Chat securely with Signal Messenger

PUBLISHED 9 AUGUST 2019

Author: InvisibleUser Team

In this article, you will learn how to chat securely with Signal Messenger.

We all use messaging services, like SMS, WhatsApp, iMessage, Google Hangouts and Facebook Messenger at work or for private conversations. It is a very convenient way to communicate and aside from internet costs, it is completely free. Unfortunately, popular services are highly compromised when it comes to privacy. There are much better options. In this post, we will focus on Signal Messenger, the perfect WhatsApp alternative.

What is Signal?

This messenger has an open-source client application and even more importantly, the server back end software is open-source too (GitHub). Signal is probably the smoothest user experience for secure chats. It is available on desktop and mobile platforms. The app and the desktop application are very user-friendly. The interface is similar to WhatsApp, but the privacy features are on-point, unlike with WhatsApp.


Signal Privacy Features

The client uses end-to-end encryption, which means that the message is encrypted for the recipient on your device and sent as an encrypted file to Signal servers. Then it is forwarded to your recipient and decrypted on his/her device. The most important step is that Signal servers never receive a cleartext copy of the message. They could not give it to a 3rd party, even if they wanted to.

It is impossible for the company to reveal your chat history to law enforcement, intelligence agencies or advertisers. They never had a plaintext message on their servers. The coding community has, based on the source code, verified that this indeed works as expected. You can view the source code on Signal’s GitHub profile.

In Signal, you can also turn on a feature called “disappearing messages”. We highly recommend that you use it. This option lets you set a time frame from 5 seconds to 1 week, after which sent messages are destructed for additional privacy. At the same time, the feature does not take away from the user experience, since messages usually do not get lost. Your recipient has probably read the message you sent within 6h, so you can adjust the time frame accordingly. This is generally a smart choice and it can protect you. The information you exchange within a time period of say 6h is not much evidence against you, in most cases. Enabling the “disappearing messages” feature is important, since it can help you if your phone ever gets confiscated. Signal is therefore a very good app for democracy activist, journalists and anyone living under a repressive government.

You cannot only chat securely. Another option Signal offers is VoIP calls. Voice IP calls do not use landline telephone cables, which are easily wire-tapped. They are instead calls over the internet, similar to calling someone using WhatsApp or Skype. They do not cost you anything, you only need an internet connection. With a Wi-Fi connection the voice quality can be even better than traditional phone calls. VoIP calls are encrypted the same way as regular messages in Signal.

So, if you are looking for a safe way to talk to people over long distances without the risk of wire-tapping, this is the way to go. Alternatively, you can send short audio messages, like in WhatsApp.

Sending pictures, documents and other files encrypted is also possible and safe in Signal. Equally strong encryption algorithms are used for images, videos, documents, VoIP calls, video calls and text messages.

Signal offers the exact same convenience features as WhatsApp, but much more privacy, so please think about switching to be able to chat securely!

Encryption is so effective that some countries even make using encryption a crime or legally force suspects to decrypt their data for law enforcement. How can these countries have the impudence to call themselves democracies? On this website, you can check which countries have such laws .

Difference between Signal and OTR Messaging

Signal is very advanced in terms of privacy and the encryption cannot be cracked. The only risk that remains is if you are using signal on a compromised machine. This could be an infected PC or hacked smartphone. That is, however unlikely, although intelligence services are capable of that. Lower ranks of law enforcement are usually not able to do so.

Signal shares forward secrecy, future secrecy and plausible deniability properties with OTR Messaging. To clear things up, the Signal Messenger does not directly use OTR itself. That is the case, because OTR is designed for synchronous transports. That works well on desktop when both participants are online. On mobile, it will happen that one of the two people that are communicating goes offline. Reasons for that are plenty on smartphones, e.g. loss of internet connection, empty battery, etc.

OTR would need to perform a key exchange to send and receive messages, but that would fail in such cases. This can delay messages and sometimes, they never make it to the receiver. For these reasons, Signal uses an asynchronous protocol, the double-ratchet protocol (AXOLOTL) to be exact. It is not less secure, it only works a bit differently. They developed their own version of AXOLOTL, which is called the Signal Protocol and also used by WhatsApp, Facebook Messenger and Skype. These other AXOLOTL chat services are, however, highly compromised in other ways, despite using the protocol.

Further Reading

We hope that we could help you understand how to chat securely, but there is more to learn. At the Signal Support website, you will find a lot of information and a comprehensible documentation. The Signal developers really made sure that everyone can understand how it works. It is simple, but nobody ever said that communication privacy must be complicated.

The technical documentation is at Signal Docs.


Signal’s Funding and History

The company Whisper Systems was founded by Matthew Rosenfeld (known as Moxie Marlinspike). Before Signal, Whisper Systems developed proprietary security software for enterprises. Those were a text-based encrypted chat program called TextSecure and an encrypted VoIP app called RedPhone.

Then, Whisper Systems was acquired by Twitter. Soon after, TextSecure and RedPhone were shut down, but their source code was published under a free license. Whisper System founder Moxie Marlinspike left Twitter and founded Open Whisper Systems. This project is completely unrelated to Twitter, which is very important. We could never recommend a privacy tool that belongs to Twitter with a clear conscience.

Signal Messenger is a non-profit project and developed by Open Whisper Systems as a spiritual successor to RedPhone and TextSecure. Open Whisper Systems was an unofficial “non-profit software group”, but became an official non-profit organisation in 2019, so they are tax-exempt.

Signal was initially funded by donations from the Freedom of the Press Foundation. It also received significant funding from the Shuttleworth Foundation, the Knight Foundation and the Open Technology Fund. Therefore, it is completely free and does not contain ads. Signal also does not use affiliate-marketing or tracking. Besides the Signal Messenger, the project also maintains the open-source Signal Protocol, which has become a widely used communication standard. Additionally, they maintain the Signal Server software and the Contact Discovery Service. The latter can check if your contacts on desktop or mobile also use Signal, without sharing any contact information with the Signal servers for storage. This can be done by comparing hashes of the phone numbers with a database and does not send cleartext data.

We really have to thank the developers. They made it so easy to chat securely that everyone can take advantage of it.

Previous

OTR Messaging Guide with Pidgin

Next

How OTR Messaging works in Detail