In this guide you will learn about the basics of Signal – Private Messenger. I’ll be walking you through the basics of Signal, such as account creation, features and explain why this messaging app is recommended for privacy.
Signal app is an encrypted messaging platform with over 40 million monthly active users. It can be used on mobile devices and desktops, focusing mainly on the platform’s security and its users’ privacy.
Its communication protocol is based on heavy security and end-to-end encryption, and its development comes from TextSecure and RedPhone.
Those were Android applications from 2010, originally developed by a group called Open Whispers Systems, organized by Moxie Marlinspike and Stuart Anderson.
This organization started the development of the Signal Protocol merging the two applications, which led to the creation of the Signal platform, which was initially released in 2014.
Signal is currently run by the Signal Technology Foundation, an independent and non-profit organization founded by Moxie Marlinspike from Open Whispers Systems and Brian Acton, one of WhatsApp’s co-founders.
The company is based in California and have Signal Messenger LLC as its subsidiary. Its business model includes a non-tracking and non-advertising policy, and it is based in private investments, grants and donations.
Signal app is available for Mobile with Android and iOS versions. The user can access the platform through the Desktop software for Windows, Mac, and Linux but must log in on a mobile application first to sign up for an account. As its identifying parameters, Signal requires a phone number for registration.
The user profile is end-to-end encrypted, as well as the messages, voice, and video calls.
The profile options like Name, Status, and pictures are also encrypted and only visible to direct contacts, users from accepted conversations, or people in the same group, providing the user with options to prevent third parties from accessing those kinds of information without consent.
Users can interact with others through the message chat, which features end-to-end encryption by default. Along with its many privacy-related features, it is possible to set a timer for messages to auto-delete.
The user can only use one mobile device at a time but can link up to five other devices in the same account. The contents of the desktop applications are synced with the mobile phone and must be linked with it.
Signal differs from the most popular messaging apps because its features mostly focus on its users’ privacy and security matters. The platform includes:
End-to-end encryption by default and not as an optional feature. This is done through the Signal Protocol and does not store the content of the messages in the cloud; therefore, desktop versions must be linked with phones, and the company cannot provide the contents of the communications to third- parties or even governments.
No ads nor tracking, in a sense that there is no ongoing program that uses data and metadata of the users to capitalize on them since its business model is based on donations and private funding.
Encrypted communication provides many ways to interact with other users so that it is possible to share text, voice messages, photos, videos, GIFs, stickers, and files for free. Voice and video-call are also available, even from different platforms.
A message request system, in which when someone who is not a contact tries to interact with the user through Signal, the application displays some information about them so the user can accept, delete or block the interaction. Regarding video and voice chats, Signal has the policy to prevent spam and abuses that only makes the phone ring if a request from this caller was approved before.
Built-in metadata alteration for the attachments by default, since Signal applications erase this type of information from photos before sending it to other users. This way, information like location, device information, time, and date of the picture are not accessible to the receiver of the file anymore.
Ephemeral messages, in which the user can set a timer so when this option is active, every content in the conversation starts with an auto-destruction countdown by default, adding one more privacy security layer. This can be set to create even stickers that are ephemeral.
A sealed sender system that significantly reduces the amount of information available to the service regarding metadata of the sender like location, profile, etc., thus not being stored on the Signal’s servers.
This can only be done when the sender has the identification of the receiver; when two users have shared their profiles, this is activated by default.
The user can also allow this feature for anyone with its identification, so it is possible to have a more secure communication line for anonymous sources as sealed senders. This can be changed in the Settings menu.
Signal Pins, which are based on the Secure Value Recovery cloud system that can register data like your profile, settings, blocked users, and other configurations that can only be accessed through the code that must have at least four digits and can be alphanumeric.
Despite being based on cloud technology, Signal does not have access to this key.
On behalf of its security, the application uses the Signal Protocol designed by Open Whispers Systems.
This protocol works with long-term, medium-term and temporary keys that are generated relating to the interactions between two users in such a way that each new message also contains ephemeral keys that are used for the encryption and decryption of future messages.
WhatsApp, Facebook Messenger, Skype, and several other applications use this same protocol in their encryption platforms.
Such technology provides the users with a high level of security regarding the interception of the messages used by journalists, activists, and investigators to protect identity sources.
Regarding Signal’s Terms of Service, the user should be at least 13 years old to use the platform and must accept to receive verification codes to create their account.
Signal compromises not to sell, rent or monetize personal data, and it is not responsible for fees and taxes regarding Internet access.
Users must not violate the rights of Signal, users, or intellectual property rights, along with bulk or auto-messaging applications in spam-related activities.
As for the response for government requests, Signal have two public records of such requisition. In 2016, a Jury from the Eastern District of Virginia called out a subpoena requiring information regarding two Signal users.
Since the platform does not store information on users nor the contents of its interactions, the group could only provide the Justice with the timestamps for when each account was created and the date those accounts were last connected to the Signal service.
Another recent legal dispute regarding Signal and its encryption features came into force in 2021 with a subpoena from the Central District of California, where the US Attorney’s Office requested information about username, address and time of account creation, time of last online activity, and message content of six accounts.
In its response, Signal’s lawyers sustained that the foundation could only comply with the time of account creation and last connection with the servers because those are the only categories of the requested information that Signal maintains.
Therefore, in both cases, the service could only provide the authorities with the same two categories of information, nothing about user profiles or message content.
That is because the platform was designed so that the profile is protected by end-to-end encryption with the PINs and requests/sealed sender system.
The message content is not accessible to Signal itself because the protocol works with long-term, medium-term and ephemeral keys. It does not allow even the Signal Foundation to access those contents without the proper encryption keys.
On this behalf, the platform keeps track of those requests on its website, compromising with disclosing every information that government or law agencies require.
So far, only those two cases were publicly disclosed by the platform, with almost the same kind of requests and the same kind of response that sustains that the venue was designed in such a way that it is impossible to disclose information that is not accessible in the service’s servers.
Since April 2021, Signal announced the first public beta for its in-app payment feature.
Currently, the only cryptocurrency supported is MOB by MobileCoin, which uses an anonymous structure that runs on blockchain. There is no need for a bank account to use this transaction.
Since Signal runs on a privacy-based policy, the company does not have access to the senders, receivers, transaction amounts, or messages related to the payments.
At this moment, the feature can only be accessed on the beta version of Signal on Android and iOS by residents of the UK that are not US persons for legal reasons regarding cryptocurrencies.
To make a payment, once the requirements, the user must select the Payments option from the Settings menu and select a contact. After this, the app asks for an amount and two confirmation screens before the transaction is done.
Once the confirm payment button is pressed, the user cannot undo this action or the payment.
The user can also transfer an exchange to another application. MobileCoin collects the transaction fees, and every country code for the user’s phone number has its currency that can be exchanged based on the rating for Fixer.io and FTX market conversions.
Signal is based on a no-ads policy, and users do not have to pay to access the service. Thus, the organization is found in an investment and donation model to which the end-user can contribute.
This way, the Signal team provides users with two kinds of donations: the dollar donation through Donorbox that is taxed but can be used on tax deduction in the US. The other is the anonymous cryptocurrency donation through Giving Block, using Bitcoin, Ethereum, and other coins.
Another form to help with money contributions to Signal is through an Amazon link that makes Amazon donate 0.5% of the purchase to the signal foundation. The foundation also provides some forms of direct support and collaboration from its community.
The localization and translation aspects of the application are entirely open for collaboration from the public. So far, the mobile applications have been localized for more than 130 languages, and the support center for more than 60.
For those interested in more technical contributions, there are open issues on the platform’s GitHub directory where experienced developers can help with the codes.