“The default recommendation you’ll get from most security researchers for a messaging app is Signal,” said Joseph Bonneau, a postdoctoral researcher at the Applied Crypto Group at Stanford University. “It’s still the best in the field.”
That said, Signal is not perfect. It lacks some features of other messaging apps, like the ability to send stickers. And during my tests, the service had some glitches. But adding Signal to your folder of messaging apps is a must in an era when technology companies are collecting more personal information and government surveillance may expand.
Some people have already cottoned on to this. Signal experienced a 400 percent jump in daily downloads since Mr. Trump won the election, according to Moxie Marlinspike, who founded Open Whisper Systems, the nonprofit that developed Signal. To Mr. Marlinspike, the surge in downloads reflects anxiety among Americans about the implications of Mr. Trump’s presidency for personal privacy.
“Trump has threatened a lot of people and he’s about to be in control of the most pervasive and least accountable surveillance infrastructure in the world,” Mr. Marlinspike said. “A lot of people are justifiably concerned about that.”
How Signal Stands Out
Signal offers end-to-end encryption, meaning a message is scrambled so that it becomes indecipherable to anyone but its intended recipient when it is sent from your device, and it remains so when it passes through the app’s server and reaches the recipient.
When you initiate a conversation with someone on Signal, you and the recipient exchange so-called cryptographic keys. Only the person who receives your message holds the key to decrypt and read it. That means that if a government agency had a wiretapping order for your Signal messages, Open Whisper Systems would not have the key to decipher the messages and would be unable to comply.
Signal’s technology sets the standard for other messaging services, with its protocol being an open-source system that other companies can freely use. WhatsApp, Facebook’s Messenger and Google embedded Signal’s encrypted messaging system into their own apps this year.
Even so, security researchers said they preferred Signal over other messaging apps because it was more thorough in protecting users’ privacy. The only information Signal stores about users in its database is the last time someone connected to its server and when a person signed up for Signal. Other messaging apps maintain pieces of personal data on their servers.
By contrast, while WhatsApp enables Signal’s full encryption by default in messages, there are caveats. WhatsApp may retain some so-called meta data on conversations, including the phone numbers used in an exchange and the times that the messages were sent, according to the company’s privacy policy. WhatsApp also regularly accesses your phone number and contacts list, so the app can provide an up-to-date list of your contacts who use its service to make it easier to message them.
Google Allo, Google’s new messaging app that leverages artificial intelligence, does not enable Signal’s end-to-end encryption in all its messages by default. Google offers full encrypted messaging only in so-called Incognito sessions, a private mode that must be turned on manually. When you’re not chatting in Incognito mode, Google stores your Allo messages on its server.
Similarly, Facebook’s Messenger enables end-to-end encryption inside a private chat mode called Secret Conversations. But by default, normal Messenger chats lack that encryption.
Even though Signal doesn’t record your information, the app still works across devices, like a desktop computer and a mobile device. Messages and contacts’ data are stored directly on users’ devices and synchronized between them.
Let’s say you already use Signal on your iPhone and want to use it to chat on a Mac (Signal is available as a web app for Google’s Chrome browser for desktop computers). To link the desktop app with your iPhone, you would use the iPhone’s camera to scan a bar code on the Mac web app, which links the two devices together. Then, to get your contacts list and conversations to appear on the Mac, the Mac app pulls your contacts list and messages directly from the iPhone via an encrypted channel, according to Mr. Marlinspike.
“It’s a bit more work, from our perspective,” Mr. Marlinspike said. “It’s more complicated than storing all this stuff on a server.”
Bugs and Missing Features
Signal occasionally runs into glitches, such as when it comes to synchronizing data between computers and smartphones. In my tests, there were several occasions when Signal messages that were sent or received on my smartphone did not immediately show up inside the desktop app — though the messages eventually synchronized minutes later.
Mr. Marlinspike, who is also the former head of security at Twitter, says he encourages people to report bugs so the group can continue to improve the service.
Another downside is that your Signal account can work on only one mobile device at a time; I could not, for instance, use Signal on both my iPhone and iPad. Mr. Marlinspike said it would support multiple mobile devices eventually.
One last caveat is that Signal isn’t as fun to use as apps like Facebook Messenger, which lets you send stickers and animated GIFs to add color and personality to conversations. Open Whisper Systems said it planned to add these features, noting that GIFs are already supported in the Android version of Signal.
Still, this is a trivial issue. I’d choose stronger privacy over sending stickers and animations any day.
The Bottom Line
There is no logical reason to skip using Signal. The app is free for Android and iOS, and for computers it is a free add-on for the Google Chrome browser. Plus, it’s easy to install and so architecturally secure that you can have the confidence to say whatever you want without fear of being spied on.
Another benefit is that Open Whisper Systems is a nonprofit that relies on donations and grants, not a business that might eventually have an incentive to share your information with third parties like advertisers.
That’s not to say Signal should be your only messaging app. You could use it exclusively for sensitive matters, like work-related conversations. Then for casual chats like making plans with friends and loved ones, you could switch to more “fun” apps like Facebook Messenger and send all the stickers you want.
Probably the biggest thing missing from Signal will be many of your friends. The app isn’t as popular among consumers as other mainstream messaging apps, so hanging out on Signal can feel lonely. So if you care about your privacy, other than installing Signal today, you should nag everyone you know to join the service, too.
Continue reading the main story