In our hyper-connected, always-on world, privacy is in everyone’s thoughts. Instant messaging is the dominant tool for remote conversations. How can we use instant messaging and maintain our privacy? By using Signal.
Signal Messenger
Signal is a cross-platform instant messenger application that is available as an app for Android and iOS. Signal is also available as a native desktop application for Windows, Mac, and Linux computers.
If you like, it can become your cellphone’s default application for Short Message Service (SMS) and Multimedia Messaging Service (MMS) messaging, or it can sit alongside those existing apps to give you another messaging option.
You can type SMS-like messages and add emojis or stickers (sort of like hyper-emojis) to your text. You can send voice clips, photos from the camera or your photo gallery, and you can create conversation groups for group chats. You can make voice calls and video calls. Signal also supports disappearing messages that self-destruct after a short time.
If you know your way around any other mainstream messaging or chat app, you’ll find your way around Signal with ease. It looks like most other messaging apps and it provides all of the functionality of other messaging apps. So what sets it apart from other apps? What does it bring to the table that other apps don’t?
The big difference with Signal isn’t something that shows up in the user interface or its list of features. It’s built-in by design and is the core principle and ethos of the company behind the app.
It’s privacy.
Why Privacy Matters
Information about you such as your internet use, online purchases, the contacts in your address book, emails, messages, and geographical location are valuable commodities. They all contribute to your online and offline profile. And your profile is marketable. Big data is nothing without data, and tailored advertising wouldn’t exist without the gathering, sharing, and selling of this type of data.
Your privacy is under threat. Even as recently as the start of this century the type of tracking and surveillance that is built into your cellphone couldn’t have been imagined. And yet we all carry one, all day every day. Some people say they don’t care who knows what about them—they have nothing to hide. That’s fine. But privacy is about choice. It’s your data and you should be able to decide who has access to information about you, and what they can do with it. Whether you have anything to hide or not.
Privacy is such an important issue that many countries and states have implemented data protection legislation to help private individuals, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). In fact, privacy is such an important concept it is recognized as a basic human right. It is enshrined within the Universal Declaration of Human Rights.
Privacy definitely matters. Privacy is important to the average citizen, and secure communications are part of that privacy. For some journalists, the citizens of oppressive regimes, whistleblowers, activists, and others privacy can be a matter of life and death.
With many apps, their entire reason for existing is to harvest data. The bait in the trap is the app itself. It provides some functionality that we want. So we download it and install it. During the install, we click next, next, next to get it installed as fast as possible.
As part of the installation process, there is a screen of close-packed small text outlining the terms and conditions, and possibly advising you to go and find their privacy policy and read it. We blithely click past that too. Who’s got time to read through that?
But by installing and using the app you are agreeing to their terms and permitting them to harvest your data and messages and to sell or otherwise share that data, and to monetize it as they see fit.
Security and Privacy: Two Different Things
Signal is published by the Signal Foundation and Signal Messenger LLC, two organizations based in Mountain View, California, founded by Matthew Rosenfeld aka ‘Moxie Marlinspike’ and Brian Acton. They are continuing work started at Rosenfeld’s previous startup Open Whisper Systems. They are a not-for-profit.
Rosenfeld is a longtime privacy advocate and activist, and Acton is one of the founders of WhatsApp. He left when it was sold to Facebook.
Signal is free and open source, and anyone can review the source code. The Signal Messenging Protocol (SMP) has been examined by a joint team from the German CISPA Helmholtz Center for Information Security, the Swiss ETH Zürich University, Cisco, and the Canadian University of Waterloo and was given a clean bill of health. Such eminent cryptologists as Bruce Schneier are advocates of the SMP.
WhatsApp and some other messaging apps use the SMP too. But although that means your message deliveries are end-to-end secure, the other messaging apps harvest and log differing amounts of data about you and your use of the app. They store this data—including your contacts, each time you use the app, who you contacted, and where you were when you did so—on their servers. So although the delivery of your messages is secure, the company behind the app is not upholding your privacy.
Signal does not log any data apart from the cellphone number you provided when you registered with Signal, the date when you created your account, and the time you last used Signal. This can be confirmed by reading Open Whisper System’s response to a 2016 subpoena from the FBI asking for information related to the Signal accounts belonging to two individuals they were investigating. These three bits of information—cellphone number, creation date of the account, and the date it was last used—were all that OWS could supply. Nothing else. Nothing about messages, location, nor contacts.
So: your Signal messages are delivered securely and there is neither gratuitous data gathering nor logging. So your privacy is maintained absolutely.
Using Signal
The installation is entirely straightforward. You’ll find the app in the Google Play Store and on the App Store. When you install and sign up for Signal you must supply your cellphone number. Any of the contacts in your cellphone address book who are Signal users will automatically appear as contacts in Signal—because Signal recognizes their cellphone numbers.
You can choose to have Signal secured using a PIN or, if your cellphone has a fingerprint reader, by your fingerprint. You can also choose to have screenshots blocked when Signal is on-screen, to prevent images from being grabbed with conversations in them. As yet another security precaution, you can also choose to have your encrypted messages relayed through Signal’s servers. This masks your IP address.
There’s little merit in a blow-by-blow account of how to use Signal because it’s the same as the messenger app you’re using now. You have a list of contacts and group chats, you select one and start typing. You can send text, emojis, stickers, gifs, and images.
You can make voice calls and video calls, and you can send disappearing (self-destructing) messages.
Small symbols are shown beside each message. A small circle means the message is in the sending state. A tick inside the circle means it has been sent. Two circles with ticks in them means the message has been received. Two shaded circles with ticks in them means the message has been read.
Signal on the Desktop
Although you can run Signal on a desktop computer, you must have a cellphone to open a Signal account. You also need to authorize the desktop instance of Signal with the cellphone to officially tie it to your account and to permit it to work.
These screenshots are from a Windows 10 computer. As soon as the install has completed you’re presented with a QR code. The QR code contains information that uniquely identifies the computer.
On your cellphone, click on Menu > Settings > Linked Devices > "+" and scan the QR code. You’ll be asked to confirm you want to authorize the computer. The desktop reacts by prompting you to enter a descriptive name for the device.
Click the “Flnish linking phone” button when you’re ready to move on. Signal will open on your desktop.
Note that your contacts are all copied across, but your message history isn’t transferred to newly linked devices. This is a design feature and is done for security reasons.
The Same But Better
Security and privacy are two allied but different concepts. Signal provides world-class security through its own encryption protocol and it upholds and protects your privacy with a complete lack of message logging.
The message couldn’t be clearer.
