A - I n f o s

a multi-lingual news service by, for, and about anarchists **
News in all languages
Last 40 posts (Homepage) Last two weeks' posts Our archives of old posts

The last 100 posts, according to language
Greek_ 中文 Chinese_ Castellano_ Deutsch_ Nederlands_ English_ Français_ Italiano_ Polski_ Português_ Russkyi_ Suomi_ Svenska_ Türkçe_ _The.Supplement

The First Few Lines of The Last 10 posts in:
Castellano_ Deutsch_ Nederlands_ English_ Français_ Italiano_ Polski_ Português_ Russkyi_ Suomi_ Svenska_ Türkçe_
First few lines of all posts of last 24 hours | of past 30 days | of 2002 | of 2003 | of 2004 | of 2005 | of 2006 | of 2007 | of 2008 | of 2009 | of 2010 | of 2011 | of 2012 | of 2013 | of 2014 | of 2015 | of 2016 | of 2017 | of 2018 | of 2019 | of 2021 | of 2020

Syndication Of A-Infos - including RDF - How to Syndicate A-Infos
Subscribe to the a-infos newsgroups

(en) France, UCL AL #314 - Self-defense: protect yourself with Signal (ca, de, it, fr, pt)[machine translation]

Date Fri, 16 Apr 2021 08:55:18 +0300

Signal is recommended as the most advanced confidential messaging application in terms of security. Presentation. ---- Signal is free software published by Open Whisper Systems, made famous after being recommended by Edward Snowden in 2014. Signal received in 2020 the maximum rating from the Mozilla Foundation who described it as "the most secure communication application". Its popularity has increased again recently, after WhatsApp's announcements of January 6 regarding its privacy policy which triggered a massive leak to Signal (7.5 million new downloads of the application in 5 days). ---- Signal's security advantages ---- In addition to encrypted SMS type text messaging (including group), Signal supports encrypted voice and video calls for up to 8 people. Although this is primarily a mobile app, a desktop version is available. The application works on iOS and Android, and it is synchronizable on Linux, Mac OS, and Windows. On mobile, it can also be used to send " normal ", unencrypted SMS to contacts who do not have Signal.

Signal is free and ad-free. The company is financed primarily by donations and with the support of the Open Technology Fund, an American government agency, which contributes to many projects of this type (in particular Tor). Because of this source of funding, one might fear a conflict of interest or police infiltration, but this is a very common practice in the United States. So far, Signal has demonstrated its ability to act independently and transparently.

With Signal's strong, decentralized end-to-end encryption[1], there's no need to trust a third party to keep your messages private. No one can read them or see your calls except you and your recipients. Stored messages are also encrypted on the phone via a password. In addition to encryption, the app has keystroke detection protection and an ephemeral message feature. When the latter is activated, the sent messages are deleted after reading, without leaving any trace, after a period defined by you and your contact.

Signal also makes it possible to authenticate the identity of its interlocutor through a unique security number that you can verify with your contact. The application has a WebSockets[2]based operation , making the communication services of Google or Apple optional. The only metadata that Signal says it retains are " The date and time of a user's registration and the date of their last connection to the service. ". This statement was proven following the solicitation of the Grand Jury of the District of Virginia. Finally, it is possible to download the software directly from the Signal website, without going through the proprietary Google Play Store or AppStore catalogs. Unfortunately Signal is not available on the free F-Droid catalog.

These different features, and its nature as free software, make it a much more secure application than its competitors WhatsApp, Messenger (properties of Facebook), or Telegram.

Some criticisms remain
The most recurring criticism of Signal concerns the lack of anonymity in the registration process: to register you must provide your phone number. Note, however, that the application does not need to run on the phone with which it was registered, so it is possible to use a prepaid Sim card or a temporary number to create an account. In addition, Signal engineers are developing an alternative solution without a phone number.

Open Whisper Systems is a US company, therefore under US law and undoubtedly under the surveillance of the NSA which must seek a way to penetrate Signal with its surveillance tools. To some extent, Signal could be compromised either by a backdoor in its systems or by a government order requiring Open Whisper Systems to assist the NSA.

Recently, a new feature in Signal has raised several voices. By offering the saving of usage profiles (profile, phone number and contacts), Signal now hosts information on its users where no information was previously stored. Functionality remains optional, but the change in philosophy that it induces may displease[3].

Other threats exist
There remains a main flaw in this mode of communication: inside each mobile phone, there is an exclusive closed-source chip, called the baseband processor, which manages all the communication functions of the phone. This proprietary chip could allow mobile service providers to bypass any encryption used by every application running on a phone. In theory, they could access content in clear text and in real time, as information changes from encrypted to decrypted status. A weakness that applies to any mobile security application.

There are threats to the possibility of using encryption technologies in general, with many governments frowning on this. Currently, the app is blocked in Egypt, UAE, Oman, and Qatar. Without much success, since Open Whisper Systems added a feature[4]to bypass this limitation. Only Iran has an effective blockade due to US sanctions which also block access to instances that support this functionality.

Signal is one of the best options to use to protect your mobile exchanges, another reflex to acquire in an increasingly secure society where surveillance is gradually becoming the norm.

Ed (UCL Alpes-Provence)


[1] It combines the Extended Triple Diffie-Hellman (X3DH) protocol, Double Ratchet algorithm, pre-keys and uses Curve25519, AES-256, and HMAC-SHA256 as cryptographic primitives.

[2] Web standard designating a network protocol aiming to create full-duplex communication channels over a TCP connection.

[3] " A new feature attracts criticism against the secure Signal application ", Lemonde.fr , July 13, 2020.

[4] The domain fronting allows a user to connect securely to a prohibited service, while appearing to communicate with a different site.

A - I N F O S N E W S S E R V I C E
By, For, and About Anarchists
Send news reports to A-infos-en mailing list
Subscribe/Unsubscribe http://ainfos.ca/mailman/listinfo/a-infos-en
Archive: http://ainfos.ca/en
A-Infos Information Center