My thoughts about the benefits and drawbacks of using the Signal messenger as your default messenger and why it is the most private option compared to popular messenger services like WhatsApp, Facebook Messenger, We Chat, QQ, Telegram, Snapchat or even Skype, Google Hangouts, Zoom and basic text messaging (SMS) etc.
First Published: Saturday October 10, 2020
Last Updated: Monday October 12, 2020
Author: Luke Morrison
Tags: Opinion, Privacy, Technology, Human Behavior, Trust, Permission First
The most popular communications applications are all free for a number of simple reasons. They mine your data and they sell or use your data in advertising tools like Google AdWords or Facebook Ads Manager. These large companies do this because you are the product. They want to sell you things. Lots of things. Another big reason? Maybe big brother thinks you have broken a law wants the right to access your data without your knowledge or your permission.
There is saying. "If it's free, you are the product"
There is at least one exception to this and that is the Signal messaging app. :)
Here is a snap shot from www.statista.com of the most popular messenger usage globally as of July 2020.
**Remember that WhatsApp and Facebook Messenger are both owned by Facebook and their data is shared. So the graph is a bit misleading.
For these reasons, I personally use the Open Source Signal messenger or sometimes Telegram (although telegram has some compromises that Signal messenger does not. Maybe I'll write an article on Telegram someday.
Big brother government, prefers to be able to access your data in the name of the law and that's the reason they maintain that companies must keep their data in some sort of readable format on their servers. This is so they can request it at any time. Companies also like to have access to their "own" data as they call it. Once you use their services they no longer refer to your data as yours, it's theirs; you give up your control and any rights that go along with that control.
Their data is their new currency and it is driving the economy in a big way.
Companies use their data as a resource to sell and trade with third parties all beyond your control without your permission even if their privacy statements say otherwise, I'll go into that more later.
Because of this data market, the data is available to anyone who has access to or even requests access to it, such as when a company gets sold to another company or to governments or hackers.
This is the main reason I use Signal as my default messenger. It's simple. It's called privacy.
The basic premise of Signal is, that only the participants in the conversation have access to the conversation data, no third party can ever access the conversation, even after the fact. The exception being they would have to get physical access to your devices which are participating in that conversation. This includes the person you are communication with. But this has always been the case. Even when Talking In Real Life (IRL). If someone asks the person you were talking to they can share your conversation. But that same person can't go to Signal or to Facebook or to Google and say. Send me a copy of Luke and Joe's conversation. If they did all Signal would give them is My name and Joe's name. Because that's all they have.
Also if the folks at Signal decided to sell Signal to some entity with different values or intentions for your data this would not effect your data in any way since even the owners of the protocol can never have access to the data, by design. It is designed to be private by default, without exception.
My conversations are private and Nobody can listen in. Even if they get a warrant from their countries or another countries highest courts.
Here is my reasoning for preferring to use Signal as my default messaging tool of choice.
Signal conversations mimic conversations in real life:
This is how I think of In Real Life conversations and how they work:
You do it face to face.
You choose to know the person and the character of the person to whom you are talking, or not.
You can look around to see if anyone is listening in a because of this you usually choose a private place to talk.
If you think someone is listening in; you can stop talking and wait.
During the conversation you can talk about "anything" you want.
As a result you can expect positive, neutral or negative feedback from the person you are talking to in a verbal or visual way.
You trust that the only record of the conversation is in your mind and in the mind of the person or persons who are listening.
You assume that if the persons in the conversation have a good memory they can replicate the conversation but they can't duplicate it wholly and that the longer time passes from when that conversation was held that the memory of it will fade an be mostly lost.
My assumptions about IRL conversations.
Nobody is recording your conversation except in the mind of the person or persons you are talking to.
Nobody is selling the data in your conversation except maybe the person you are talking to. Maybe you need to choose better friends!?
The sale of the data in your conversation is policeable by you and the person you are talking to. If they share the conversation it usually gets back to you in some way. If the person chooses to use your conversation in an unethical way you can choose to disband your relationship with them. There are social consequences.
You can ask the person to erase any records of the conversation. Can can do this face to face and you can look to see that it is actually being done.
The conversation is based on trust between two human beings and the influence of the community that those two human beings participate in.
So with all this in mind this is how I see the design of Signal mimicking the the traits of a IRL conversation.
When you send a message to someone who is also using signal.
a. The message is encrypted locally on "your" device.
b. The "encrypted message" is then sent to the signal servers.
c. The "encrypted message" sits on the signal server until it is transmitted to the person receiving the message. E.g. if the person you are communicating with has turned off their device.
d. The encrypted message is immediately deleted from the signal server upon confirmation of receipt from the destination messenger.
e. Then the "encrypted message" only exists on the senders and receivers devices within the signal app.
f. If the sender deletes the message or the Signal App it still exists on the receivers device, but only on their device (or devices if they have more than one).
g. If the sender and receiver delete their copies of the encrypted message then the message does not exist anywhere anymore.
h. Nobody can ever get access to my "encrypted message" by asking someone other than the intended recipients of that conversation (with a few exceptions but these exceptions mimics IRL where someone records your conversation and shares it externally.
With other messaging apps your data is stored on the companies servers where it can be copied, used, bought, sold or given away or hacked by them or third parities who gain access to their data. With signal this is not done. Check out this Signal blog article called Encrypted profiles for Signal now in public beta. It describes how Signal maintains your data locally on your own phone and never stores anything on the signal server.
There are a few issues I have with Signal but choose to live with them.
The main one is that if I loose my phone, or otherwise delete the signal app with out backing up my messages they are gone. Here is the Process to backup your Signal Messages.
Most of the people who use Signal don't make it their default messaging application so sometimes when I send them a message they miss it. So sometimes I have to ping them to check their Signal using an unencrypted Text Message.
Some folks delete the Signal App without un registering their phone number from the signal server. When this happens any message I send to them over signal is missed.
The unregistering process to unlink your phone number from Signals servers isn't automated. You can find the link to unregister here.
Some folks like to use Google's Assistant or Apples Siri or Amazon's Alexa to transcribe messages verbally. These services don't really work well with Signal because Signal controls access to your messages. There are some exceptions but you compromise your privacy by using them because your data must be transmitted to Google, Apple or Amazon's servers.
Anyway with is all said. I try my best to get folks to use Signal as their default messaging app but to date the only person who actually does is my sister. Others use it but not as their default messaging app.
PS. Here are some fun things to read if you like reading. I think these articles will help persuade you to use Signal Messenger as your default messaging app.
Looking back at how Signal works, as the world moves forward by moxie0 on 05 Jun 2020
Blur tools for Signal by moxie0 on 03 Jun 2020
Documentation for the Signal App and Protocol https://signal.org/docs/
The most Awesome Double Ratchet Algorithm "The Double Ratchet algorithm is used by two parties to exchange encrypted messages based on a shared secret key. Typically the parties will use some key agreement protocol (such as X3DH ) to agree on the shared secret key. Following this, the parties will use the Double Ratchet to send and receive encrypted messages.
The parties derive new keys for every Double Ratchet message so that earlier keys cannot be calculated from later ones. The parties also send Diffie-Hellman public values attached to their messages. The results of Diffie-Hellman calculations are mixed into the derived keys so that later keys cannot be calculated from earlier ones. These properties gives some protection to earlier or later encrypted messages in case of a compromise of a party's keys."
The X3DH Key Agreement Protocol "This document describes the "X3DH" (or "Extended Triple Diffie-Hellman") key agreement protocol. X3DH establishes a shared secret key between two parties who mutually authenticate each other based on public keys. X3DH provides forward secrecy and cryptographic deniability."
20 Facts About Canadian Data Privacy You Should Know by Ludovic Rembert — Last Updated on April 25, 2020
Privacy Canada Online Privacy Tools for Canadians.