Signal: Encrypted Communication

As the focus on security becomes more mainstream, chat application developers are racing to implement end-to-end encryption to keep up with competition and better guarantee user privacy. And while not all promise the same level of security, one application in particular is making great strides within this domain.

Signal, developed by San Francisco-based Open Whisper Systems, is the current darling of the cryptography world. It is endorsed by a broad spectrum of people and organizations ranging from security expert Bruce Schneier, to the infamous Edward Snowden, to the (post-DNC leak) 2016 Clinton presidential campaign. And despite it being less than three years-old, the Signal protocol is leading the way forward for encrypted communications.

The Signal application allows users to easily communicate with text, media, or voice calls—all protected from eavesdropping, as a result of the renowned Signal encryption protocol. Unlike some of its competitors, Signal is open-source and offers reproducible builds for Android. This allows for peace of mind, making malicious behavior such as man-in-the-middle attacks and malware injection considerably more difficult to execute.

While some companies are busy developing their own encryption standards (such as iMessage, Viber, and Wickr), Facebook Messenger, Google Allo, and WhatsApp have integrated the Signal encryption protocol into their own systems. However, despite this, they are not considered as trustworthy or secure as Signal itself. Unlike the Signal application, these applications are closed-source and security settings can often be manipulated by the user. In fact, just days ago, Signal was in the news as a result of flawed research directed at WhatsApp, purporting a cryptographic defect, which turned out to be not only an overstatement, but not news at all to the security community.

In addition to integrating their technology and protecting users throughout the world, Open Whisper Systems also stresses the importance of privacy for users affected by government censorship. Just days after the Egyptian government blocked Signal in mid-December, the company implemented a workaround known as domain fronting to its Android application (iOS update coming soon). Domain fronting masks Signal’s encrypted traffic, causing it to appear as a standard Google search. It also relies on Google and major Content Delivery Networks (CDNs); therefore at this point, an attempt by Egypt to block smaller services employing domain fronting, would either depend on the involvement of the larger ones, or an entire internet shutdown (again).

While it would be naive to believe there is a perfect solution to security and anonymity, Signal is revolutionizing this effort and can be considered one of the most trustworthy digital communication mechanisms to date. Users should still exercise caution with any form of internet or network communications, as this industry moves and changes rapidly, and one can never truly predict where or when the next obstacle or vulnerability may appear.

Learn More:
https://whispersystems.org/blog/reproducible-android
https://www.eff.org/node/82654
https://www.theverge.com/2017/1/13/14266632/whatsapps-backdoor-vulnerability-key-reset-signal
https://www.securityweek.com/signal-uses-domain-fronting-bypass-censorship

Previous
Previous

Tor to Enhance Hidden Service Security

Next
Next

Google Hacking aka Google Dorking