How Signal [the private messenger] works

There is a list of more or less popular messaging applications among users. According to Statist global data, by April 2019, 1.6 billion users accessed WhatsApp on a monthly basis. Application reach and usage penetration are particularly strong in markets outside the United States, it is a phenomenon.

Other names, however, are in the niche market. But because they are adopted with greater determination in a certain region, or because they offer specific resources for more demanding users. This is the case of the Signal, the so-called “private messenger.”

How Signal works [the private messenger]

The most popular messengers in the world – Statist

  1. WhatsApp – 1.6 billion
  2. Facebook Messenger – 1.3 billion
  3. WeChat – 1.098 billion
  4. QQMobile – 807 million
  5. Skype – 300 million
  6. Snapchat – 287 million
  7. Viber – 260 million
  8. Telegram – 200 million

Application used by Snowden

You may have noticed that the Signal Private Messenger, available for Android, iOS (iPhone) and desktop, famous for being used by former CIA analyst Edward Snowden, does not even appear on the list. It’s a niche application, aimed at safe, individual or group conversations. And although it appears here and there in the media, few have adopted it.

Compared to the billion WhatsApp users, Signal’s user base is tiny. Developers say they do not release statistics on how many users they have. But the Google Play store for Android says the app has been downloaded more than 10 million times. The iPhone App Store does not reveal that.

No advertising sign

Created by an independent group of software developers in 2014, called Open Whisper Systems, Signal is an open source project funded through awards and donations. In this way, Signal states that it can prioritize users without looking at their efforts in monetization. That is, it is a solution without ads and without what they called “sinister tracking”. Just quick, simple and secure communication.

Without advertising to segment and share information, Signal intentionally stores as few of your messenger’s user data as possible. The fact that Signal is an open source system allows the application to be available to experts to inspect flaws or loopholes in the promised security.

The group’s founder is known as Moxie Marlinspike, a cyberpunk that does not seem to fit the classic profile of Silicon Valley businessmen or academics. And, who rarely gives interviews, like the one he gave to The Intercept.

The private messenger

According to Marlinspike, all communication from Signal to Signal is private and encrypted from end to end, and neither Open Whisper Systems, which is responsible for the code, has the keys to decipher them. But you may be wondering about the metadata of messages, the list of contacts on your phone, and backups in the cloud.

This is where the Signal approach changes radically. The privacy policy is short and concise. Unlike WhatsApp, Signal does not store message metadata. Marlinspike, states that the information closest to the metadata that the Signal server stores is the last time each user logged on. The accuracy of this information is poor, reduced to the day, rather than the exact time that access occurred.

About the contact list, it works as follows: you’ll certainly share this information with the app to find your friends. However, Signal does not send its pure list to the server. Instead, it uses a hash function to change the combination of phone numbers before sending them. The server responds with the contacts you have that are already in Signal and then discards that information.

No backup in the cloud

At this point, the Signal attracts or amazes users. There is no cloud backup. What’s seen as a problem in WhatsApp, which uses the third-party cloud (such as Apple’s iCloud, Google Drive), does not happen with Signal because it does not offer online storage. Telegram has an alternative to “secret chat”, with client-server/server-client encryption, to keep the backup in the cloud itself.

With this, there is no risk that, accidentally or not, your private messages will be provided to any third-party company or governments. However, this also means that if you lose your phone, you will lose all chat history with it.

It is true that the Android version of Signal allows users to do a local backup. Simply export and import application data. But it only works if you are switching to a new phone and still have the old one. The iOS version of Signal does not offer this option. And, on the desktop, the application always works with your phone.

If a government requires Open Whisper Systems to deliver the content or metadata of a message exchange to Sigal, a contact list, or any other more complex information, the group can not deliver anything. There is nothing there.

Signal uses Curve25519, AES-256 and HMAC-SHA256. The security of these algorithms has been tested over many years. From this, the team created the Signal Protocol and other messaging services use that system. More details here and here.

Signal vs Popular Apps

In terms of security, Signal stands out from WhatsApp and company. However, using it means living with a useful messaging app, not a news booth with millions of cards and fun features. To begin with, you’ll probably have to convince friends, family, and/or co-workers to use one more application.

The Signal also receives improvements at a slower pace than its competitors due to the lean team working on the platform. Open Whisper Systems has only ten employees in total, according to the LinkedIn page.

Signal currently supports Android, iOS, Windows, MacOS and Linux. Tablets are not among supported devices, but larger screens are in future plans.

What does the Signal offer?

  • Text messaging with an advanced end-to-end encryption protocol that guarantees privacy for all messages exchanged using the application.
  • Encrypted group chat to talk to multiple people at once. The server does not have access to any of the information: list of members, title or icon.
  • Crystal-clear voice and video calls to people living on the other side of the city or across the ocean with no long-distance charges.
  • Sending media such as photo, video, audio, documents, gifs, contacts and emojis.
  • Messages that self-destruct in both sender and receiver.

How does Signal login work? Just download the app, enter your cell phone and confirm the code sent by SMS. You can use Signal on only one smartphone at a time.

Leave a Comment