Signal Messenger: How to Successfully Resist Wiretapping Attempts

Successfully Resist Wiretapping Attempts

Against the backdrop of events in the US, the popularity of the Signal secure messenger has grown sharply – from 6,000 to 26,000 downloads per day. This software uses strong cryptography and end-to-end encryption. It is based on the open-source code and works with well-known cryptographic protocols (unlike proprietary MProto by Telegram).

Now and then, Signal developers are facing constant threats. Various governments, including the US government, are trying to compromise the built-in protection of the messenger and gain access to the correspondence of its users. Back in 2016, the US authorities managed to get a subpoena to delete the correspondence of one particular user, but thanks to end-to-end encryption, there was nothing to delete.

The only data that Signal can provide at the request of government services is just the minimal user data that it stores on its servers. It is:

  • Account creation data (in Unix format)
  • Date of the last time Signal was used (in Unix format)

And that is all. No contacts, group information, or profile information.

We designed Signal in such a way that personal data is stored on the client side, not ours,” the developers say. Signal uses end-to-end encryption, so developers never have access to the content of the messages people send. They are visible only to senders and the intended recipients. Signal also applies this design philosophy to the rest of the user data.

Unlike any other popular crypto messengers, Signal does not have access to contacts, social graph, group data, status information in groups, profile names, profile avatars, location data, search history, and so on. There are no trackers, ads, or analytics code in the program code. Absolutely all information is encrypted, except for the date the account was created and the date it was last used, as mentioned above.

Moxie Marlinspike, a well-known hacker, crypt anarchist and the lead program developer says: “Since we created Signal in order to completely avoid the storage of any confidential information, I can go on stage in front of thousands of people and publicly publish all my account information without revealing anything other than how long ago I have installed Signal (it was the last time I changed the phone) and the last date I used it (by the way today).

The main weakness of Signal and similar messengers is the binding to a specific phone number. For example, if an outsider joins a certain group, he can see the phone numbers of all members of this group. This technique was used by the Hong Kong police to identify the protesters in WhatsApp, Signal, and Telegram.

On the other hand, the attacker cannot get the rest of the account data even upon judicial requests.

If you ask the CEO of any other major communication platform to publicly publish his credentials from his platform, he won’t do that,” Moxie writes. “I don’t blame them – this is a kind of data that is inconvenient to share. But this raises the question of how comfortable it is to share the same data with the authorities and service providers.

Any American company is required to comply with the rules of American law and provide data at the request of the court. But in the case of Signal, it will simply have nothing to present.

In some countries, after WhatsApp leakage cases, even the military and politicians are transferred to the mandatory use of Signal and Wickr crypto messengers. For example, such rules are set for soldiers of the 82nd Airborne Division of the US Army and for communication of members of the Conservative Party in Great Britain. Today, the presence of Signal on the phone is not a sign of suspicious activity of its owner, but rather a sign of common sense.

The lack of personal data in the ownership of the company behind any messenger app is the only strategy that ensures the security of personal data. Trust in any messenger comes down to trusting the company’s engineering capabilities to develop software that will not allow the transfer of personal data and ensures that this data is stored only locally and no one else can read it.

Signal is a non-profit organization, so the software has been and will remain free and open-source. “Our mission is to increase privacy on the Internet, so we freely publish our technology and share knowledge in order to encourage other companies to use it in their own products and services,” says Moxie Marlinspike.

Today, some other messengers work using the Signal protocol. However, they have not implemented a strict refusal to collect personal information about users and continue to store contact details, conversations, photos, and other data for each account on their servers. For example, WhatsApp also uses the secure Signal protocol, but it passes the user’s social graph to the parent company Facebook. The same applies to Telegram Messenger Inc.

Of course, there are more secure and reliable instant messengers with end-to-end encryption, that do not transfer the phone number. For example, the Matrix P2P direct encrypted messaging system that uses client software such as Riot and others. But so far, these programs are not very user friendly. For example, , you need to edit the .json configuration file.

Moreover, we underestimate one more privacy problem coming from another side. None of us are immune from the fact that under pressure, we can be forced to reveal correspondence holding the phone in our hands. Anyone can play the coercive role, from a robber to border guards and police officers.

None of the popular instant messengers have protection against such an attack. So, the next step is to develop a new protection mechanism. Some experts are already working on a solution where if the user, being under pressure, could launch the messenger and show an empty account where there is no important correspondence. At the same time, the attacker will not know that he was shown only one of several accounts hidden in the messenger app.

By David Balaban

Alex Tkatch

Dare to Innovate: 3 Best Practices for Designing and Executing a New Product Launch

Best Practices for Designing and Executing a Product Launch Nothing in entrepreneurial life is more exciting, frustrating, time-consuming and uncertain than launching a new product. Creating something new and different can be exhilarating, assuming everything ...
Big Data Explosion

Developing Machine Learning-based Approach for Optimizing Virtual Agent (VA) Training

Optimizing Virtual Agent (VA) Training Achieve NLU model’s precision, recall & accuracy up to 78% The success of any Virtual Agent (VA) depends on the training of its Natural Language Understanding (NLU) model prior to ...
Scott Leatherman

Beware the Perils of Blind Cloud Provisioning

The COVID-19 Rush to the Cloud Results in Steep Costs and Chaos For many companies, their data center capacity was not built for the instant tsunami-sized jolt of increased load caused by the global pandemic ...
Gary Bernstein

Exposed Data From 21 Million VPN Mobile Users

Exposed Data From 21 Million VPN Mobile Users The data and credentials from 21 million mobile VPN users were found for sale last week in an internet forum. A cyber thief posted the credentials for ...
Shells.com – Your Personal Cloud Computer

Shells.com – Your Personal Cloud Computer

Personal Cloud Computer Shells, a robust virtual desktop infrastructure, ensures better performance by enabling its users to incorporate a layer of virtualization between the control server and any device that they choose. This way, it ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.