Signal's How-To Guide: Learn How to Secure Your Chats in 5 Minutes! 🔒📲
If you hadn't heard of Signal before this week, chances are you do now. The messaging app made headlines Monday when the editor-in-chief of The AtlanticJeffrey Goldberg was mistakenly added to a group chat with senior military officials who were planning an airstrike. Although it entered the fray for very unusual reasons, Signal has been, and remains, a well-regarded messaging platform for secure communication. It's not foolproof—emphasis on infallible in this case—, but it's worth understanding what it is and how it works, even if you're not someone who handles highly confidential information. 🔒
Signal is a messaging app that you can download on your iOS or Android device, link your phone number, and that's it! It's similar to other services like WhatsApp or Telegram. What sets Signal apart is its focus on privacy. Communication on the platform is end-to-end encrypted by default, and the app offers additional protections to keep your conversations private. 🔑
Why is end-to-end encryption important?
Aside from, say, walking up to someone and whispering in their ear, end-to-end encryption is the best way to communicate with another person and ensure your messages remain private. Encryption disguises the content of your message, making it virtually unreadable to anyone without the key needed to decrypt it. End-to-end encryption is so named because the message you share is essentially unreadable every step of the way between your device and the recipient's. It's only decrypted when it reaches its final destination. 🛡️
By comparison, standard SMS text messages aren’t encrypted as they travel across cellular networks 📶 — from towers to servers to the person you’re texting 📱. Your phone can store them as encrypted files 🔒, but the ISPs that handle the messages have access to them and can keep copies on their servers 🖥️. That’s where your message becomes vulnerable to sophisticated hacks like Salt Typhoon 🐉 or a court order served on the ISP ⚖️.
Messages that are end-to-end encrypted cannot be compromised in the same way, as they are virtually impossible to read without the key 🗝️. Electronic Frontier Foundation has an excellent explanation of encryption 🔐 and many other resources on privacy best practices 👁️🗨️.
How does Signal differ from other end-to-end encrypted messaging platforms?
More and more chat platforms are incorporating end-to-end encryption as a standard feature, and that's a good thing! It's part of WhatsApp, as well as iMessage on iPhones and RCS chats in Google Messages. Currently, messages between Android and iPhone users don't support end-to-end encryption, although that is changing soon. But even if your messages themselves are end-to-end encrypted, tech companies can access and store other information about you. For example, WhatsApp saves data like your profile information and contact list and will provide that information to authorities if a search warrant is filed.
Signal is run by a non-profit organization and, notably, only stores two pieces of information about your users: when they created their Signal account and when they last used the app. Authorities can't get any more information than that from Signal, as the company simply doesn't have it. That's why it's popular with journalists, activists, and people concerned about their privacy. Keep in mind that if authorities, hackers, or a foreign adversary gain access to the person you messaged—i.e., the other end—there's a fair amount of information they can glean, even if you have disappearing messages set up. 🔍
Who might want to use Signal?
The short answer is: anyone. Obviously, people with certain types of jobs have more at stake when communicating, but you don't have to be a journalist or a government official to want a little more security when it comes to your privacy. Authorities in Nebraska obtained the private Facebook chat history between a mother and her 17-year-old daughter to help prosecute them on charges of performing an illegal abortion. Because the chat wasn't encrypted, Meta had the messages in question and handed them over to authorities upon receiving the request. Had the messages been encrypted, Meta wouldn't have been able to comply. ⚖️
What are the disadvantages of using Signal?
Since most of your Signal account information is stored locally on your device, transferring your account to a new device requires a few additional steps and access to your old device. When your information is stored in the cloud, it's less secure, but much easier to move to a new device. And this might be obvious, but the person you're communicating with also needs to have a Signal account. 📲
What else should I know about Signal?
This week's news highlights another important aspect of using Signal or any other communication platform: it can't protect you from yourself. Signal's messaging protocol is highly secure, but there's always room for human error if you add the wrong person to a chat. That said, you can take some additional steps to avoid potential pitfalls. 404 Media has some good advice on How to use Signal's nickname feature to avoid confusing one name with another. 💡
Signal has some additional privacy options that you can enable in the app settings.
Another current concern is how much your information is safe when someone else has access to your phone—particularly a border agent. There's no foolproof method for securing the information on your phone, and regulations about how immigration officials can access your phone and what they can do with it aren't exactly clear. But it's a good idea to keep your digital footprint as small as possible and take steps to limit what someone can find on your phone with a quick search. 🕵️♂️
Signal offers a disappearing messages option that removes messages from your device after a certain period of time. There are also options to hide app content in the app switcher view, and you can set the app to require your lock screen credentials each time you reopen it. A little extra caution can go a long way. 🌐
