The whole point of a messaging app is secure and private communication between individuals. To this end, Signal really do not have any peer. The open source code provides complete transparency into the software itself, whereas the donation based financial model eliminates conflicts-of-interest in protecting user data.
I have been using Signal for a very long time although I had a small number of contacts there. Now that we suddenly have Signal trending everywhere, I want to do my part in promoting it.
What is Signal
Signal is a cross-platform messaging app developed by the Signal Technology Foundation which is a non-profit organization. Signal is primarily designed for privacy and security, everything else comes after.
Signal has been advocated by numerous privacy advocates and security experts all over the globe. It made headlines in 2015 after the famous whistleblower Edward Snowden vouched for it as the most secure messaging app of the time.
The importance of Signal cannot be understood without discussing the limitations of the contemporary messaging apps which we will do shortly.
Privacy features of Signal
The entire codebase of Signal is open source including the server. Which means you can easily figure out whether the app does exactly what it says it does. Hundreds of eyes on the source code also means critical bugs are less likely to slip through. This kind of transparency and trust are extremely important when it comes to softwares that claim to be secure and privacy friendly.
Signal uses a rigorously tested and proven encryption protocol, also called Signal, for securing the communication between users. That means when a message is sent, it is encrypted before leaving the sending device and can only be decrypted by the recipient on the other end and nobody else. All other parties including the Signal server itself only sees the unreadable encrypted data.
For the record, the Signal protocol is tried and tested and a number of other messaging apps including WhatsApp also uses this protocol.
Who you are talking to is just as important as what you are saying.
For example, in a protest scenario like that of Hong Kong's, the tyrannical government doesn't need to read your messages, they can just crack down on you if you are in contact with a known protester.
Signal uses an innovative way to prevent this problem called sealed sender. A message only has a readable destination and everything else including the origin address is encrypted. So nobody can see who is messaging whom. The origin address can only be decrypted after the message has been delivered to the destination.
Most messaging apps will happily hand over user data to the government, even a tyrannical one, as soon as they receive a warrant. And they have a lot of data about the users including but not limited to the entire contact list, usage history, message logs and even unencrypted message backups in some cases. But Signal do not store any useful data about the users in the first place. In fact, Signal has been subpoenaed before and they could only produce the account creation date and the last login date of the person in question.
Signal Technology Foundation is a non-profit organization and depend entirely on donations. This is why they do not have to sell user data or show targeted advertisements which are privacy nightmares. This donation only financial model allows them to be non-compromising when it comes to security and privacy of the users.
Comparison with other apps
The serious competitors of Signal include two other similar apps, WhatsApp and Telegram. But both of them serious issues.
First of all, WhatsApp is closed source. So there is no way to confirm whether WhatsApp is actually truthful about what it says about itself. For all we know there could be backdoors built into the app and we would be none the wiser.
That being said, WhatsApp claims to use the Signal protocol for end-to-end encryption. But it appears to be mostly a marketing stunt as all the message backups are stored unencrypted in the Google Drive. This also means that Google can read your messages at will and can even hand them over to another party if they see fit.
WhatsApp is a for-profit business and they have to make money somehow. So it stands to reason that selling your data and targeted ads are inevitable for a company like this. WhatsApp doesn't even try to hide it anymore. The latest policy update reflects their lack of concern regarding user privacy.
Parts of the Telegram is open source but not all of it. Despite this, Telegram, in many ways is worse than WhatsApp. There is no end-to-end encryption by default. In fact end-to-end encryption is not available in group chats. Telegram also uses its own home grown encryption system which is not as well tested as Signal.
Telegram does offer a secret chat between two individuals which is end-to-end encrypted, but it can only be accessed in one device and not backed up easily.
Neither WhatsApp nor Telegram have anything close to the metadata protection features of Signal. So there is no real alternative to Signal at this moment, if you value your privacy.
|Code||Open source||Closed source||Partially open source|
|End-to-end encryption||Enabled by default||Enabled by default||Disabled by default|
|Encryption protocol||Signal protocol||Signal protocol||MTProto protocol|
|PC client||Native||Web only||Native|
|Finances||Donation||For profit||Monetization upcoming|
Signal has several issues as well, which the developers are working hard to handle. These include
- The userbase is too small compared to WhatsApp, which prevents many people from migrating to Signal exclusively
- Signal requires a phone number to register, similar to WhatsApp and Telegram
- There is no support for usernames yet
- No status feature like WhatsApp
Signal is clearly the winner when it comes to privacy and security. However, the small userbase is really concerning.