Signal — excellent messenger with sufficient frills

For the unpertubed, I write this brief post to save regurgitating my attempts at persuasion. The “Signal” messenger is an excellent fusion between confidentiality and usability, notwithstanding the company’s minuteness in comparison to the giants it competes with.

What does “privacy” mean?

We’ve all heard of the age-old argument that “you have nothing to fear if you have nothing to hide”. It’s quite simply fallacious according to these two evident facts: There does not exist a situation on Earth where authorities have little bad intentions; there is no guarantee, even if one certain person in power have very good intentions by relative measure, that their successor will be committed to similarly noble principles and further amelioration.

If something is technologically susceptible to abuse, then it will be abused. Before modern digital technologies and associated scandals in all their glory, it had already been revealed that the FBI surreptitiously opened hundreds of thousands of letters,1 surveilling political actors despised by its leadership. A threatening letter was sent to Martin Luther King by the FBI demanding that he commit suicide.2 Materials provided by Edward Snowden to journalists in 2013 revealed NSA activity that tracked porn habits of public figures whom the agency deemed radical, seeking to potentially discredit them.3 Other revelations in the leak caused diplomatic frustration. (For instance, Angela Merkel’s personal phone was wiretapped.) The National Security Agency (NSA) was operating programs to intercept and capture any data where at least one end is suspected to be outside the US — i.e. including domestic communications that involved overseas servers.4 5 Humanitarian organisations such as Unicef and Médecins sans frontières were also specifically targeted.6

Sure, you might now be screaming “but what about TERRORISM” — if you were reading my such treacherous words in 2001 that governments should not liberally implant digital backdoors to “protect Americans”. But the problem is not the quantitative lack of data. For instance, some requisite intelligence to pre-empt the attacks on 21 September were available to the US government and did not rely on intrusive surveillance.7 The ensuing expansion of mass surveillance did not foil the 2013 Boston Marathon bombing. If it were about “finding the needle in the haystack”, then the result of more collection is merely a larger haypile to sift through.

Returning to the argument of probable abuse when given the power: There are concrete instances which render such distrust as beyond procès d’intention — the NSA itself acknowledged recorded incidents of employees using the agency’s capabilities to snoop on love interests.8

Signal and end-to-end encryption

Technology can actually increase privacy but not if we sleepwalk into new applications of it without considering the implications of these new technologies.

Edward Snowden, 2014

Securing our correspondences has been documented since at least Julius Caesar’s rudimentary substitution cipher.9 Today, the power of computing and mathematics allows your brain and mental will to become the invincible guardian of your messages. It is entirely within the means of technology to have a cryptographic messaging system where the only way for others to access your messages is to extort a secret which you hold — the cryptographic key. With asymmetric cryptography, anyone can send you a message encrypted using a “public key”, but which cannot be decoded without knowledge of the corresponding “private key”.

The asymmetric cryptography paradigm using the “Alice and Bob” cliché

Whether the most popular instant messenger, WhatsApp, offers appropriate confidentiality is at best uncertain. The business model of its parent company often allows the company’s self-gain to clash with rights to privacy expected for users in a normal society. For example, they themselves already openly acknowledge the capturing and commercialisation of WhatsApp metadata (e.g. all contacts, whom you contact, at what times messages are sent). In addition, WhatsApp’s so-called “end-to-end encryption” is at best a crooked half-truth: Yes, cryptography is (probably — as the app’s close-sourced nature prevents outside inspection) applied. But WhatsApp holds the keys. In effect, messages can be accessed with WhatsApp’s consent. Meta deems that to be appropriate.

Signal lets you input a passphrase that effectively functions as the private key. The key is not held by Signal. In addition, the servers hosting Signal function as merely a transit area, having the encrypted messages deleted upon delivery to the recipient (incidentally also how Signal is able to provide for tens of millions of users with a cost of merely $US1.3 million per year for the in-transit storage component10). The source code of Signal’s client and server software is publicly available and verifiable.

Other features

Scheduled messages

WhatsApp does not provide it to non-business users to my knowledge.

Mask your number through a username

Since early 2024, Signal has optionally supported using usernames to identify yourself, rather than your mobile number.


References

  1. ‘Church Committee’. Wikipedia, 19 June 2024. Wikipedia, https://en.wikipedia.org/w/index.php?title=Church_Committee&oldid=1229859092. ↩︎
  2. ‘FBI–King Suicide Letter’. Wikipedia, 18 June 2024. Wikipedia, https://en.wikipedia.org/w/index.php?title=FBI%E2%80%93King_suicide_letter&oldid=1229728122. ↩︎
  3. Greenwald, Glenn, and Ryan Grim. ‘Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit “Radicalizers”’. HuffPost, 27 Nov. 2013, https://www.huffpost.com/entry/nsa-porn-muslims_n_4346128. ↩︎
  4. ‘NSA Warrantless Surveillance (2001–2007)’. Wikipedia, 7 June 2024. Wikipedia, https://en.wikipedia.org/w/index.php?title=NSA_warrantless_surveillance_(2001%E2%80%932007)&oldid=1227769454. ↩︎
  5. ‘PRISM’. Wikipedia, 12 June 2024. Wikipedia, https://en.wikipedia.org/w/index.php?title=PRISM&oldid=1228592755. ↩︎
  6. Ball, James, and Nick Hopkins. ‘GCHQ and NSA Targeted Charities, Germans, Israeli PM and EU Chief’. The Guardian, 20 Dec. 2013. The Guardian, https://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner. ↩︎
  7. ‘September 11 Intelligence before the Attacks’. Wikipedia, 6 Mar. 2024. Wikipedia, https://en.wikipedia.org/w/index.php?title=September_11_intelligence_before_the_attacks&oldid=1212195862. ↩︎
  8. Gallagher, Ryan. ‘How NSA Spies Abused Their Powers to Snoop on Girlfriends, Lovers, and First Dates’. Slate, 27 Sept. 2013. slate.com, https://slate.com/technology/2013/09/loveint-how-nsa-spies-snooped-on-girlfriends-lovers-and-first-dates.html. ↩︎
  9. ‘Caesar Cipher’. Wikipedia, 23 May 2024. Wikipedia, https://en.wikipedia.org/w/index.php?title=Caesar_cipher&oldid=1225214144. ↩︎
  10. Whittaker, Meredith, and Joshua Lund. ‘Privacy Is Priceless, but Signal Is Expensive’. Signal Messenger, 16 Nov. 2023, https://signal.org/blog/signal-is-expensive/. ↩︎



Comments

Leave a Reply

Your email address will not be published. Required fields are marked *