Signal is an encrypted messaging service for instant messaging, voice, and video calls. The Signal Foundation was launched in February 2018 as a 501 nonprofit with the mission to develop open-source privacy technology that protects free expression and enables secure global communication.
I recommend everyone use an end-to-end encryption type messenger like Signal. End-to-end encryption is a method of secure communication that prevents third parties from accessing data while it’s transferred from one system or device to another. Communications like Snapchat, Facebook Messenger, Skype, Google Chat, and text messaging are not secure and can be viewed by the providers and third parties.
Signal uses verification servers to ensure the phone numbers are real using a third-party service to send a registration code via SMS or voice call to verify that the person in possession of a given phone number intended to sign up for a Signal account. This is a critical step in helping to prevent fake accounts from signing up for the service.
Signal sends messages encrypted so only the sender and receiver are or can read them. Signal uses metadata encryption technology to protect intimate information about who is communicating with whom. Signal can’t read or access any end-to-end encrypted messages because the keys that are required to decrypt messages are on your device, not their servers. If Signal was asked to provide information to authorities they would be unable since they do not have the keys and store very little if any data on their servers for this reason.
Signal is even proactive with storing undelivered messages When you send a message, the Signal service temporarily queues that message for delivery. As soon as your message is delivered, that small bundle of encrypted data (i.e. your message) can be dropped from the queue. The storage of end-to-end encrypted files is temporary too, and any undelivered end-to-end encrypted data is automatically purged after a period of inactivity.
To add an extra layer of security for held messages Signal has server infrastructure from several providers like Amazon AWS, Google Cloud, Microsoft Azure, and others to ensure that not all saved messages are saved in one place in the event of a security breach. Even if there was a breach of these messages Signal can’t access the messages and neither can the companies that provide any of the infrastructure or even the attackers because the keys are on the user’s device, not the server.
Signal added Snapchat-like features with a feature called scheduling messages. Timers may be attached to messages to automatically delete the messages from both the sender’s and the receivers’ devices. The period for keeping the message may be between five seconds and one week and begins for each recipient once they have read their copy of the message. Signal has in addition added a story’s feature which is something available on all messaging platforms.
Since most Apple and Android devices backup to the cloud Signal excludes users’ messages from non-encrypted cloud backups by default. This is a great idea considering by default Android and iOS store backups unencrypted on iCloud and Google Drive.
Signal allows users to blur the faces of people in photos to protect identities automatically. Signal includes a payment and wallet system but only supports the payment method MobileCoin which is a privacy-focused digital currency.
All Signal contacts and contacts lists are stored on your device encrypted and never sent to Signals servers. Group messaging is designed so that the servers do not have access to the membership list, group title, or group icons. Instead, the creation, updating, joining, and leaving of groups is done by the clients, which deliver pairwise messages to the participants in the same way that one-to-one messages are delivered.
Signal is banned in certain countries where governments are allowed to read all citizen communications. China, Egypt, Cuba, Uzbekistan, and Iran have banned Signal outright. In the U.K., the Signal app warns it will quit the UK if the law weakens end-to-end encryption. The United Nations has recommended the use of Signal in certain countries.
I would rate Signal as the best and most secure app to use at the moment. The company is a non-profit focused on security and not profit. Recently Signal did release a blog post asking for donations as running a worldwide secure message service is not free. If you are using Signal please consider donating to this service which puts people over profit.
