You need to send a confidential message to a co-worker. It's important that you receive confirmation that the recipient receives your message and it's also important that the message is absolutely secret. You want to keep it safe from eavesdroppers. You don't want anyone but the recipient to read it. You don't want any record to exist that you even contacted the recipient. Here's the question: what is the most secure way to transmit this message?
a) send an email using your TSS email account
b) send an SMS message to the recipient's phone number
c) call the recipient with your desk phone
d) send them a direct message using Instagram
Trick question! None of these options actually provides true end-to-end security. Depending on who your adversary is in this scenario (snooping co-workers, a rogue IT department, a private investigator, the government armed with a warrant [or not]), all of the communication channels listed above can be compromised. Email in particular is vulnerable to eavesdropping and monitoring, since it is transmitted via an unencrypted protocol.
Enter the Signal App
Signal is secure messaging application that's available for iOS, Android, and Google Chrome. Users of Signal can send encrypted text messages, audio messages, photos, and files between users. Signal can also be used to make encrypted voice calls and video chats. The app meets the key criteria for a secure communication channel:
- Encryption: Message contents are scrambled during transit by a secret key. Only the recipient who holds the matching decryption key can unscramble the message.
- Integrity: Message contents can't be modified by an outside party while in transit.
- Authentication: Third parties cannot insert themselves into a conversation or impersonate members of the conversation without being detected.
- Forward Secrecy: If a security key is compromised, past (and future) messages can't be decrypted because Signal implements forward secrecy.
Why Signal Instead of Other Messaging Apps?
There are several other messaging apps that also use the Signal Protocol, including Facebook Messenger, What's App? (owned by Facebook), and Google Allo. We recommend using the Signal app over these other options, however, for several reasons:
- Other applications do not use the most secure implementation of the Signal protocol. In Google Allo and Facebook Messenger, the Signal Protocol is disabled by default and has to be turned on by the user. In What's App, users are not notified about security key changes for their contacts. The Signal app, on the other hand, uses the most secure implementation of the protocol by default.
- Both What's App? and Google Allo are owned by companies that make much of their revenue from advertising, which gives them an incentive to collect data about their users for advertising purposes (though both companies deny collecting any data from secure messaging). Open Whisper Systems, on the other hand, is a nonprofit and has no financial incentive for accessing, storing, or retaining user data.
- In the same vein, Google and Facebook do retain some metadata regarding their secure messaging apps. They may not be able to access the content of your message, but they do keep some records of who you've contacted, when, and how often. Open Whisper Systems, by contrast, only retains the minimal amount of information for messages to be delivered.
How to Install Signal
Signal is available for both iOS and Android. Rather than explain both installation processes here, we'll include links to more comprehensive tutorials:
For both platforms, you'll need to verify your phone number by entering a security code that you receive via SMS text message. You'll also need to grant the app permission to view your contacts.
There's also a Signal app for Google Chrome called Signal Desktop. You'll need to already install one of the mobile apps first, however; it's not possible to use Signal Desktop without having the mobile app already installed on your smartphone. Instructions for installing Signal Desktop can be found here.
If you're an Android user, you'll have the option to use Signal as your default SMS messaging app, which means that you can use Signal for all of your text messaging. If you use an Apple device, you won't have this option.
How to Send a Signal Message
After you verify your phone number, you can start using Signal to send messages. To do this, launch the app and click on the pencil icon on your screen. It will be in the bottom-right (Android) or top-right (iOS) corner of your screen. You can then select your recipient from a list of contacts.
Before you can start sending Signal encrypted messages, you'll need to make sure your recipients ALSO have the Signal app installed. On iOS, this is easy; all of your contacts who are Signal users will be visible in the app when you try and compose a new message. In Android, you can use Signal to send unencrypted text messages as well as secure Signal messages. The app will show all of the Signal users in your contacts first when you compose a new message. You can also see if your recipient is a Signal user with two clues in the compose window. If you're writing to a Signal user, the text field will read "Signal message" and you'll see an icon that looks like phone and a lock in the upper-right hand corner:
For non-Signal users, on the other hand, your message field will read "Unsecured SMS" and you won't see a lock icon in the upper-right hand corner.
If you want to attach stickers, GIFs, photos, or other files to your message, you can tap the paper-clip icon next to the message composition box, which will bring up attachment options, including your most recent photos. Tapping the microphone button or the camera button, on the other hand, will allow you to record an audio message or take an image to send, respectively. Signal also has the ability to send disappearing messages and group messages.
Encrypted Voice Calls and Video Chats
Signal also allows you to have secure, encrypted conversations with other Signal users. To initiate a Signal call, follow the same steps as sending a Signal message. When you reach the message composition screen, click on the phone icon in the upper-right hand corner. You'll later be prompted if you want your call to be voice-only, or if you want to use your webcam to video chat.
Signal keeps conversations private by issuing the parties in a conversation private security keys that authenticate them to the service. If you ever want to verify someone's security key, you can do this with a feature called "Verify Safety Numbers". While you can do this over the phone or via another communication channel, it's best to verify safety numbers in person, so you can be sure that the you're sending messages to the person you think you're sending it to. You can read more about how to verify safety numbers here.
Signal is set up to warn you, by default, if the security key for one of your contacts changes. More often than not, this happens because your contact got a new phone, reset their phone, or re-installed the Signal app. It's also possible, however, that an attacker is trying to impersonate the person you're contacting. Of course, it's unlikely that you're actually being spied upon, but if it's really important that your message isn't being intercepted, you might want to use another communication channel to ask your contact if they recently got a new cell phone, or meet them in person to re-verify safety numbers.
Limits and Disclaimers
It can be tempting to think that by installing and using Signal, you'll be able to have guaranteed confidential conversations, but there are some weaknesses that you'll need to know about if you want to rely on Signal for your secure communications. The biggest weakness is your phone itself. If an adversary gets their hands on your phone, they can read ALL of your undeleted Signal messages if you don't take precautions to protect your device. If this is a concern for you, here are some steps you can take to lock down your mobile device:
- Lock your phone with a 6-digit (or longer) passcode, or use the fingerprint reader
- Enable full-disk encryption on your phone (Android tutorial, iOS tutorial)
- Disable Signal from showing message contents on your lock screen (so that the device needs to be unlocked to view a new message)
Of course, there's always someone on the other side of every conversation. If your correspondent isn't taking steps to secure their device, you have the same weaknesses in the system, just from the other side.
In addition, it's also important to know that you probably don't want to use an encrypted messaging app for all of your correspondence. If you're negotiating with a partner organization about a contract, or engaged in a discussion with Human Resources, or disciplining a subordinate, you probably WANT a saved record of your email exchange for documentation purposes. Secret messages have their place, but email is the way to go for any message where you WANT to leave a paper trail, or you want to be able to recover it down the road.
- Basic article on getting started with Signal: https://freedom.press/news/signal-beginners/
- More advanced (and somewhat political, but very throuough) Guide to Signal from The Intercept: https://theintercept.com/2017/05/01/cybersecurity-for-the-people-how-to-keep-your-chats-truly-private-with-signal/
- Podcast Overview of the Signal Protocol: https://twit.tv/shows/security-now/episodes/555 (actual explanation begins at 1:48)
- Technical Explanation of the Signal Protocol (video): https://www.youtube.com/watch?v=7WnwSovjYMs