Signal - the secure messenger

After writing about privacy and security in general, this is the first time I’m going to be talking about a specific solution. Full disclosure: I’m not a security professional, more of an enthusiast, so please take the advice with a grain of salt.

I’ve been disconcerted with the messaging situation for a few years now. I’ve been super excited about using WhatsApp back in the days when it was still an independent company. Now it was just another app that gets my data and uses it for advertisement. Admittedly it’s still way better than using Facebook Messenger. That’s because WhatsApp only uses my metadata (social graph, contacts, who and when am I talking to) whilst Facebook Messenger parses the whole content of my message (and possibly my phone calls, who knows) and uses them to create my profile to sell me better to advertisers and of course provide it to US authorities (hopefully they are not interested in my shopping lists but still it’s non of their beeswax).

So the main reasons why I cringe every time I submit the message through Messenger, WhatsApp or Gmail are:

  • I provide Facebook or Google with more of my private data
  • I support their dodgy behaviour
  • I’m making it harder for private and secure principles to spread

Criteria for choosing the new chat app

I’ve been investigating possible solutions/improvements for the last few months and I knew that once I’ll find a good alternative I’ll have to go through the hustle of convincing my core social network to install it and use it when talking with me. That means the solution had to have the following features:

  • Simplicity: my mum and grandpa could use it
  • Feature parity: the core features (messages, emojis, video calls, file and location sharing) had to be present and seamless to use
  • Privacy & Security: Leading the space in E2E encryption and in general collecting no/minimal data about me
  • Independent: Doesn’t belong to a company that already gathers huge amount of data about users

The 2nd best option - Matrix/Riot

I’ve been using Matrix for a while. I’ve even been on a call with its founder Matthew once. The great advantage of Matrix protocol compared to the winner (Signal) is that it is decentralized. That means it is supported and even encouraged for people to write different servers and clients to be used for sending messages in the Matrix network. This makes it amazing for technical folks as proved by Mozilla using Matrix for the company’s communication. I would use it as a slack alternative in a team.

Making the protocol open-source and the Matrix network decentralized has a massive drawback as well. It makes changes to it slower as Matthew admitted around Christmas. It means that the team needs to focus on supporting the community and backwards compatibility as well as developing new features. When you have centralized service, you can make changes to the whole network, when it’s decentralized, you need to take into account all the servers operated by other people.

Thanks to this the Riot app (the main Matrix chat app) doesn’t have all the bells and whistles that the popular messengers do have. As a result even though I like Matrix’s mission as much as Signal’s, I had to discard it as a viable option because it’s not satisfying the Simplicity and the Feature parity requirements.

Signal - the clear winner

Signal has been created with only one goal: Make the communication more private. It’s founder Moxie Marlinspike open-sourced all the encryption algorithms and protocols. So for example WhatsApp is using one of these protocols (Signal protocol) for its E2E encryption.

Signal is pushing the envelope when it comes to forgetting information about its users. And as far as my technical knowledge goes I choose to trust Signal that they are doing whatever they can to stay the most private and secure messenger out there.

Signal ticks all the boxes in my requirements. It has all the features I’d expect from a chat application. It’s one of the most private and secure apps you can find (if not the most private). Signal.org is independent not-for-profit organization and even though it resides in US, it doesn’t gather any information about you so even if the intelligence agencies wanted some of your data, they won’t get it.

But the most impressive and important characteristic of Signal app is its simplicity. I can install it on my mum’s or grandpa’s phone with clear conscience that they will be able to use it.

Decision has been made, what now?

Now I am “that guy”. I’m slowly convincing all my friends to start using Signal so that I don’t have to give Facebook or Google any more information about me. It’s hard to explain the importance of Privacy and Security to them but writing articles like these is helping me sort out my thoughts on the topic.

I’m not going to stop using WhatsApp or FB Messenger any time soon but each new person using Signal is a fraction of information that is now just between us, leaving Facebook and Google out of it. If Signal keeps up this good work, I can see a bright future.