhatsApp, Skype, Google’s RCS and even Facebook Messenger.
The controversies emanate from the implementation of the Signal protocol on the Signal messaging app. Here are some of them:
Use of phone numbers
Signal messaging app (and WhatsApp as well) uses phone numbers as the user account ID. To sign up for Signal, you need to provide a phone number.
Some people are not comfortable with that because phone numbers are not anonymous. In most countries, you cannot obtain a mobile phone number anonymously. Every mobile phone number must be verified with an identity check. Even if an identity check is not required (in the US, I believe), you need to supply contact information like email addresses. Once you supply your email address, your anonymity is as good as your anonymity to the email service provider. Furthermore, to activate your Signal message app account, it needs to send you a text message (or call you), which means you need to switch on your mobile phone. Once you switch on your mobile phone (to receive the text message), it will communicate with telecommunication radio towers, which can be used to work out your physical location.
Syncing of user social graph to Signal’s server
Ideally, messaging apps should not upload any of your contacts’ phone numbers into their servers. If the messaging app’s server does not have your contacts’ phone numbers, then it cannot work out your social graph. That’s the controversy with WhatsApp.
Now, let’s suppose Signal allows you to sign up using a user name that you come up with, instead of your phone number. And let’s say you have built up your social graph of user names in the app over time. Since you cannot store your contacts’ Signal user names in your device’s address book (as a dedicated entry field), then your social graph will be lost if you lose your device, reinstall the app or get a new device.
The most private way to solve this problem is to encrypt your social graph in your device before sending it to the cloud (messaging app’s server) for safe-keeping. The question is, which encryption key should you use to encrypt your social graph? Using the same key (that is used to encrypt your messages) is not an option because if you lose your device or get a new one, the key will be lost. If the key is lost, then you will not be able to decrypt your social graph on your new device. Therefore, the only solution is to derive the key from a password that you specifically come up with for this purpose.
The problem with this solution is that all of us already have too many passwords to remember. If you forget your password, you will lose your social graph. So, most people will come up with easy-to-remember passwords that will be extremely weak cryptographically.
Signal had a unique solution to this problem. To understand this solution, take a look at your ATM PIN. It consists of a 4-6 digit number. Your ATM PIN is extremely weak cryptographically. But that is not a problem because if you enter your ATM PIN incorrectly a certain number of times, the ATM machine will swallow your ATM card. In the same way, Signal implemented a mechanism whereby your Signal PIN is required to access the cryptographic secret necessary for decrypting your social graph (the cryptographic secret, in conjunction with your Signal PIN, is used to encrypt your social graph). The cryptographic secret is stored in a special security computer (called the “SGX“) within Intel’s CPU that even Signal cannot hack. The important point to understand is that if you supply your Signal PIN incorrectly, the SGX will not release the cryptographic secret. If you supply your Signal PIN incorrectly too many times, the SGX will lock you out of that cryptographic secret. You can read up the details of how Signal implement this here.
To the cybersecurity purists, this feature is unacceptable- no user information should be sent to any servers. Period. However, if you still want to use Signal, make sure your Signal PIN is cryptographically secure- use the alpha-numeric option to enter a long and random text like this:
Signal becomes closed source?
Then there’s the charge that Signal is no longer an open-sourced software. This is not entirely true. Only a certain part of their server software is proprietary. The app itself is still open-sourced. This has something to do with combatting spam. Signal has written an article explaining why combatting spam requires certain parts of their server software to be closed-source. If you have no time to read the article, below is my summary…
In traditional email spam-fighting, spam filters require insights into the content of email messages to learn how to recognise spam (using AI machine learning). However, Signal is designed to keep the content of your messages private, such that even Signal themselves cannot read your messages. As a result, traditional spam filtering techniques using AI machine learning is not available to Signal. To detect spam, they require insights into the behaviour of spammers. Signal’s servers are designed to analyse behaviours to decide whether a message is a spam or not. But if spammers have insights into what types of behaviour are considered suspicious by Signal, then they can modify their behaviour to defeat Signal’s spam detection. That is the reason why Signal decides to close the source codes of that part of their server.
To the cybersecurity purist, everything must be open-sourced. Period.
What is the link between WhatsApp and Signal?
In 2017, Brian Acton left WhatsApp to co-found a new foundation, the Signal Foundation, the organisation behind the Signal messaging app. Some people are not comfortable with that.
Since Signal is free, are you the product?
Signal messaging app is free. But does it mean their users are their product?
Signal is not really a business. It is structured as a non-profit organisation. It relies on donations to fund its operations and services.
Signal’s cryptocurrency feature
Recently, Signal added a cryptocurrency feature into their app. Users can send and receive Mobile Coin cryptocurrency payments via the Signal message app.
This move is controversial.
Contrary to popular belief, BitCoin is not private. Every Bitcoin transaction is publicly recorded on the blockchain. If your Bitcoin public key is ever associated with your identity, all your past and future transactions will be exposed. Mobile Coin, however, is designed to be private. Unlike Bitcoin, it will not be possible to trace Mobile Coin transactions. Therefore, as Bruce Schnier wrote,
I think this is an incredibly bad idea. It’s not just the bloating of what was a clean secure communications app. It’s not just that blockchain is just plain stupid. It’s not even that Signal is choosing to tie itself to a specific blockchain currency. It’s that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI.
And I see no good reason to do this. Secure communications and secure transactions can be separate apps, even separate apps from the same organization. End-to-end encryption is already at risk. Signal is the best app we have out there. Combining it with a cryptocurrency means that the whole system dies if any part dies.
End-to-end encrypted messaging itself is a regulatory risk. Adding a specially-designed private cryptocurrency service increases the regulatory attack service.
So, is Signal still safe?
There are two ways to look at Signal’s decisions.
If you put on the hat of a cybersecurity/privacy purist, then you will feel uncomfortable with what Signal is doing. For some of them, this will be a deal-breaker.
But you have to bear this in mind: if you create a product that will make cybersecurity/privacy purists happy, then this product will be unusable to most people. If it is unusable to most people, then it will not gain mainstream acceptance. Also, if your product makes cybersecurity/privacy purists happy, it will become a safe haven for bad actors, criminals and abusers. Should that happen, then it will attract government attention and regulatory clampdown.
To decide whether Signal is still safe, you have to understand the rationale behind their decisions and decide for yourself whether any of these decisions are deal-breakers for you. If you want to have an app that is highly usable and easily available through the official app store, then you cannot be a purist. Some compromises and regulatory oversight are inevitable. If you are not bothered by these, then Signal is still a good choice.
Of course, there are messaging app projects that attempt to satisfy the purists (e.g. Keybase.io). But these projects usually have issues like usability, performance, slow development progress and infighting due to philosophical differences. As a result, they will always be confined to the fringes.
What about Threema?
Some purists are more comfortable with Threema. But Threema’s cryptography (mathematics) has a drawback: it does not have Perfect Forward Secrecy (see this article for an explanation about Perfect Forward Secrecy).