A - I n f o s
a multi-lingual news service by, for, and about anarchists
News in all languages
Last 40 posts (Homepage)
archives of old posts
The last 100 posts, according
The First Few Lines of The Last 10 posts in:
First few lines of all posts of last 24 hours |
of past 30 days |
of 2002 |
of 2003 |
of 2004 |
of 2005 |
of 2006 |
of 2007 |
of 2008 |
of 2009 |
of 2010 |
of 2011 |
of 2012 |
of 2013 |
of 2014 |
of 2015 |
of 2016 |
of 2017 |
of 2018 |
of 2019 |
of 2021 |
Syndication Of A-Infos - including
RDF - How to Syndicate A-Infos
Subscribe to the a-infos newsgroups
(en) France, UCL AL #314 - Self-defense: protect yourself with Signal (ca, de, it, fr, pt)[machine translation]
Fri, 16 Apr 2021 08:55:18 +0300
Signal is recommended as the most advanced confidential messaging application in
terms of security. Presentation. ---- Signal is free software published by Open
Whisper Systems, made famous after being recommended by Edward Snowden in 2014.
Signal received in 2020 the maximum rating from the Mozilla Foundation who
described it as "the most secure communication application". Its popularity has
increased again recently, after WhatsApp's announcements of January 6 regarding
downloads of the application in 5 days). ---- Signal's security advantages ----
In addition to encrypted SMS type text messaging (including group), Signal
supports encrypted voice and video calls for up to 8 people. Although this is
primarily a mobile app, a desktop version is available. The application works on
iOS and Android, and it is synchronizable on Linux, Mac OS, and Windows. On
mobile, it can also be used to send " normal ", unencrypted SMS to contacts who
do not have Signal.
Signal is free and ad-free. The company is financed primarily by donations and
with the support of the Open Technology Fund, an American government agency,
which contributes to many projects of this type (in particular Tor). Because of
this source of funding, one might fear a conflict of interest or police
infiltration, but this is a very common practice in the United States. So far,
Signal has demonstrated its ability to act independently and transparently.
With Signal's strong, decentralized end-to-end encryption, there's no need to
trust a third party to keep your messages private. No one can read them or see
your calls except you and your recipients. Stored messages are also encrypted on
the phone via a password. In addition to encryption, the app has keystroke
detection protection and an ephemeral message feature. When the latter is
activated, the sent messages are deleted after reading, without leaving any
trace, after a period defined by you and your contact.
Signal also makes it possible to authenticate the identity of its interlocutor
through a unique security number that you can verify with your contact. The
application has a WebSocketsbased operation , making the communication
services of Google or Apple optional. The only metadata that Signal says it
retains are " The date and time of a user's registration and the date of their
last connection to the service. ". This statement was proven following the
solicitation of the Grand Jury of the District of Virginia. Finally, it is
possible to download the software directly from the Signal website, without going
through the proprietary Google Play Store or AppStore catalogs. Unfortunately
Signal is not available on the free F-Droid catalog.
These different features, and its nature as free software, make it a much more
secure application than its competitors WhatsApp, Messenger (properties of
Facebook), or Telegram.
Some criticisms remain
The most recurring criticism of Signal concerns the lack of anonymity in the
registration process: to register you must provide your phone number. Note,
however, that the application does not need to run on the phone with which it was
registered, so it is possible to use a prepaid Sim card or a temporary number to
create an account. In addition, Signal engineers are developing an alternative
solution without a phone number.
Open Whisper Systems is a US company, therefore under US law and undoubtedly
under the surveillance of the NSA which must seek a way to penetrate Signal with
its surveillance tools. To some extent, Signal could be compromised either by a
backdoor in its systems or by a government order requiring Open Whisper Systems
to assist the NSA.
Recently, a new feature in Signal has raised several voices. By offering the
saving of usage profiles (profile, phone number and contacts), Signal now hosts
information on its users where no information was previously stored.
Functionality remains optional, but the change in philosophy that it induces may
Other threats exist
There remains a main flaw in this mode of communication: inside each mobile
phone, there is an exclusive closed-source chip, called the baseband processor,
which manages all the communication functions of the phone. This proprietary chip
could allow mobile service providers to bypass any encryption used by every
application running on a phone. In theory, they could access content in clear
text and in real time, as information changes from encrypted to decrypted status.
A weakness that applies to any mobile security application.
There are threats to the possibility of using encryption technologies in general,
with many governments frowning on this. Currently, the app is blocked in Egypt,
UAE, Oman, and Qatar. Without much success, since Open Whisper Systems added a
featureto bypass this limitation. Only Iran has an effective blockade due to
US sanctions which also block access to instances that support this functionality.
Signal is one of the best options to use to protect your mobile exchanges,
another reflex to acquire in an increasingly secure society where surveillance is
gradually becoming the norm.
Ed (UCL Alpes-Provence)
 It combines the Extended Triple Diffie-Hellman (X3DH) protocol, Double
Ratchet algorithm, pre-keys and uses Curve25519, AES-256, and HMAC-SHA256 as
 Web standard designating a network protocol aiming to create full-duplex
communication channels over a TCP connection.
 " A new feature attracts criticism against the secure Signal application ",
Lemonde.fr , July 13, 2020.
 The domain fronting allows a user to connect securely to a prohibited
service, while appearing to communicate with a different site.
A - I N F O S N E W S S E R V I C E
By, For, and About Anarchists
Send news reports to A-infos-en mailing list
A-Infos Information Center