Signal

Secure Instant Messaging

5th February 2024

Signal is arguably one of the more secure instant messaging platforms out there. I use it myself when I want to have private discussions. I got curious in finding out how secure Signal actually is. While the technical parts seems very impressive, the financial side turns out to be a bit shady.

The Signal Protocol and the Signal app was originally developed by Open Whisper Systems but is now known as Signal Messenger LLC, which is funded via the Signal Foundation. They claim that they value privacy and open source.

Disclaimer: At first, while I was researching, I was very optimistic. But then red flags started popping up. Maybe you can spot where I started to have doubts.

The Signal Organization

Signal is a nonprofit organization that claims to be dedicated to privacy and open source.

A Short History

A brief history of Signal can be read here on Heimdal Security’s blog. I will only highlight the most relevant events.

It all started back in 2010 when Moxie Marlinspike (Pseudonym) and Stuart Anderson started a company called Whisper Systems and launched beta versions of TextSecure and RedPhone; TextSecure was intended for secure messaging and RedPhone was intended for secure voice calls. Signal is based on those two applications.

Twitter acquired Whisper Systems in 2011 and cancelled TextSecure and RedPhone. Moxie answered with making them into open source software licensed under GPLv3.

In 2013 Moxie leaves Twitter and creates Open Whisper Systems to continue developing TextSecure and RedPhone.

In late 2015, The first version of Signal, which is a merger of TextSecure and RedPhone, was released on Android and iOS.

On the 21^st of February 2018, Moxie Marlinspike announced the formation of the Signal Foundation together with WhatsApp co-founder Brian Acton. Open Whisper Systems is since then defunct and Signal Messenger LLC together with Signal Foundation took it’s place. Since then the app has increased rapidly in popularity.

The Signal App

Security

Signal uses their own developed Signal Protocol that is used to encrypt messages. All communication is E2EE = End-to-end encrypted by default. E2EE means that the messages are encrypted from sender to receiver. Only the parties with the correct private key can interpret the encrypted messages or calls; not even if someone was to intercept your Wi-Fi or mobile network traffic. Only the sender and the receivers have the correct keys.

It is also allegedly used by WhatsApp and Facebook Messenger, although those apps are closed source so who can tell for sure. The signal protocol is using multiple components and can be studied in detail on Signals website.

Encryption Algorithm

For the encryption of messages, the Signal protocol uses the EdDSA algorithms, like ED25519; the same as Protonmail uses to encrypt emails. EdDSA algorithms are open source elliptic curve algorithms and according to experts are one of the most secure encryption algorithms available today.

Key Exchange

Signal bases their key exchange algorithm on Elliptic-curve Diffie-Hellman (ECDH) Protocol. That is a key agreement protocol that allows two parties to create a shared secret over an insecure channel by granting each an public-private key pair. If you’re interested how it conceptually works, watch this video from Computerphile:

Computerphile: Diffie-Hellman Key-Exchange

Signal uses a version of Diffie-Hellman called X3DH key agreement protocol, which stands for Extended Triple Diffie-Hellman. I’ll spare you the technical details. Watch this video instead:

Computerphile Signal Protocol Part 1: How Signal Instant Messaging Protocol Works (& WhatsApp etc)

Double Ratchet Algorithm

Their in-house developed security mechanism. A ratchet is a wheel that can only turn one way.

From Shutterstock.com

A ratchet algorithm makes sure that if, in an unlikely scenario, your private key got compromised and someone manages to “tune in” to your conversation with someone, they will maximum get one message. That is because for every message sent, the application regenerates new keys. It is called “double ratchet” because the old key won’t be able to decrypt newer messages, nor older messages.

This video explains the Double Ratchet algorithm:
Computerphile Signal Protocol Part 2: Double Ratchet Messaging Encryption

Data Integrity

By Benjamin Lehman on unsplash.com

Signal encrypts every call and message by default. Their is no other mode.

Signal stores unread messages on their servers, which makes sense. Otherwise both parties have to be online at the same time. Signal staff can’t read those messages though, and they are not stored longer than necessary; maximum 60 days for unread messages.

Signal requires phone numbers when creating an account. Optional information like name and pictures will be encrypted and can’t be read by anyone but you. While nobody can read any messages but the parties involved in the conversation, in theory someone could find out who you had a conversation with.

Note: Signals Privacy Policy can be read right here.

Linking Devices

I have written about Cross Device Tracking in another blog regarding to Yubikeys. Signals Device linking works a bit differently compared to, for example, Google. When a device gets linked; all it does is that it registers the endpoint to receive your messages to that device, as well as your phone. If no messages are read within 60 days, the device needs to be re-linked. Because Signal does not store any messages on their servers longer than necessary, no previous messages can be retrieved before the device was linked. Signal does not store any significant machine identifier either. Only a hostname, AFAIK.

Law enforcement

When Signal receives a subpoena, they practically send a blank paper back because they have nothing on any user, by design. All user information and messages are stored locally on the users devices.

Rumors and conspiracies

By Sander Sammy on unsplash.com

There are rumors that Signal has been funded by the CIA. It has received millions in funds from the Open Technical Foundation (OTF), which is financed by US government through the Agency for Global Media (USAGM). The same agency funds for example Radio Free Europe, which has been funded by CIA in the past. While the ~3 million dollars might be a small sum in the bigger picture, we don’t know for sure where the other funding has come from. I can understand why there are reasons to protect donor names when funding this type of software, but if they receive public grants, that should at least be transparent. That is the first red flag, but I haven’t found any evidence that this funding have compromised Signals security yet.

There was also a rumor back in 2019 that Huawei Engineers claimed to have found a CIA Backdoor. I can’t find much substance in that claim or where it originated. Where is the evidence?

Another red flag is that it seems like Signal doesn’t like the idea of federation (creating your own server to peer with their servers). They seem keen to keep their centralized model, even if it costs them a ton of money. That means Signal have complete control of every message, but then again, it’s encrypted and not stored indefinitely, so what is the big deal? Unless the rumors are true…

Note: While there is no way of peering with their servers, it is possible to setup your own server.

A third red flag is the phone identifier. It’s convenient that you can see who in your contact list have Signal, but it also a privacy issue. It should be possible to use another identifier.

I’ve come to realize that open source software might not be such a bullet proof concept as I thought. You see it isn’t exactly like you can just inspect a running Signal server’s codebase at any time. Signal is uploading the code to Github. You have to trust that Signal is using that code unaltered. That is true for all open source software, but software that you can run on your own and peer with others, are more trustworthy. So a fourth red flag: There was an incident where Signal didn’t update their codebase for a year.

Some of you might remember Parler, who competed with Twitter as a free-speech alternative. What the establishment did against Parler was first to slander them. Then, all within a short time interval in the beginning of January 2021, Google and Apple banned Parler from their app store and Amazon closed their servers. That was only a few days after Donald Trump got banned from Twitter and started using Parler instead, resulting in the app got a surge of new users. What a coincidence! The company ran for a while hosted from Russia, but eventually closed down due to change of leadership. Now it’s just a footnote in Internet history. A fifth red flag: If Signal really was a threat to the establishment, why is it still allowed in the mainstream app stores?

I have a theory to most of these concerns: Maybe three-letter-agencies simply don’t care so much about E2EE apps, because they have tools to circumvent encryption anyway. I’m talking of course about Client Side Scanning, which is becoming mandatory around the world. Maybe three-letter-agencies are just interested in who are using Signal? That could be one reason for requiring phone numbers as the primary identifier.

Main sources for this section:

• https://yasha.substack.com/p/signal-is-a-government-op-85e

• https://english.almayadeen.net/articles/analysis/signal-facing-collapse-after-cia-cuts-funding

• https://dessalines.github.io/essays/why_not_signal.html#cia-funding

Comparison to other messaging apps

This is not a detailed review but only my personal opinions

User Experience

The Signal GUI might not be the prettiest; I think that goes to Telegram. Telegram is excellent for sharing news and public information, but for private conversations I stick with Signal for now.

Other apps like Facebook Messenger and WhatsApp I can’t say much about because I haven’t used them for years.

Security

Comparison to Telegram

Signal is open source and communication is peer-to-peer encrypted by default, even with group-chats.

Telegram is also open source, but is client-server based, which means that all information is stored on their servers. While that is very convenient for the users, because you can load your old messages to a new device, you have to trust Telegram that the information is stored safely. I believe they actually try their best to do that, but a security breach related to their bot system happened in the past, reminding us that no application is bullet-proof, especially when you try to add so many features.

Telegram does not use end-to-end encryption by default; you have to use the secret chat function for that. The secret chat function is peer-to-peer E2EE communication like Signal. However, Telegram doesn’t support E2EE in group chats at all (note that Telegram still encrypts messages to and from the server, just not end to end). It’s a bit misleading because it is advertised as a secure alternative and I think many users assumes the traffic is E2EE by default. With that being said I still use Telegram daily because it’s so darn convenient. Although I’m starting to be more aware of what I’m typing in there.

Comparison to WhatsApp

Signal and WhatsApp both allegedly use the Signal protocol, but Signal is a non-profit and WhatsApp is owned by Facebook/Meta. There are reasons why Brian Acton, founder of WhatsApp, left Facebook, in favor to work with Signal.

Brian Acton did not agree with the direction Facebook wanted to take for WhatsApp, by for example implementing targeted ads.

“I sold my users’ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.” - Brian Acton

The direction Facebook has taken with WhatsApp have compromised it’s security, as Pavel Durov, Founder of Telegram, has written much about.

Regarding the use of the Signal protocol, When COO of Facebook Sheryl Sandberg was asked by US lawmakers if they are still using E2EE, she answered “We are strong believers in encryption” according to Forbes.

In conclusion: Since Facebook acquired WhatsApp, it has gone towards the direction of compromising the users privacy and security, in favor of monetization. It is no longer a safe alternative.

Other apps

There are more IM apps out there, but I’ll save some of them for their own dedicated posts.

Last Thoughts

I’m no Cryptographer. I have to trust that those who are, have made a proper security audit. Nor am I an experienced developer, so I have to trust that those who are, have reviewed the source code.

Signal seems to be one of the most secure apps for instant messaging and voice and video communication. It has a good balance between security and user experience. Signal store little to none of it’s users information, but are bound by law to give out “everything” they have on certain users, which is basically a blank paper.

The biggest concern is of course where Signal got it’s original funding from. But why did it stop? A quote from one of the sources for this article:

“One explanation is the app became too popular with Western citizens for the US intelligence community’s liking” - Kit Klarenberg

In conclusion: Is it safe? It seems technically solid, but the early funding is of major concern. I’m still going to use Signal until something even better comes along. A more trustworthy secure instant messenger alternative would be something that:

• Is Open Source

• Does not use any personal identifiers

• Have a decentralized infrastructure

• Strong cryptography

• Supports both encrypted instant messaging and voice/video communication, 1-1 and in group chats.

Just remember that in the near future it might only be possible to have a private conversation if your device has a open source operating system, like Linux, regardless of what app you are using. Check my post about why privacy is important for more information.