Uncovering the encrypted messaging app Signal: Why are Musk and Snowden recommending it?

This article was published on January 18, 2021, by Sina Technology.

As a messaging service focused on privacy, Signal was once quite niche, but it has recently suddenly become the most downloaded app in the United States, surpassing many long-standing popular social media apps and games. The surge in Signal's popularity is attributed to a series of reasons, such as the changing policies of the commonly used messaging app WhatsApp, the U.S. Capitol riot leading many tech companies to ban Trump's accounts, and a tweet from the new global billionaire Elon Musk.

As many people began to use Signal instead of WhatsApp for several consecutive days, its user base rapidly increased, causing the server load to reach its limits. Last Friday, Signal experienced service outages, and a day later, on Saturday, Signal responded that the service had been restored.

On January 7, Tesla founder Musk tweeted "Use Signal," which caused the stock price of another similarly named company, Signal Advance, to soar. In reality, the latter is just a small medical technology company. Musk was referring to the encrypted messaging app, and Signal indeed benefited greatly from Musk's tweet.

After this, Signal became the most downloaded app in both the Apple App Store and Google Play in the U.S. The surge in downloads even caused new users to wait a long time to receive SMS verification codes during registration.

The day before this, Musk had also tweeted, accusing Facebook of its role in the U.S. Capitol riot. In this incident, supporters of President Trump spread conspiracy theories about election fraud but failed to prevent Congress from certifying Biden's victory. Musk's statement triggered a chain reaction, leading users to criticize Facebook comprehensively, from the initially problematic "campus girl rating site" to the U.S. Capitol "being controlled by a man in a Viking hat."

On the other hand, just a few days earlier, on January 4, WhatsApp, owned by Facebook, released an updated privacy policy. Many interpreted it as requiring users to share personal information with Facebook's advertising network to use the platform. Facebook clarified that WhatsApp messages would continue to be encrypted and that information such as WhatsApp contacts would not be shared with Facebook. Nevertheless, many users, some prompted by Musk's call, turned to other encrypted messaging apps like Telegram. Currently, Signal and Telegram rank first and second in downloads on the U.S. App Store.

However, Musk's call was not without basis. Recently, many tech companies, including Facebook and Twitter, began banning Trump and his followers' accounts and worked to prevent the platform from being used for further violent activities. The right-wing social media platform Parler also faced a blow: Google and Apple removed the app from their respective app stores, and Amazon AWS even stopped providing cloud servers for the company.

Signal has long been supported by privacy rights organizations and leftist social activists. Currently, many privacy-focused social tools, including Signal and MeWe, rank high in app stores. It remains unclear to what extent the popularity of these apps is due to users from lost communication platforms turning to new platforms, and the encrypted nature of these apps makes it difficult for outsiders to ascertain the real situation.

Previously, after some social and political turmoil, the number of new users on Signal also saw a significant increase. For example, after Trump was elected president and rolled back a series of privacy protections. Last spring, during the "Black Lives Matter" protests in the U.S., Signal also saw an explosive increase in downloads. At that time, activists needed communication tools to organize while avoiding tracking by judicial authorities.

Amir Ghodrati, head of market insights at mobile app analytics firm App Annie, believes: "Due to the nature of social apps, and the primary function of these apps being communication with others, the download growth rate is usually very fast based on current events."

App Annie states that in recent years, as internet privacy protection has become a mainstream topic, and users spend more time on instant messaging apps compared to social media apps (averaging over 67% more in the first half of 2020), the demand for privacy-focused instant messaging apps is growing.

What Makes Signal Different

Signal is an end-to-end encrypted communication app available on mobile and desktop. Users can send messages, make calls, or video calls through the app, with the content of messages being invisible to third parties on the platform itself. Even if someone intercepts a user's sent message, it appears as a jumble of characters.

For instance, the police cannot obtain messages sent via Signal, regardless of whether the content is political activity or explicit photos. Protesters love this platform because Signal provides a way to communicate and organize without police surveillance. In 2016, a grand jury issued a subpoena to Signal for data on the platform, but ultimately did not obtain useful information, only seeing when users registered their Signal accounts and the last time they logged in. In contrast, unencrypted messaging apps can provide sent messages to judicial authorities.

In 2014, legendary software engineer, "white hat" hacker, and anarchist Moxie Marlinspike founded Signal. The app is developed by a nonprofit organization, making it unlikely to be acquired by a large tech company. Unlike products from tech companies, Signal does not display ads and does not sell user data. Signal's operations rely entirely on donations, including a $50 million loan from co-founder Brian Acton. Acton is a co-founder of WhatsApp. WhatsApp also uses Signal's encryption protocol but was acquired by Facebook in 2014. Critics worry that after WhatsApp's acquisition, its security is not as robust as Signal's.

Signal is open-source software, allowing others to download or copy its code. The mission proposed by the founding team is to make end-to-end encryption the norm, and it does not matter if Signal itself ceases to exist in the future. Marlinspike stated in an interview last October: "If we do our best to make the technology we develop ubiquitous, then we can focus on other things."

Signal also has its shortcomings, such as notifying users every time a new contact joins and requiring both parties to use the app for secure communication. However, many believe its privacy protection features are sufficient for the average person. In other words, the app is easy to use and generally secure. If one wants to enhance security further, it often requires more complex proxy mechanisms to hide the communication parties.

Signal focuses more on peer-to-peer communication rather than one-to-many dissemination on social media. However, recently, the app increased the limit for voice group chats from 5 to 8 people, and the chat group limit was raised to 1000 people. Additionally, Signal has introduced new features such as wallpapers and stickers. Last summer, Signal also released a tool that automatically blurs faces, helping users share protest activity videos without exposing the identities of protesters.

It is very likely that Signal's recent popularity is driven by participants in protests, this time from the right. As social media companies began to take a more aggressive stance on content moderation after the U.S. Capitol riot, many people are likely to turn to apps that ensure the confidentiality of communication content.

WhatsApp and Signal

Many users' disappointment with WhatsApp stems from the company's owner. In 2014, Facebook acquired WhatsApp, co-founded by Acton and Jan Koum, for $22 billion. However, for years, data breach incidents have plagued Facebook users.

In 2018, Facebook announced it had suffered a major hack, affecting 50 million accounts. However, according to media reports, Facebook employees were aware of vulnerabilities in the platform's user account security mechanisms as early as December 2017. Additionally, during the Cambridge Analytica scandal, Facebook stated that data from up to 87 million users may have been misused.

Koum left Facebook in 2018, and Acton subsequently invested $50 million in Signal out of his own pocket.

In contrast, Signal is operated by the nonprofit Signal Foundation. The foundation was established in February 2018, with Acton and Marlinspike as its founders.

The Signal Foundation's website shows that Acton left after WhatsApp was acquired by Facebook due to "disagreements over the use of customer data and targeted advertising." After providing $50 million in funding, Acton is currently a board member of the foundation.

According to Marlinspike, Signal has never accepted venture capital and has never sought investment. He stated in a previous interview: "Fundamentally, the Signal project hopes to return technology to normal, simple, and transparent, without sharing data with other entities."

Another board member of the Signal Foundation is Meredith Whittaker. She was a Google engineer responsible for employee organizing at Google and is currently engaged in advocacy for tech industry workers' rights.

Security Comparison

Due to end-to-end encryption, Facebook cannot access users' WhatsApp chat records, but it can still obtain other user data. This includes users' phone numbers, IP addresses, mobile network information, usage duration, payment data, cache, and location data.

As early as 2016, some users chose not to allow Facebook to access their personal data. However, WhatsApp recently stated that if users do not agree to share information by February 8, they will be completely unable to use the service.

There have also been reports that external apps can track WhatsApp users' online activities, including who users talk to, when they use the app, and even when they sleep.

In contrast, Signal states that the app does not collect users' message content, groups, contacts, or personal information. The only information Signal collects is how long users have registered and the last time they accessed the app. Signal has also made its code public through an open-source protocol, allowing anyone to check for any hidden issues.

Many security experts, including Edward Snowden, have expressed trust in Signal. Several well-known journalists have also recommended using Signal instead of WhatsApp to ensure the privacy of personal information.

However, Signal's security mechanisms are not perfect. Security experts warn that a new feature in Signal that allows users to use a PIN code to recover data may lead to privacy issues. Matthew Green, a cryptographer at Johns Hopkins University, pointed out: "The problem is that many people choose weak PIN codes. To enhance security, Signal's system uses Intel's SGX hardware encryption technology on the server."