In this guide you will learn about the basics of Signal – Private Messenger. I’ll be walking you through the basics of Signal, such as account creation, features and explain why this messaging app is recommended for privacy.
- Signal is a privacy-focused messaging application
- It offers end-t-to-end encryption by default
- Signal has no ads or built-in tracking
- excellent choice for privacy-minded individuals
Signal is a messaging application with over 40 million monthly active users. It can be used on mobile devices and desktops, focusing mainly on the security of the platform and the privacy of its users.
Its communication protocol is based on heavy security and end-to-end encryption, and its development comes all the way from TextSecure and RedPhone. Those were Android applications from 2010, originally developed by a group called Open Whispers Systems, organized by Moxie Marlinspike and Stuart Anderson.
This organization started the development of the Signal Protocol merging the two applications, which led to the creation of the Signal platform which was initially released in 2014. Signal is currently run by the Signal Technology Foundation, an independent and non-profit organization founded by Moxie Marlinspike from Open Whispers Systems and Brian Acton, one of WhatsApp’s co-founders.
The company is based in California and have Signal Messenger LLC as its subsidiary. Its business model includes a non-tracking and non-advertising policy, and it is based in private investments, grants and donations.
Related guide: Telegram basics
Related guide: How to use the internet privately
Related guide: How to block Google Analytics
Related guide: How to encrypt your internet traffic
Related guide: How to encrypt your hard drive or USB
The Basics of Signal
Signal is available for Mobile with Android and iOS versions. The user can also access the platform through the Desktop software for Windows, Mac and Linux, but must login on a mobile application first to sign up for an account. As its identifying parameters, Signal requires a phone number for registration.
The user profile is end-to-end encrypted, as well as the messages, voice and video calls. The profile options like Name, Status and picture are also encrypted and only visible to direct contacts, users from accepted conversations or from people in a same group, providing the user with options to prevent third parties to access those kinds of information without consent.
Users can interact with others through the message chat, which features end-to-end encryption by default. Along its many privacy-related features, it is even possible to set a timer for messages to auto- delete.
The user can only use one mobile device at a time but can link up to five other devices in the same account. The contents of the desktop applications are synced with the mobile phone and must be linked with it.
Signal differs from the most popular messaging apps because its features are mostly focused on the privacy and security matters of its users. The platform includes:
End-to-end encryption by default and not as an optional feature. This is done through the Signal Protocol and does not store the content of the messages in the cloud, therefore desktop versions must be linked with phones and the company cannot provide the contents of the communications for third- parties or even governments.
No ads nor tracking, in a sense that there is no on-going program that uses data and metadata of the users to capitalize on them, since its business model is based on donations and private funding.
Encrypted communication that provides many ways to interact with other users, in a way that it is possible to share text, voice messages, photos, videos, GIFs, stickers and files for free. Voice and video-call are also available, even from different platforms.
A message request system, in which when someone who is not a contact try to interact with the user through Signal, the application displays some information about them so the user can accept, delete or block the interaction. Regarding video and voice chats, Signal has a policy to prevent spam and abuses that only makes the phone ring if a request from this caller was approved before.
Built-in metadata alteration for the attachments by default, since Signal applications erases this type of information from photos before sending them to the other users. This way, information like location, device information, time and date of the picture are not accessible to the receiver of the file anymore.
Ephemeral messages, in which the user can set a timer so when this option is active every content in the conversation starts with an auto-destruction countdown by default, adding one more privacy security layer. This can be set to create even stickers that are ephemeral.
A sealed sender system, that significantly reduces the amount of information available to the service regarding metadata of the sender like location, profile etc., thus not being stored on the Signal’s servers.
This can only be done when the sender has the identification of the receiver; when two users have shared their profiles with each other this is activated by default.
The user can also choose to allow this feature for anyone that have its identification, so it is possible to have a more secure communication line for anonymous sources as sealed senders. This can be changed in the Settings menu.
Signal Pins, which are based in the Secure Value Recovery cloud system that can register data like your profile, settings, blocked users and other configurations that can only be accessed through the code that must have at least 4 digits and can be alphanumeric. Despite being based in cloud technology, Signal does not have access to this key.
Security and Privacy
On behalf of its security, the application uses the Signal Protocol designed by Open Whispers Systems. This protocol works with long-term, medium-term and ephemeral keys that are generated relating the interactions between two users in such a way that each new message also contains ephemeral keys that are used on the encryption and decryption of future messages.
WhatsApp, Facebook Messenger, Skype and several other applications also uses this same protocol in its encryption platforms. Such technology provides the users with a high level of security regarding the interception of the massages, being used by journalists, activists and investigators to protect identity sources.
Legal and data protection matters
Regarding Signal’s Terms of Service, the user should be at least 13 years old to use the platform and must accept to receive verification codes in order to create their account. Signal compromises not to sell, rent or monetize personal data and it is not responsible for fees and taxes regarding the Internet access. Users must not violate the rights of Signal, users or intellectual property rights, along bulk or auto-messaging applications in spam-related activities.
As for the response for government requests, Signal have two public records of such requisition. In 2016, a Jury from Eastern District of Virginia called out a subpoena requiring information regarding two Signal users.
Since the platform does not store information on users nor the contents of its interactions, the group could only provide the Justice with the timestamps for when each account was created and the date those accounts were last connected to the Signal service.
Another recent legal dispute regarding Signal and its encryption features came into force in 2021 with a subpoena from the Central District of California were the US Attorney’s Office requested information about username, address and time of account creation, time of last online activity and message content of six accounts.
In its response, Signal’s lawyers sustained that the foundation could only comply with the time of account creation and time of last connection with the servers because those are the only categories of the requested information that Signal maintains.
Therefore, in both cases the service could only provide the authorities with the same two categories of information, nothing about user profiles nor messages content. That is because the platform was designed in such a way that the profile is protected by end-to-end encryption with the PINs and requests/sealed sender system.
The message content is just not accessible to Signal itself because the way the protocol works with such said long-term, medium-term and ephemeral keys does not allow even the Signal Foundation to access those contents without the proper encryption keys.
On this behalf, the platform keeps in track with those requests on its website, compromising with disclosing every information that government or law agencies requires. So far, only those two cases were public disclosed by the platform, with almost the same kind of requests and the same kind of response that sustains that the platform was designed in such a way that it is impossible to disclose an information that is not accessible in the service’s servers.
Since April 2021, Signal announced the first public beta for its in-app payment feature. At this moment, the only cryptocurrency supported is MOB by MobileCoin, which uses an anonymous structure that runs on blockchain. There is no need for a bank account to use this type of transaction.
Since Signal runs on a privacy-based policy, the company does not have access to the senders, receivers, transaction amount nor messages related to the payments. At this moment, the feature can only be accessed on the beta version of Signal on Android and iOS by residents on the UK that are not US persons for legal reasons regarding cryptocurrencies.
To make a payment, once having the requirements the user must select the Payments option from the Settings menu and select a contact. After this, the app asks for an amount and two confirmation screens before the transaction is done. Once the confirm payment button is pressed, the user cannot undo this action nor the payment.
The user can also transfer an exchange to another application. The transaction fees are collected by MobileCoin, and every country code for the user phone number have its own currency that can be exchanged based on the rating for Fixer.io and FTX market conversions.
Donations and Support
Signal is based on a no ads policy and users do not have to pay to access the service. Thus, the organization is based in an investment and donation model that the end-user can contribute to.
This way, the Signal team provides users with two kinds of donation: one is the dollar donation through Donorbox that is taxed but can be used on tax deduction in the US. The other one is the anonymous cryptocurrency donation through Giving Block, using Bitcoin, Ethereum and other coins.
Another form to help with money contributions to Signal is through an amazon link that makes Amazon donate 0.5% of the purchase to the signal foundation. The foundation also provides some forms of direct support and collaboration from its community.
The localization and translation aspects of the application are entirely open for collaboration from the public. So far, the mobile applications were localized for more than 130 languages and the support center for more than 60. For those interested in more technical contributions, there are open issues on the platform’s GitHub directory where experienced developers can help with the codes.