Written by: Bogdan Patru
Signal Private Messenger is a secure messaging service that functions in a similar way to Facebook Messenger or WhatsApp, but with added privacy.
Signal Private Messenger is a free, not-for-profit, open source, messaging service that doesn’t track you or serve ads.
The app’s main purpose is to replace the standard messaging application, with messages being sent through a secure connection.
However, while you are assured of maximum privacy and protection when sending messages to another Signal user, if the recipient of the message does not use Signal, then all bets are off. In this case, Signal functions as an ordinary application.
You are given the option to invite your friends to Signal, thus creating an encrypted connection to use. And the application automatically warns you when the interlocutor doesn’t have Signal installed.
It is extremely easy and comfortable to use, with the option to import your contacts and previous messages, and it also allows you to make voice and video calls.
As for SMS and MMS, their costs are the same as in the contract with your mobile provider.
It’s completely free, and there are no tricks involved.
Being open source, Signal’s source code is public and anyone can have a look at it and investigate it to see if there are any inconsistencies or intrusive lines of code.
This allows security professionals to publicly audit the software and let anyone know about potential vulnerabilities.
Closed-source applications such as Facebook Messenger and WhatsApp, on the other hand, do not reveal their source code to the public and there is no way you can know what goes on beneath the surface. Besides that, you can’t even determine if the promised security and protection standards are actually delivered. Snapchat was even discovered to have an internal tool that allowed employees to spy on its users.
This eliminates the need for any third-party to encrypt your messages before and after being sent. The way this works is this:
But then again, this only applies when both of you are using Signal. Otherwise, the connection is not secure and there is no encryption applied to any message.
Is it the Holy Grail of messenger-type private platforms? We had a look at some users’ criticism:
The team behind Signal implemented a rather simple system of discovering your contacts when using the app. It uses your real phone number to do that. However, many users said that this was a privacy risk, that there might be some leaks.
On the other hand, Signal representatives denied the privacy risks, claiming that:
Just until recently, Signal was only available to download on Google Play. The issue here is that Google Play Services are required to run the Google Play app, and have to play by Google’s rules.
Google would know everyone using the app, and in case of an attack on Google’s servers, hackers could get hold of user details.
Users can also get it from the official site as well.
No, it does not.
The Signal application itself retains only the information regarding the date and time when the user first registered on the application, as well as the last time he or she has last connected to it. Other than that, Signal doesn’t keep any metadata.
However, Signal is in no way accountable for how other companies and services choose to use their code.
The Signal code is currently being used by many applications, and whether they choose to change it or respect the users’ privacy is entirely up to them. Signal can’t interfere.
Some of these apps are Facebook Messenger, WhatsApp, and Skype. It can only be a good thing that they choose to incorporate the Signal Protocol in their apps. It’s a major step forward in the world of privacy and encrypted communication.
However, these apps are also not as secure or privacy-oriented as Signal is.
Firstly, it’s because they are closed source. This speaks for itself. Not being able to check the source code and see for yourself whether they’re honest or not is a big letdown.
Secondly, these third-party apps can indeed collect metadata from the users, the identity and location of both recipients. The contents of the messages are indeed private, but other aspects are not.
All cell phones and smartphones contain a so-called “baseband processor”, a closed-source chip that could, in theory, be used as a surveillance tool that breaks apart any sort of encryption used by any app.
This would mean that whoever has access to these chips is able to check, in real time, the contents and details of your messages, calls, and all the information on a phone.
This may or may not be baseless, and is in no way a reflection of Signal.
The app uses a unique protocol called the Signal Protocol, an encryption method considered by many as being the most advanced encryption protocol ever devised. It’s a combination of several elements of well-known encryption suites and algorithms including HMAC-SHA256, AES-256, Double Ratchet Algorithm and many others.
Other security features include locking the app with a passcode or a fingerprint, and the “incognito keyboard” that blocks Android from “learning” from your keystrokes. It also lets you verify the identity of all your contacts by incorporating a unique safety number to every conversation, which you can then compare with other contacts.
In the end, what Signal does, no one else has managed to achieve until now, at least not on the same level.
Its security mechanisms and encryption protocols, as well as the privacy-oriented policy, all make Signal the most secure messaging app out there.