Categories


Tags



Archive

Signal - Secure, Encrypted Messaging

September 30, 2016 at 12:23 PM

You may have caught our most recent blogs highlighting the importance of email security and data encryption and we are going to continue this theme and talk a bit about encrypted messenger software – more specifically Signal, the encrypted chat app released from developers Open Whisper Systems.

With the monumental rise of smartphones over the last decade software apps have become common practice with some of the most popular being messenger offerings. And what’s not to like about them? You can easily keep in touch with friends and family no matter where they are in the world, drop them a picture of your latest excursion or new found NZ craft beer bar, leave them a voice message or simple text, but best of all avoid paying those inflated SMS and MMS charges.

There is a plethora of options out there, Skype, Voxer, Viber, WeChat, LINE to name but a few but ultimately the most popular is WhatsApp with over one billion users. Did you know Facebook acquired WhatsApp a little over two years ago in a deal valued at $19 billion USD and despite the branding own the product?

 

So Why Should I Choose Signal Over the Others?

We believe privacy is a human right and not a privilege including and most importantly through data communications. Signal is different from the rest as it prioritises end to end data encryption and private communications above any other feature or gimmick. The code is also open source, unlike any of its competitors, meaning it is freely available for experts to inspect flaws or back doors in its security. Your messages are not stored anywhere and the encryption is configured in such a way that even the developers cannot listen to or read messages. Everything stays completely private and it’s also free.

 

So What’s the Business Model and How Do They Make Money?

In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems are entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible.

 

But Didn’t WhatsApp announce end to end encryption a few months ago?

Indeed, in fact they even announced a partnership with Open Whisper systems to incorporate the Signal protocol into its own product and by April had confirmed all messages, including multimedia and groups messages for all their users were running the encrypted protocol. 

But it’s important to keep in mind that, even with the Signal protocol in place, WhatsApp’s servers can still see messages that users send through the service. They can’t see what’s inside the messages, but they can see who is sending a message to whom and when. And according to the WhatsApp privacy policy, the company reserves the right to record this information, otherwise known as message metadata, and give it to governments:

WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect”

 

What about Allo, does that have end to end encryption?

Allo is Google’s latest foray into the messenger market place and was released earlier this week with already 5 million downloads on Android. But their decision not to include default encryption has baffled many security experts. Edward Snowden’s recent tweet tells you all you need to know about Google’s thoughts on data privacy via their new app; 

“Google's decision to disable end-to-end encryption by default in its new Allo chat app is dangerous, and makes it unsafe. Avoid it for now” - Edward Snowden.

Allo’s machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work. Google have informed us they aren’t ready to make any promises about where user data will be stored or for how long.

 

What platforms are Signal available on?

So you can get Signal for Android and IOS via the Google Play and Apple app stores for your mobile devices. Once installed, you can download a desktop app via Chrome Web Store and sync your mobile devices and contacts to allow functionality from your Mac or Windows machine.

Firstly, install Signal messenger via the Play or App Stores to your mobile device.

Then, on your desktop computer (Mac or Windows) install the desktop app via the Chrome web store, just type in Signal Messenger App in Google Chrome and click on the top link. 

signal1.png

 

After installation, you will be prompted to open Signal on your phone and scan the CRT code as per the instructions below;

 

signal2.png

Once linked, you can amend your theme and message settings, then chose to sync your mobile contacts. 

 

Signal3.png

 

If you still need convincing that Signal is the most secure messaging option out there, head over to their website and find out some more for yourself.

 https://whispersystems.org/

I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation” - Bruce Schneier, internationally renowned security technologist

“Use anything by Open Whisper Systems” - Edward Snowden, Whistleblower and privacy advocate

 

If you need to chat about privacy, encryption or have any concerns around security at all, our experts at McDonalds IT can help. Just get in touch and we’ll be happy to provide you with guidance and assistance.

 

Sources;

http://theintercept.com

https://whispersystems.org

 

Written by David Turley



Category: Security

Comments

Leave a Reply



(Email addresses will not be published.)

Please type the letters and numbers shown in the image.Captcha CodeClick the image to see another captcha.