Before last Tuesday, I was vaguely familiar with the security-minded chat app Signal, thanks mainly to the news that DNC staffers had switched to using the app after the DNC was hacked in midsummer. But by the time Donald Trump finished his victory speech, my Twitter feed was filled with calls to download and use the app, retweeted again and again.
“I’ve talked to plenty of folks who say their phone has been buzzing out of their pocket with notifications of new people joining Signal,” says Moxie Marlinspike, founder of the not-for-profit company Open Whisper Systems, which developed the Edward Snowden–approved messenger app.
Signal is a free messenger app for Android and iOS that uses end-to-end encryption for both SMS texts and voice calls, in a package that’s pretty much exactly like what you’re already used to. End-to-end encryption is perhaps the most secure way to communicate online. When using end-to-end encryption, users on both ends of the conversation have cryptographic “keys” which can be used to decrypt the incoming message. Anybody who lacks that key, whether it be a hacker or the U.S. government, sees nothing but gibberish. “The user experience that we’re trying to create is one where all of your communication is end-to-end encrypted by default,” says Marlinspike, who formerly was head of security at Twitter. “Install the app and start messaging people like you would in any normal messenger and your communication will be encrypted by default — which means a message can only be read by you and no one else.”
Signal isn’t just an app — it’s also a open-source encryption protocol that’s already being used by WhatsApp, Google Allo, and Facebook Messenger (though only WhatsApp has end-to-end encryption turned on by default). What makes Signal unique isn’t just end-to-end encryption, but how little information the company gathers about its users.
“We, the operators of the Signal service, cannot read the messages,” says Marlinspike. “If we get hacked, they can’t read the messages, and the same if governments come to try to compel us to provide information to them.”
This also extends to information about whom you’re talking with and how much. “We think carefully about metadata — not just the content of the messages, but the information about who was communicating with you or who do you have your contacts,” says Marlinspike.
The company was recently served a subpoena by the U.S. government about two Signal users, and the company published both the subpoena and their response. The only information they had (and thus were required by law to provide) was when the users had registered with Signal and the last time they had used the service. Even Apple’s end-to-end encryption can’t match this, because the encryption keys used in iMessage are still stored on Apple servers, meaning the company could be compelled to produce metadata about users.
There’s a few more added security measures in place on Signal. You can set an adjustable self-destruct timer on messages, meaning a text message will delete itself, say, five minutes after being read. You can also automatically trim conversations once they reach a certain length. Both are protections against the major vulnerability in end-to-end encryption: someone else getting physical access to your phone or computer.
Signal and other services like it, such as end-to-end encrypted email service ProtonMail, are ultimately where Marlinspike thinks privacy has to head if people want their communications to remain private.
“There’s two ways to think about security,” says Marlinspike. “One is the notion of computer security, which is the idea that we’re gonna create computers that are secure, which is a losing battle.” The speed of software and hardware development make it impossible to keep up, and protections against hackers have to get it right every time, while hackers only need to get lucky once. “Whether you’re a Sony executive or national-security reporter or a politician, if you have a computer connected to to the Internet with a bunch of unencrypted emails sitting on it, someone eventually is gonna find that.”
The other option is what Marlinspike is doing with Signal, which is information security — making the data you care about unreadable to anyone who isn’t the intended recipient. Marlinspike uses the example of WhatsApp, which uses the Signal protocol. “If they have a few servers connected to the internet, with billions of people’s messages flowing through them, it’s really hard to secure the servers and it’s a huge liability. Instead, if they transform their communication network so the only thing flowing through those servers is encrypted, opaque blobs of data, it reduces the liability. If someone hacks their servers, they don’t get anyone’s messages instead of billions of messages.”
With the huge uncertainty of what Trump will actually do with the U.S.’s powerful and pervasive domestic-surveillance system, Marlinspike saw the same kind of Twitter messages as I did. “I think that’s perhaps in part why more people are using Signal,” says Marlinspike. “People do care about their privacy and are interested in using the tools to easily maintain it.”