A clear vision or mixed signals?

In this post, we try to discern what the goals of Signal are, how they intend to accomplish these goals and who benefits or suffers from them. We have a look at the unique features Signal offers to its users, and take a leap forward to see what the future may hold.

What Signal aims to achieve

On the Signal website, the project goals are displayed. Signal offers a library which facilitates encrypted messaging. Additionally, they provide Android, iPhone and desktop versions of their messaging app, which uses this library. The goals listed on the website are:

  • Fast: The computations required for the message encryption and decryption that Signal’s library requires inherently cause secure messaging to be slower than regular, non-encrypted messaging. Having an application that either rapidly drains the battery of the users’ devices or that becomes sluggish and unresponsive, solely to perform some direct communication, is not acceptable. The Signal applications have also been designed to scale well with multiple users, enabling fast chats, even in groups with many users in them.

  • Simple: In the development ideology of the contributing file, it is clearly stated that exposing more options to the end user is in most cases undesirable. What’s more, during the development one should not consider so-called power users who can benefit from having functionality exposed to them. In short, keeping the application simple increases security for all users.

  • Secure: Signal is best known for its focus on security. The encryption model and library developed by Signal is known for being highly secure. The applications built with the libraries are also designed with a careful eye for security.

Signal’s intended audience

When using Signal, the user expects to find all functionality that is conventional for a modern messaging app: Sending messages to individuals or groups, with support to send only text or add attachments like images, locations and such. What sets the mental model of Signal’s users apart from other messaging apps’ users is the additional expectation of privacy and transparency. Signal specifically targets both the privacy-conscious user, who wants to use instant messaging without anyone looking over his digital shoulder, as well as the user who values transparency, which is provided by Signal through their open-source code bases.

What sets Signal apart

As mentioned before, Signal is all about security and privacy. A feature of Signal is that some of the aspects of its security are visible to the users. Users can, for example, decide to reset the security of conversations. Moreover, they can verify the identity of other users by scanning a QR-code on their device.

A technical feature within Signal is that some metadata of messages sent within Signal is also encrypted. For instance, the sender field of a message in Signal is sealed, meaning it is not visible to anyone except the receiver of the message1. Along with these unique features, Signal comes with all the features a user expects from a modern instant messaging application, such as document sharing, voice/video chatting, et cetera.

Who is affected by Signal

Since a stakeholder is used in several ways, we define a stakeholder as an entity which is directly affected by the system. Signal is developed by Signal Messenger LLC which was founded by Moxie Marlinspike and Brian Acton in 2018. However, since it is open-source contributions to the application can be made by anyone who is interested in contributing to the product.

Signal is funded by the non-profit organization “Signal Foundation” which was created by Brian Acton in 2018. Furthermore, in the startup phase of Signal, donations and grants from among others the Knight Foundation, Shuttleworth Foundation, and the Open Technology Fund, were used to fund Signal’s development.

Users of Signal’s applications are also a major stakeholder. They rely on the security and privacy Signal provides for their private conversations. These users can be split up into two categories: companies and individuals. A company could decide to use Signal for its internal communication and thus rely on Signal’s availability.

Where regular users and companies seek privacy and security, intelligence agencies such as the NSA have contradictory wishes. Such agencies want to be able to monitor digital communication, so that they can identify potential threats. In the case of Signal, however, they are unable to do so, since Signal’s encryption make this an impossibility. An NSA employee has even said that this encryption is a “major threat” to their mission2.

Current and future context

Two different perspectives can be assumed when looking at Signal: the business perspective and the technical perspective. When considering the business perspective, we can see that Signal has a number of competitors3. However, when comparing those competitors in terms of features4, it becomes clear that only Facebook Messenger, WhatsApp and Telegram offer end-to-end encryption. Because of the transparency that Signal enjoys from its open-source nature, those who value privacy in their means of communication are likely to favor Signal over the competitors that offer end-to-end encryption. Now that people start to value their privacy more and more, it could be possible that the amount of users that choose Signal will increase.

From the technical perspective, we can observe that governments are trying to pressure companies such as Signal to loosen up their promises on privacy and security. For example, the American government ordered Signal in the first half of 2016 to hand over the data it held on two accounts, and to not make public that it had done so or had received the order to5. In a resolution proposed by Interpol, the organization seeks the ability for law enforcement to defeat end-to-end encryption as used by messaging apps such as Signal6.

However, such legislation is not the only threat to Signal’s encryption protocol. The development of quantum computers poses a threat to the encryption schemes that are currently being used7. In order to keep Signal safe in a future where quantum computers can be used to defeat its encryption protocol, recent research has analyzed different algorithms which can be used to prepare the Signal protocol against attackers who possess a quantum computer8.

What’s in store for Signal

Although Signal developers generally do not talk about features until they are ready9, Signal’s creator Moxie Marlinspike revealed a number of features that the app is going to implement10. Those features revolve around further increasing the privacy of the users, while maintaining the functionalities that is offered by other instant messaging apps. The two main features revolve around the creation of groups and the recommendation of friends to a user.

In the case of the creation of groups, Signal wants to be able to create groups in such a way that the Signal servers do not know who participate in these groups10. In order to show a user which of his friends are on Signal as well, it would be required to scan through the user’s address book and match the telephone numbers to the telephone numbers of Signal users. The issue with this is that it requires the user to send his address book to Signal’s servers, which might compromise privacy. To work around this issue, Signal wants to process the user’s address book in a secure cryptographic enclave, available on Intel processors11. By doing so, the user’s address book still has to be uploaded to the servers, but now the user can validate that the server deleted the address book once it has scanned it and found the user’s friends who are on Signal as well. Besides those improvements, Signal aims to increase its user base to billions of users10.

As stated before, Signal does not have an official roadmap containing the upcoming features. For the Android version of Signal however, it is possible to make an educated guess about which features will be rolled out in the near feature, as a comparison is being kept between the different platforms on which Signal is available12.

We are excited to see the growth of Signal and similar privacy-centered initiatives. Online privacy has recently gained a lot of additional public attention with the introduction of new privacy legislation like the Europeans GDPR, and as more people become data-aware, Signal can expect to gain a lot more traction in the years to come.

  1. Joshua Lund. Technology preview: Sealed sender for Signal. published on 29-10-2018. retrieved from https://signal.org/blog/sealed-sender/. retrieved on 03-03-2020. 

  2. Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker. Inside the NSA’s War on Internet Security. published on 28-12-2014. retrieved from https://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html. retrieved on 04-03-2020. 

  3. Wikipedia. Comparison of cross-platform instant messaging clients. retrieved from https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients. retrieved on 06-03-2020. 

  4. Brett Max Kaufman. New Documents Reveal Government Effort to Impose Secrecy on Encryption Company. published on 04-10-2016. retrieved from https://www.aclu.org/blog/national-security/secrecy/new-documents-reveal-government-effort-impose-secrecy-encryption?redirect=blog/free-future/new-documents-reveal-government-effort-impose-secrecy-encryption-company. retrieved on 06-03-2020. 

  5. Joseph Menn. Exclusive: Interpol plans to condemn encryption spread, citing predators, sources say. published on 17-11-2019. retrieved from https://uk.reuters.com/article/uk-interpol-encryption-exclusive-idUKKBN1XR0S5. retrieved on 06-03-2020. 

  6. Wayne Rash. Quantum Computing Poses An Existential Security Threat, But Not Today. published on 31-08-2019. retrieved from https://www.forbes.com/sites/waynerash/2019/10/31/quantum-computing-poses-an-existential-security-threat-but-not-today/. retrieved on 08-03-2020. 

  7. Ines Duits. The Post-Quantum Signal Protocol: Secure Chat in a Quantum World. published on 05-02-2019. retrieved from https://www.semanticscholar.org/paper/The-Post-Quantum-Signal-Protocol-%3A-Secure-Chat-in-a-Duits/ea9216c3c7ab51d74f1d02ea274f656caf3fcbab. retrieved on 06-03-2020. 

  8. Joshua Lund. (reaction to) A proposal for alternative primary identifiers. published on 01-06-2018. retrieved from https://community.signalusers.org/t/a-proposal-for-alternative-primary-identifiers/3023/10. retrieved on 03-03-2020. 

  9. Andy Greenberg. Signal Is Finally Bringing Its Secure Messaging to the Masses. published on 14-02-2020. retrieved from https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/, retrieved on 03-03-2020.  2 3

  10. Andy Greenberg. Signal Has a Fix for Apps’ Contact-Leaking Problem. published on 26-09-2017. retrieved from https://www.wired.com/story/signal-contact-lists-private-secure-enclave/, retrieved on 03-03-2020. 

  11. klajsdgasjg. [Wiki] Feature Comparison: Android, iOS, Desktop. published on 03-03-2020. retrieved from https://community.signalusers.org/t/wiki-feature-comparison-android-ios-desktop/12003, retrieved on 03-03-2020. 

Signal for Android
Authors
Frank Vollebregt
Robin Oosterbaan
Wouter Zonneveld
Martijn van den Hoek