NEWSORZO
No Result
View All Result
Thursday, January 28, 2021
  • Home
  • Business
  • Tech
  • Startups
  • News
Subscribe
NEWSORZO
  • Home
  • Business
  • Tech
  • Startups
  • News
No Result
View All Result
NEWSORZO
No Result
View All Result
Home Startups

Signal Is Finally Bringing Its Secure Messaging to the Masses

by news orzo
March 5, 2020
in Startups
0
152
SHARES
1.9k
VIEWS
Share on FacebookShare on Twitter

Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a Midwestern-looking man in his sixties, asked for help. He couldn't figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.

Marlinspike launched Signal, widely considered the world's most secure end-to-end encrypted messaging app, nearly five years ago, and today heads the nonprofit Signal Foundation that maintains it. But the man on the plane didn't know any of that. He was not, in fact, trolling Marlinspike, who politely showed him how to enable airplane mode and handed the phone back.

"I try to remember moments like that in building Signal," Marlinspike told WIRED in an interview over a Signal-enabled phone call the day after that flight. "The choices we’re making, the app we're trying to create, it needs to be for people who don’t know how to enable airplane mode on their phone," Marlinspike says.

Marlinspike has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years—thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.

That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton had grown disaffected with what he saw as Facebook's attempts to erode WhatsApp's privacy.

Since then, Marlinspike's nonprofit has put Acton's millions—and his experience building an app with billions of users—to work. After years of scraping by with just three overworked full-time staffers, the Signal Foundation now has 20 employees. For years a bare-bones texting and calling app, Signal has increasingly become a fully featured, mainstream communications platform. With its new coding muscle, it has rolled out features at a breakneck speed: In just the last three months, Signal has added support for iPad, ephemeral images and video designed to disappear after a single viewing, downloadable customizable "stickers," and emoji reactions. More significantly, it announced plans to roll out a new system for group messaging, and an experimental method for storing encrypted contacts in the cloud.

Photograph: Michelle Groskopf
Advertisement

"The major transition Signal has undergone is from a three-person small effort to something that is now a serious project with the capacity to do what is required to build software in the world today," Marlinspike says.

Many of those features might sound trivial. They certainly aren't the sort that appealed to Signal's earliest core users. Instead, they're what Acton calls "enrichment features." They're designed to attract normal people who want a messaging app as multifunctional as WhatsApp, iMessage, or Facebook Messenger but still value Signal's widely trusted security and the fact that it collects virtually no user data. "This is not just for hyperparanoid security researchers, but for the masses," says Acton. "This is something for everyone in the world."

Even before those crowdpleaser features, Signal was growing at a rate most startups would envy. When WIRED profiled Marlinspike in 2016, he would confirm only that Signal had at least two million users. Today, he remains tightlipped about Signal's total user base, but it's had more than 10 million downloads on Android alone according to the Google Play Store's count. Acton adds that another 40 percent of the app's users are on iOS.

"I’d like for Signal to reach billions of users. I know what it takes to do that."

Brian Acton, Signal Foundation

Its adoption has spread from Black Lives Matters and pro-choice activists in Latin America to politicians and political aides—even noted technically incompetent ones like Rudy Giuliani—to NBA and NFL players. In 2017, it appeared in the hacker show Mr. Robot and political thriller House of Cards. Last year, in a sign of its changing audience, it showed up in the teen drama Euphoria.

Identifying the features mass audiences want isn't so hard. But building even simple-sounding enhancements within Signal's privacy constraints—including a lack of metadata that even WhatsApp doesn't promise–can require significant feats of security engineering, and in some cases actual new research in cryptography.

Take stickers, one of the simpler recent Signal upgrades. On a less secure platform, that sort of integration is fairly straightforward. For Signal, it required designing a system where every sticker "pack" is encrypted with a "pack key." That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decrypted stickers or even identify the Signal user who created or sent them.

Signal's new group messaging, which will allow administrators to add and remove people from groups without a Signal server ever being aware of that group's members, required going further still. Signal partnered with Microsoft Research to invent a novel form of "anonymous credentials" that let a server gatekeep who belongs in a group, but without ever learning the members' identities. "It required coming up with some innovations in the world of cryptography," Marlinspike says. "And in the end, it’s just invisible. It’s just groups, and it works like we expect groups to work."

Signal is rethinking how it keeps track of its users' social graphs, too. Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal's servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that's meant to hide certain data even from the rest of the server's operating system.

That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. "I’ll just say, this is something we’re thinking about," says Marlinspike. Secure value recovery, he says, "would be the first step in resolving that."

Advertisement

With new features comes additional complexity, which may add more chances for security vulnerabilities to slip into Signal's engineering, warns Matthew Green, a cryptographer at Johns Hopkins University. Depending on Intel's SGX feature, for instance, could let hackers steal secrets the next time security researchers expose a vulnerability in Intel hardware. For that reason, he says that some of Signal's new features should ideally come with an opt-out switch. "I hope this isn't all or nothing, that Moxie gives me the option to not use this," Green says.

But overall, Green says he's impressed with the engineering that Signal has put into its evolution. And making Signal friendlier to normal people only becomes more important as Silicon Valley companies come under increasing pressure from governments to create encryption backdoors for law enforcement, and as Facebook hints that its own ambitious end-to-end encryption plans are still years away from coming to fruition.

"Signal is thinking hard about how to give people the functionality they want without compromising privacy too much, and that's really important," Green adds. "If you see Signal as important for secure communication in the future—and possibly you don't see Facebook or WhatsApp as being reliable—then you definitely need Signal to be usable by a larger group of people. That means having these features."

Brian Acton doesn't hide his ambition that Signal could, in fact, grow into a WhatsApp-sized service. After all, Acton not only founded WhatsApp and helped it grow to billions of users, but before that joined Yahoo in its early, explosive growth days of the mid-1990s. He thinks he can do it again. "I’d like for Signal to reach billions of users. I know what it takes to do that. I did that," says Acton. "I’d love to have it happen in the next five years or less."

That wild ambition, to get Signal installed onto a significant fraction of all the phones on the planet, represents a shift—if not for Acton, then for Marlinspike. Just three years ago, Signal's creator mused in an interview with WIRED that he hoped Signal could someday "fade away," ideally after its encryption had been widely implemented in other billion-user networks like WhatsApp. Now, it seems, Signal hopes to not merely influence tech's behemoths, but to become one.

But Marlinspike argues that Signal's fundamental aims haven't changed, only its strategy—and its resources. "This has always been the goal: to create something that people can use for everything," Marlinspike says. "I said we wanted to make private communication simple, and end-to-end encryption ubiquitous, and push the envelope of privacy-preserving technology. This is what I meant."


Read more: https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/

Tags: encryptionmessagingno riverSignal
  • Trending
  • Comments
  • Latest

Amazon Seller Certifications Highlight Women and Veteran Owned Small Businesses

February 26, 2020
The Changing Role Of Airports IELTS Reading Answers

The Changing Role Of Airports IELTS Reading Answers

October 4, 2020
Techstars launches a digital space tech accelerator with USAF, the Netherlands and Norway

Teeoh’s avatar social platform aims to beat the odds

January 4, 2020
Best Hand Lettering Quotes For Inspiration

Best Hand Lettering Quotes For Inspiration

October 18, 2020
Spotify Ads Targeting Options

Spotify Ads Targeting Options

0
Red Dead Redemption PC is finally fixed, Rockstar promises

Red Dead Redemption PC is finally fixed, Rockstar promises

0
Techstars launches a digital space tech accelerator with USAF, the Netherlands and Norway

Techstars launches a digital space tech accelerator with USAF, the Netherlands and Norway

0
Techstars launches a digital space tech accelerator with USAF, the Netherlands and Norway

Crimson Tiring Redemption 2 PC gets a repair for stuttering – but it no doubt could perchance per chance also approach at a heed

0
Spotify Ads Targeting Options

Spotify Ads Targeting Options

January 28, 2021
Insider Attacks and How to Prevent Them

Insider Attacks and How to Prevent Them

January 27, 2021
Donald Trump Pardons Lil Wayne, Kodak Black, Kwame Kilpatrick, Roc Nation’s Desiree Perez And 139 Others

Donald Trump Pardons Lil Wayne, Kodak Black, Kwame Kilpatrick, Roc Nation’s Desiree Perez And 139 Others

January 27, 2021
More For Your Marketing Dollar

More For Your Marketing Dollar

January 26, 2021

Recent News

Spotify Ads Targeting Options

Spotify Ads Targeting Options

January 28, 2021
Insider Attacks and How to Prevent Them

Insider Attacks and How to Prevent Them

January 27, 2021

Categories

  • Business
  • News
  • Startups
  • Tech

Site Navigation

  • Privacy Policy
  • Disclaimer
  • Contact Us
  • Advertise
NEWSORZO

NEWSORZO is online business journal that focuses on providing news related to the business world, startups, economic developments and more.

© 2020 NEWSORZO - Online business journal that focuses on providing news related to the business world, startups, economic developments and more.

No Result
View All Result
  • Home
  • Business
  • Tech
  • News
  • Startups

© 2020 NEWSORZO - Online business journal that focuses on providing news related to the business world, startups, economic developments and more.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In