Signal's Privacy: A definitive review
With Elon Musk recently recommending Signal over WhatsApp, many people have flocked to Signal in the past couple days. In fact, Signal has gotten so many new users that their servers couldn't keep up!
This high-profile endorsement has led to greater acceptance of Signal; however, for some it doesn't sit right any time Signal gets a mainstream endorsement. People have even gone so far as to claim that Signal is a government honeypot. In this article, I explain why Signal is not a honeypot and why you can trust it.
What is Signal?
Signal is an end-to-end encrypted (commonly referred to as E2EE) messaging app. End-to-end encryption is a design property that encrypts data so that only you, and the person you communicate with, can read messages. While messages may pass through a server, the server has no access to the messages. Many messaging services support E2EE, including WhatsApp. However, this does not mean all E2EE messaging services can be trusted.
To understand what E2EE is, you must first understand the traditional security model of messaging apps. Normally, messages will be encrypted between yourself and the server. Then, the server forwards the message to the recipient, also via an encrypted channel. However, the server sees the original, unencrypted, message. This is called transport encryption. Some services will claim to be E2EE, while actually using transport encryption. (See my additional comments about Zoom).
Some examples of E2EE include WhatsApp and Telegram. E2EE is an important part of any reasonable security model. However, simply something being E2EE is not enough.
Metadata leaks are when your messaging app includes metadata in a way that's not encrypted end-to-end. This includes the dates and times you send messages, who you send them to, how frequently you send messages, and more. Many messengers allow you to set status messages and profile pictures. These are not encrypted, and are thus leaked. The issue with metadata leaks is they can fairly easily reveal sensitive information, even when you don't expect them to.
What makes Signal trustworthy?
Signal uses a zero-trust architecture that prevents metadata from leaking. It does this using E2EE, combined with something they call sealed sender, which hides who you are when sending a message. This achieves a few guarantees:
- Signal profiles are E2EE, thus preventing them from reading your profile
- When receiving messages, Signal's servers cannot know who sent you a message
- They can tell a message was sent to you, but not who it is from
- If the sender fails to use a VPN or Tor, a malicious server could track the sender's IP
- When sending, Signal's servers cannot know that you are sending a message
- They can tell a message was sent, and who it was sent to, but they cannot tell who it was sent from
- For even more security, you should use Signal through a VPN or through Tor, to prevent malicious servers from tracking what messages you send using your IP
- All message contents are E2EE
Signal uses a zero-trust security model, which guarantees that even if Signal's servers are compromised or malicious, Signal's security properties still apply. Additionally, Signal has a strong policy of not collecting any user data. This has been proven in court.
What if Signal's code has a vulnerability?
Signal has received extensive code review by many security experts, including independent audits which gives very strong assurances to its security. As mentioned before, their zero-trust model means even malicious servers cannot track users.
Signal is one of the best secure messaging apps available. Its security properties are the strongest that can be realistically obtained. More secure options exist, such as Briar, which is unusable for most users due to lack of usability features, or Tinfoil Chat (also referred to as TFC) which requires specialized hardware to use.
There's also Jami, which is a peer-to-peer (P2P) app with Signal-like security properties (I have intentionally avoided mentioning a few apps).
For a summary of what apps I consider safe to use:
- Jami (see my notes)