Use Signal Instead of Sending Unencrypted Texts & Phone Calls
Have you ever ordered something over the phone, like pizza, and recounted your credit card information to the cashier rep? How about ever texted something sensitive/personal to a friend or family member that you wouldn’t want to tell others, let alone everyone you see on the street? When you send these unencrypted messages, do you ever even give a second thought to the possibility of somebody eavesdropping? I mean, we see surveillance spy vans in the movies all the time, and often hear about related issues in the news from people like (former NSA contractor) Edward Snowden. We never think it could happen to us.
Governments, spy agencies, police, and even hobbyists can easily listen in on you without a warrant, let alone your knowledge. There are devices available on the market, (and even resources online to learn about making something similar) that can listen in on most, if not all of our mobile conversations. I have even personally used a device similar to this. It should also be well known that the encryption used to communicate between cell towers are not a trustworthy, as spy agencies in the UK & USA have previously stolen SIM encryption keys from largest SIM card manufacturer in the world, allowing them virtually unlimited access to any cellular data anywhere. These tools and methods are not limited to eavesdropping though; they can also be used to extract files from your phone (including call logs, photos, contact lists, notes), geolocate you (including your altitude/floor); and even retrieve deleted texts.
So in other words, if you want any guarantee of your privacy, you need to take your own steps to ensure your communications are encrypted by your own doing. Enter Signal: arguably the most secure, publicly available, calling and messaging service available right now to everyone (at least at the time of writing).
What is Signal?
Signal is an app made by the nonprofit Open Whisper Systems (OWS), based out of San Francisco, California. On iOS and as a Google Chrome desktop app, Signal works like any other internet messaging app; as a user, you can send attachments and place calls through it. On Android it gets even better; since you can set default apps, you have the option to configure Signal as your default SMS app, which will upgrade your SMS texts to Signal messages. This is similar to what Blackberry does with BBM on their devices and Apple’s iMessage does on iOS. Textsecure used to send encrypted messages via the SMS protocol, but in its latest incarnation as Signal, it simply uses data like iMessage does.
On Android, RedPhone used to exist as a dialer with similar functionality for calls, but the calling functionality now was rolled into the existing Signal app and RedPhone has been discontinued. What makes it different than all the other messaging services out there is this: it is completely end-to-end encrypted, meaning that the company that makes the app, your cell carrier, government, etc. likely cannot not read or listen to any of your conversations without forcing their way past your key, finding an exploit within the service itself. All of the code is open source so that security experts are able to continuously offer feedback on its implementation quality.
Why is it Better?
Signal has been lauded by security experts as the best consumer messaging platform available; it’s why Facebook’s Whatsapp, & Messenger’s secret messages, and Google’s secret messages in Allo all now use Signal’s protocol, and why many others have modelled theirs after Signal’s. This protocol uses something called forward security, which means each time you send a new message, your key changes, such that even if someone did manage to get a hold of your keys, they wouldn’t be able to read any previous messages.
The Electronic Frontier Foundation (EFF), founded in 1990, is the leading nonprofit organization in the world that defends digital rights and civil liberties. In late 2014, they released (and have been updating) a Secure Messaging Scorecard, which helps visualize how safe and secure more than three dozen messaging services really are. The list includes favorites that you may have been led to believe are the safest option through excellent marketing, like Snapchat, BBM, WhatsApp, iMessage/Facetime, Skype, Facebook, Hangouts and more.
Of the six companies that managed to get all seven security checks validated, Signal is the only one that also has all of the following:
- Permanently free
- Completely open source (easily allows anyone to confirm security claims)
- App available on major mobile operating systems
- Doesn’t require any additional programs or changes to default settings
- Logs minimal meta-data
All the other five companies are missing one or more of the above features. In other words, Signal is the only app designed for mass market adoption, where when you download it and use it, it just works.
For the most part, a messaging app is only as valuable as the number of contacts on the platform. So if you want to have private, secure conversations with the people you normally talk with on your phone, you need to also get them to use Signal. Knowing my privacy is in check, I personally use it as my main messenger. Although I’m not engaging in anything illegal, there are still some things that are frankly nobody’s business but yours and the person you are talking with.
As one particular security researcher pointed out, while Signal is arguably the best app out there, like most things Signal is not perfectly secure. Although the contents of your message are secure, the metadata (usually referred to by these other companies as “non-identifying information”), could be extracted from OWS by a government via a warrant (or not), and definitely can identify more about you than you might guess. WhatsApp, incognito mode in Google Allo, and secret chats in Facebook Messenger, all hold on to all of your metadata still. In comparison, here is the laughably small amount of data Signal had on a couple people when given a subpoena.
At one point, Blackberry used to be the most secure mobile messaging platform available to users, and even had a good chance of becoming SMS 2.0, in which at least text messages could have been more secure than they are now, but even that was used to locate Mexican fugitive El Chapo. The great thing is that other apps will always be created to try and out secure the next; Matrix, the new decrentralised IM protocol, and Briar both show promise. But, for now, we’ll need to wait a little longer to know better.