- Joined
- Jun 24, 2021
- Messages
- 1,651
- Solutions
- 2
- Reaction score
- 1,769
- Points
- 113
- Deals
- 666
Signal is a secure, free, and open-source messaging application that uses end-to-end encryption to securely send and receive all kinds of communications with other Signal users. Using the Internet for all encrypted communication, Signal, comes highly recommended by some top privacy and security advocates.
In this Signal review, we’ll look at the capabilities, usability, and security that Signal offers. We’ll also talk about how the design of the service provides extremely strong protection for your privacy. Signal is truly impressive, so let’s cut the chatter and dig in to the review.
Signal Pros and Cons.
+ Pros
End-to-end (E2E) encryption;
Encryption algorithms: Signal protocol, with Perfect Forward Secrecy (PFS) for text messages, voice messages, and video calls;
Open-source software;
Disappearing messages (aka self-destructing messages);
Published transparency reports;
Logs minimum amount of data;
Does not log IP Addresses;
Can replace your phone’s SMS messaging app;
Focus is totally on individual users;
All Signal products are free of charge.
– Cons
Requires a telephone number to sign up.
Now we’ll briefly cover the main features of Signal encrypted messenger.
Feature summary.
Here are some key features to consider when deciding whether the Signal app is right for you:
Signal is generally considered the most secure messaging app existing.
100% open-source code. The code is available on GitHub.
The Signal Messaging Protocol was independently audited in 2016.
The service is fully GDPR-compliant.
Clients for Android, iOS, macOS, Windows, Linux.
Company information.
In 2013, Moxie Marlinspike (real name Matthew Rosenfeld) founded Open Whisper Systems to develop the Signal app and protocol. In 2018, Marlinspike and Brian Acton founded Signal Messenger, LLC, to take over the development of both the Signal app and the Signal Protocol.
Signal Messenger, LLC is funded by the Signal Technology Foundation (aka Signal Foundation), a 501(c)(3) non-profit organization. All products of the Signal Foundation are published as free and open-source software.
Where is your Signal data stored?
When you use the Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on. As Signal points out,
Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
All message contents are end-to-end encrypted, so we don’t have that information either.
This is great for your privacy, since no one can get any more information than that without physical access to your device or those of the people you communicate with.
This is different from apps like Wire messenger, which stores info about your contacts on central servers. However, it does mean that if you want to keep copies of your messages, you will need to configure Signal to back them up and restore them on your device.
Third-party testing and audits of Signal.
Even when a product is 100% open source like Signal, you don’t really know how good it is until someone checks it out. Here are some published findings by experts you can review to see how good Signal really is.
Signal security audits.
A formal security analysis of the Signal protocol was conducted in 2016. According to that analysis, conducted by researchers from Germany, Switzerland, the United States, and Canada, there were no major flaws in the design. It showed that the protocol was cryptographically sound.
This analysis has been updated several times since, without changing the researcher’s conclusion that the protocol is sound. The last update was published in July 2019.
Note: In September 2019, a bug in the user interface of the Android version of the Signal app was discovered that could have allowed an attacker to eavesdrop on Signal users.
According to Vice.com, the bug was fixed the same day it was reported. This incident shows both the responsiveness of the Signal team, and the importance of keeping your copy of the Signal app and desktop updated.
How secure and private is Signal.
When it comes to security, the Signal messaging protocol is generally considered to be the most secure messaging protocol available. It is so good that many other messaging products, including Facebook Messenger, Skype, and WhatsApp, claim to have adopted the protocol for use in their own products.
When it comes to privacy, Signal is also a winner. As we discussed earlier, Signal only records three bits of information about their users. This is far less information than other services collect.
And you can take the privacy protections even one step further. This article has detailed instructions for registering a Signal account without disclosing your personal phone number.
Signal account without disclosing your personal phone number.
Contrary to popular belief, your Signal account is not linked to your phone number, but rather to an automatically generated number called a private key. To make the app easy to use, this private key or cryptographic identity is then associated with some arbitrary other number that again, for convenience’s sake, just happens to be a phone number. The reason it’s a phone number is so that the Signal service can send you a verification code in a text message during the sign-up and account registration process. But there’s no reason you have to give Signal your real phone number.
By providing Signal with any phone number at which you can receive an SMS or text message, you can register a Signal account at that other phone number. For example, you can create a pseudonymous Google account, register a Google Voice VoIP number, and use that as your Signal number. Or you can even use a free throw-away SMS account and use that number when you sign up for your Signal account instead of your real phone number. The Signal service will happily send the throw-away number a text message with the verification code, letting you complete the account sign-up process.
Now that you have a Signal account registered to a phone number other than your own, you should set a Signal Registration Lock PIN so that no one else can register the same number as you without knowing your PIN. To achieve this, access the Signal settings menu and select Privacy → Registration Lock PIN. Enter a strong PIN, and consider using a secret management app such as KeePass to write it down in a secure location.
Last edited by a moderator: