Why Signal should be your choice of messaging tool
Private and censorship resistant communication is a necessity in today’s era of censorship and surveillance. Journalists, Lawyers, Whistle-blowers, Activists, oppressed populace are some categories of people who might have need for such tools such tools. Since Edward Snowden revealed the collusion between tech companies and state actors, it has become very essential to safeguard sensitive communication so that no one except the sender and receiver has access to the content of the messages.
1984 is finally here and it arrived without anyone knowing. Government overreach is a reality and happens on a daily basis even in the largest democracies of the world i.e USA and India. We take a look at Signal Messenger developed by Open Whisper Systems and lay out the reasons as to why it is the only instant messaging tool that should be used in cases where privacy is of absolute importance.
1. Open Source
Unlike WhatsApp which is closed source and Telegram which is partially open, Signal is completely open-source. This means that Signal’s code is open to public for review. Some of the greatest programmers, security experts of this age have audited the code and also contribute to it on a regular basis. The code for Signal is extremely well documented and vetted which cannot be said for WhatsApp or Telegram.[1] There is no saying how these tools operate and after Ed Snowden showed the world how Microsoft, Google, Yahoo had essentially placed back-doors at NSA’s behest. Any piece of software regardless of it’s origin should be treated with skepticism unless and until it’s code is vouched for.
Signal’s source code can be found here.
2. End to End Encrypted
Signal’s encryption protocol dubbed simply as the Signal Protocol has been universally praised by security researchers and cryptographers. It builds on proven technologies and is well documented.[1] End to End encryption means that the messages are encrypted on the sender side and decrypted only on the receiver’s end, unlike traditional models where they are decrypted at the intermediary server for processing and then re-encrypted before forwarding it to the receiver.
WhatsApp itself uses the Signal Protocol for their recently introduced end-to-end encryption feature.[2] Telegram uses a custom homegrown protocol named MTProto. MTProto has however been criticized for it’s design choices which makes it susceptible to some theoretical attacks. Even though both Telegram and WhatsApp have a form of end to end encryption, the notion that state actors cannot access the contents of the messages sent over these tools is false. It’s like a real estate agent saying I am selling you a house that has an unbreakable front door lock. However I have the keys for the back door and also the windows have no locks. Security is only as strong as it’s weakest link and thus having a strong end-to-end encryption feature is meaningless until all the other components of the service are secure as well.
3. Data Collection and Retention
The only data that Signal retains about it’s customers is their phone numbers and the last date when the user connected to their servers. Consider this article which describes the data Open Whisper Systems handed over to the FBI when subpoenaed in 2016.
On the other hand Facebook, the parent company behind WhatsApp is notorious for its privacy policies. They have made it clear on several occasions that they don’t really respect privacy of their customers. They have a cozy working relationship with governments and have known to readily hand over private data when requested by state agencies. Telegram has its fair share of problems well documented by several security researchers.[3]
4. Censorship resistant
Do you know WhatsApp calls don’t work in Dubai. Neither do Facetime, Skype, Duo and so on. This is an extremely good example of state censorship. In order to prevent the above mentioned tools from cannibalizing the profits of telecoms because of free video & voice calls, the government ordered the companies to remove the calling features from their respective communication tools. Not one of the companies argued against the ruling and complied meekly. Blackberry was similarly threatened by the Indian government years ago and forced to hand over encryption keys for their Indian BBM servers, because it was deemed that the service was being used by anti-national elements. Instead of obtaining message contents on a case by case basis, the government wanted access to every message being sent by every device in India. Needless to say Blackberry complied.
Signal however has rejected every call and every censorship request from governments and made it clear that it would continue doing so. Consider this article published in Dec 2016 by Wired which reports how Signal developers actively created workarounds for the application to continue working after Signal was banned in both Egypt & UAE.
5. Ethics of Founder
Who would you trust your data with? Moxie Marlinspike or Mark Zuckerberg or any other Businessman. This is akin to a choice between Dr. APJ Abdul Kalam and Pratibha Patil, Linus Torvalds and Larry Ellison, Aaron Swartz and every other politician in the US. Moxie is the founder of Open Whisper Systems. If you have not, do read about Moxie Marlinspike and what his contributions to the technology community are. You can have the most perfectly designed software, have the most secure systems in place, have the outward appearance of a saint and it would all be for naught because you are an unethical person. The morals, ideology and the ethics of the person behind the software are what define how secure the software is going to be. This is why, we feel we ought to not trust WhatsApp, Telegram or Wire Messenger. Not one of the founders of these companies has the ethical credentials of Moxie and that is why the tech world is so behind Signal. They all know Moxie will fight the government to his bitter end if needed but not yield to to censorship and surveillance.
Additional Reading
https://medium.freecodecamp.com/why-i-asked-my-friends-to-stop-using-whatsapp-and-telegram-e93346b3c1f0
https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
Citations
[1] Whitepaper on Signal Protocol
[2] WhatsApp’s Signal Protocol Integration
[3] Problems with Telegram Messenger
