Signal (software): Difference between revisions
→Servers: rmv an unnecessary word |
→Encryption protocols: MOS:REPEATLINK |
||
Line 1: | Line 1: | ||
{{Redirect|Signal Messenger|the company|Signal Messenger LLC|its parent organization|Signal Technology Foundation|protocol|Signal Protocol}} |
|||
{{short description|Privacy-focused encrypted messaging app}} |
|||
{{Use dmy dates|date=December 2023}} |
|||
{{Infobox software |
{{Infobox software |
||
| name = Signal |
| name = Signal |
||
| logo = Signal-Logo-Ultramarine (2024).svg |
|||
| logo = <!-- [[File:Signal Blue Icon.png|100px]][[File:TextSecure Blue Icon.png|100px]] --> |
|||
| logo size = 150px |
|||
| screenshot = [[File:Signal Blue Icon.png|100px]][[File:TextSecure Blue Icon.png|100px]] |
|||
| logo alt = Logo of Signal (2020–present) |
|||
| caption = Signal for iOS and Android, respectively |
|||
| |
| screenshot = |
||
| screenshot alt = Screenshot of Signal |
|||
| developer = [[Open Whisper Systems]] |
|||
| caption = Screenshot of Signal version 5.1 on iOS (January 2021) |
|||
| released = {{Start date|2014|7}}<ref name="wired3" /> |
|||
| collapsible = no |
|||
| latest release version = {{LSR}} |
|||
| developer = {{ Plainlist| |
|||
| status = Active |
|||
* [[Signal Technology Foundation]], |
|||
| operating_system = [[iOS]] 8.0 or later<br />[[Android (operating system)|Android]] 2.3 or later |
|||
* [[Signal Messenger LLC]] and contributors |
|||
| size = |
|||
}} |
|||
| language = 31 languages |
|||
| released = {{Start date and years ago|df=yes|2014|07|29}}<ref name="Greenberg-2014-07-29" /><ref name="Marlinspike-2014-07-29">{{cite web |url=https://signal.org/blog/signal/ |title=Free, Worldwide, Encrypted Phone Calls for iPhone |publisher=Open Whisper Systems |first=Moxie |last=Marlinspike |date=29 July 2014 |access-date=16 January 2017 |archive-date=31 August 2017 |archive-url=https://web.archive.org/web/20170831113358/https://whispersystems.org/blog/signal/ |url-status=live}}</ref> |
|||
| programming language = |
|||
| ver layout = stacked |
|||
| genre = Encrypted [[voice calling]] and [[instant messaging]] |
|||
| latest release version = {{Multiple releases |
|||
| license = [[GNU General Public License|GPLv3]]<ref name="signal-ios-github" /><ref name="signal-android-github" /> |
|||
| branch1 = Android |
|||
| website = {{URL|whispersystems.org}} |
|||
| version1 = {{wikidata|property|preferred|references|edit|Q19718090|P348|P400=Q94|P548=Q2804309}} |
|||
| date1 = {{Start date and age|{{wikidata|qualifier|preferred|single|Q19718090|P348|P400=Q94|P548=Q2804309|P577}}}} |
|||
| branch2 = iOS |
|||
| version2 = {{wikidata|property|preferred|references|edit|Q19718090|P348|P400=Q48493|P548=Q2804309}} |
|||
| date2 = {{Start date and age|{{wikidata|qualifier|preferred|single|Q19718090|P348|P400=Q48493|P548=Q2804309|P577}}}} |
|||
| branch3 = Desktop |
|||
| version3 = {{wikidata|property|preferred|references|edit|Q19718090|P348|P400=Q16338|P548=Q2804309}} |
|||
| date3 = {{Start date and age|{{wikidata|qualifier|preferred|single|Q19718090|P348|P400=Q16338|P548=Q2804309|P577}}}} |
|||
}} |
|||
| latest preview version = {{Multiple releases |
|||
| branch1 = Android ([[Software release life cycle#Beta|Beta]]) |
|||
| version1 = {{wikidata|property|references|edit|Q19718090|P348|P400=Q94|P548=Q3295609}} |
|||
| date1 = {{Start date and age|{{wikidata|qualifier|single|Q19718090|P348|P400=Q94|P548=Q3295609|P577}}}} |
|||
| branch2 = iOS (Beta) |
|||
| version2 = {{wikidata|property|references|edit|Q19718090|P348|P400=Q48493|P548=Q3295609}} |
|||
| date2 = {{Start date and age|{{wikidata|qualifier|single|Q19718090|P348|P400=Q48493|P548=Q3295609|P577}}}} |
|||
| branch3 = Desktop (Beta) |
|||
| version3 = {{wikidata|property|references|edit|Q19718090|P348|P400=Q16338|P548=Q3295609}} |
|||
| date3 = {{Start date and age|{{wikidata|qualifier|single|Q19718090|P348|P400=Q16338|P548=Q3295609|P577}}}} |
|||
}} |
|||
| operating system = {{Plainlist| |
|||
* [[Android 5.0]] or later |
|||
* [[iOS 13]] or later |
|||
* [[Windows 10]] and [[Windows 11]]<ref name="Installing-Signal">{{cite web |url=https://support.signal.org/hc/en-us/articles/360008216551-Installing-Signal |title=Installing Signal - Signal Support |access-date=17 March 2024 |archive-date=27 December 2023 |archive-url=https://web.archive.org/web/20231227053325/https://support.signal.org/hc/en-us/articles/360008216551-Installing-Signal |url-status=live}}</ref> |
|||
* [[macOS 10.15]] or later<ref name="Installing-Signal"/> |
|||
* [[Linux distribution]]s supporting [[APT (Debian)|APT]]<ref name="Installing-Signal"/> |
|||
}} |
|||
| platform = |
|||
| size = <!-- language varies based on the platform |
|||
| language count = 51 |
|||
| language footnote = <ref>{{cite web |title=Signal Messenger localization |url=https://www.transifex.com/signalapp/public/ |website=Transifex |access-date=5 November 2018}}</ref>--> |
|||
| programming language = |
|||
| genre = Encrypted [[voice calling]], [[video calling]] and [[instant messaging]] |
|||
| license = [[GNU Affero General Public License|AGPL-3.0-only]]<ref name="signal-android-github" /><ref name="signal-ios-github" /><ref name="signal-desktop-github"/><ref name="Signal-Server" />{{efn|name="mobile license"}}{{efn|name=SpamDetection}} |
|||
}} |
}} |
||
'''Signal''' is a [[free and open-source software|free and open-source]] encrypted [[voice calling]] and [[instant messaging]] application for [[iOS]] and [[Android (operating system)|Android]]. It uses [[end-to-end encryption]] to secure all communications to other Signal users. Signal can be used to send and receive encrypted instant messages, group messages, attachments and media messages. Users can independently verify the identity of their messaging correspondents by comparing [[Public key fingerprint|key fingerprints]] out-of-band. During calls, users can check the integrity of the data channel by checking if two words match on both ends of the call. |
|||
'''Signal''' is an [[Open-source software|open-source]], [[encryption|encrypted]] messaging service for [[instant messaging]], [[Telephone call|voice calls]], and [[Videotelephony|video calls]].<ref name="Mott-2017-03-14"/><ref name="desktop-v1.35.1">{{cite web |last1=Perez |first1=Josh |title=Release v1.35.1 |url=https://github.com/signalapp/Signal-Desktop/releases/tag/v1.35.1 |website=github.com |publisher=Signal |access-date=3 September 2020 |date=2 September 2020 |archive-date=12 November 2020 |archive-url=https://web.archive.org/web/20201112195107/https://github.com/signalapp/Signal-Desktop/releases/tag/v1.35.1 |url-status=live }}</ref> The instant messaging function includes sending text, voice notes, images, videos, and other files.<ref name="arbitrary-file-types" /> Communication may be one-to-one between users or may involve group messaging. |
|||
Signal is developed by [[Open Whisper Systems]] and is published under the [[GPLv3]] license. |
|||
The application uses a [[centralized computing]] architecture and is [[cross-platform software]]. It is developed by the non-profit [[Signal Foundation]] and its subsidiary [[Signal Messenger LLC]]. Signal's software is [[free and open-source software|free and open-source]]. Its mobile clients, desktop client, and [[Server (computing)|server]] are all published under the [[GNU Affero General Public License|AGPL-3.0-only]] license.{{efn|name="mobile license"|The [[iOS]] and [[Android (operating system)|Android]] clients were formerly published under the [[GNU General Public License|GPL-3.0-only]] license, and were updated to AGPL in 2022 and 2023 respectively.<ref name="signal-ios-license-update">{{cite web |url=https://github.com/signalapp/Signal-iOS/commit/9865d398f70aeb1888c1c537f29b043690a570b2 |title=Update top-level LICENSE file to AGPL |website=GitHub.com |publisher=Signal |date=1 November 2022 |access-date=10 May 2023 |archive-date=28 August 2023 |archive-url=https://web.archive.org/web/20230828005533/https://github.com/signalapp/Signal-iOS/commit/9865d398f70aeb1888c1c537f29b043690a570b2 |url-status=live }}</ref><ref name="signal-android-license-update">{{cite web |url=https://github.com/signalapp/Signal-Android/commit/ace47c61b1aa4c32b8468343615e3e7288915dea |title=Update top-level LICENSE file to AGPL |website=GitHub.com |publisher=Signal |date=5 May 2023 |access-date=10 May 2023 |archive-date=14 August 2023 |archive-url=https://web.archive.org/web/20230814182331/https://github.com/signalapp/Signal-Android/commit/ace47c61b1aa4c32b8468343615e3e7288915dea |url-status=live }}</ref>}}{{efn|name=SpamDetection|The source code for [[Spamming|spam]] detection is not public.<ref>{{cite web |last1=O'Leary |first1=Jim |title=Improving first impressions on Signal |url=https://signal.org/blog/keeping-spam-off-signal/ |website=Signal Blog |access-date=3 November 2021 |date=1 November 2021 |archive-date=24 September 2023 |archive-url=https://web.archive.org/web/20230924194458/https://signal.org/blog/keeping-spam-off-signal/ |url-status=live }}</ref>}}<ref name="signal-ios-github" /><ref name="signal-android-github" /><ref name="signal-desktop-github"/><ref name="Signal-Server" /> The official Android app generally uses the proprietary [[Google Play Services]], although it is designed to be able to work without them. Signal is also distributed for [[iOS]] and desktop programs for [[Windows]], [[macOS]], and [[Linux]]. Registration for desktop use requires an iOS or Android device.<ref name="Softpedia-2021">{{cite web |url=https://www.softpedia.com/get/Internet/Chat/Instant-Messaging/Signal-Desktop.shtml |title=Signal Desktop |last=Ciobica |first=Vladimir |date=26 May 2021 |website=Softpedia |access-date=28 May 2021 |archive-date=2 June 2021 |archive-url=https://web.archive.org/web/20210602212341/https://www.softpedia.com/get/Internet/Chat/Instant-Messaging/Signal-Desktop.shtml |url-status=live }}</ref><ref name="VPNpro-2021">{{cite web |url=https://vpnpro.com/messaging-apps/signal-review/ |title=Signal messaging app review 2021 |last=Youngren |first=Jan |date=19 January 2021 |website=VPNpro |access-date=28 May 2021 |archive-date=2 June 2021 |archive-url=https://web.archive.org/web/20210602212529/https://vpnpro.com/messaging-apps/signal-review/ |url-status=live }}</ref> |
|||
Signal uses mobile [[telephone number]]s to register and manage user accounts, though configurable usernames were added in March 2024 to allow users to hide their phone numbers from other users.<ref>{{cite news |last1=Lee |first1=Micah |title=Signal's New Usernames Help Keep the Cops Out of Your Data |url=https://theintercept.com/2024/03/04/signal-app-username-phone-number-privacy/ |access-date=9 May 2024 |work=The Intercept |date=4 March 2024}}</ref> After removing support for SMS on Android in 2023,<ref name="Frosch 2016" /><ref name="Nina-signal-2022-10-12">{{cite web |author1=nina-signal |date=12 October 2022 |title=Removing SMS support from Signal Android (soon) |url=https://signal.org/blog/sms-removal-android/ |url-status=live |archive-url=https://web.archive.org/web/20221127000227/https://signal.org/blog/sms-removal-android/ |archive-date=27 November 2022 |access-date=28 November 2022 |website=signal.org}}</ref> the app now secures all communications with [[end-to-end encryption]]. The client software includes mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel.<ref name="Frosch 2016"/><ref name="Schröder-2016"/> |
|||
The [[Nonprofit organization|non-profit]] Signal Foundation was launched in February 2018 with initial funding of $50 million from [[WhatsApp]] co-founder [[Brian Acton]].<ref name="Greenberg20180221"/> {{As of|2022|January}}, the platform had approximately 40 million monthly active users. {{As of|2021|May}}, it was downloaded more than 105 million times.<ref name="Curry-2022">{{Cite news |last=Curry |first=David |date=11 January 2022 |title=Signal Revenue & Usage Statistics (2022) |language=en-US |work=Business of Apps |url=https://www.businessofapps.com/data/signal-statistics/ |access-date=13 January 2022 |archive-date=26 January 2021 |archive-url=https://web.archive.org/web/20210126020455/https://www.businessofapps.com/data/signal-statistics/ |url-status=live }}</ref><ref>{{Cite web |date=28 January 2021 |title=Signal Private Messenger - Apps on Google Play |url=https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US&gl=US |access-date=28 January 2021 |language=en |archive-date=11 June 2021 |archive-url=https://web.archive.org/web/20210611140028/https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US&gl=US |url-status=live }}</ref> |
|||
==History== |
==History== |
||
{{Signal timeline}} |
|||
===2010–2013: Origins=== |
|||
===Whisper Systems and Twitter (2010–2011)=== |
|||
Signal is the successor of |
Signal is the successor of the RedPhone encrypted voice calling app and the [[TextSecure]] encrypted texting program. The [[beta version]]s of RedPhone and TextSecure were first launched in May 2010 by [[Whisper Systems]],<ref name="whispersystems-2010-05-25">{{cite web |url=http://www.whispersys.com/updates.html |title=Announcing the public beta |date=25 May 2010 |archive-url=https://web.archive.org/web/20100530011131/http://www.whispersys.com/updates.html |archive-date=30 May 2010 |publisher=Whisper Systems |access-date=22 January 2015}}</ref> a startup company co-founded by security researcher [[Moxie Marlinspike]] and roboticist Stuart Anderson.<ref name="Garling-2011-12-20" /><ref>{{cite magazine |url=http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=141104009 |archive-url=https://archive.today/20140304095526/http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=141104009 |url-status=dead |archive-date=4 March 2014 |title=Company Overview of Whisper Systems Inc. |magazine=Bloomberg Businessweek |access-date=4 March 2014}}</ref> Whisper Systems also produced a firewall and tools for encrypting other forms of data.<ref name="Garling-2011-12-20" /><ref name="Greenberg-2010-05-25" /> All of these were [[Proprietary software|proprietary]] enterprise mobile security software and were only available for Android. |
||
In November 2011, Whisper Systems announced that it had been acquired by [[Twitter]]. |
In November 2011, Whisper Systems announced that it had been acquired by [[Twitter]]. Neither company disclosed the financial terms of the deal.<ref name="Cheredar-2011-11-28" /> The acquisition was done "primarily so that Mr. Marlinspike could help the then-startup improve its security".<ref name="Yadron2015">{{cite news |last1=Yadron |first1=Danny |title=Moxie Marlinspike: The Coder Who Encrypted Your Texts |url=https://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274 |access-date=10 July 2015 |work=The Wall Street Journal |date=9 July 2015 |archive-date=12 July 2015 |archive-url=https://web.archive.org/web/20150712035634/https://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274 |url-status=live}}</ref> Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable.<ref name="Greenberg-2011-11-28" /> Some criticized the removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the [[Egyptian revolution of 2011]].<ref name="Garling-2011-11-28" /> |
||
Twitter released TextSecure as [[free and open-source software]] under the [[GNU General Public License|GPLv3]] license in December 2011.<ref name=" |
Twitter released TextSecure as [[free and open-source software]] under the [[GNU General Public License|GPLv3]] license in December 2011.<ref name="Garling-2011-12-20"/><ref name="Aniszczyk-2011-12-20" /><ref name="whispersystems-2011-12-20">{{cite web |url=http://www.whispersys.com/updates.html |title=TextSecure is now Open Source! |archive-url=https://web.archive.org/web/20120106024504/http://www.whispersys.com/updates.html |archive-date=6 January 2012 |date=20 December 2011 |publisher=Whisper Systems |access-date=22 January 2015}}</ref><ref name="Pachal-2011-12-20" /> RedPhone was also released under the same license in July 2012.<ref name="whispersystems-2012-07-18">{{cite web |url=http://www.whispersys.com/updates.html |title=RedPhone is now Open Source! |archive-url=https://web.archive.org/web/20120731143138/http://www.whispersys.com/updates.html |archive-date=31 July 2012 |date=18 July 2012 |publisher=Whisper Systems |access-date=22 January 2015}}</ref> Marlinspike later left Twitter and founded Open Whisper Systems as a collaborative Open Source project for the continued development of TextSecure and RedPhone.<ref name="Greenberg-2014-07-29" /><ref name="welcome" /> |
||
===2013–2018: Open Whisper Systems=== |
|||
{{See also|Open Whisper Systems}} |
|||
===Open Whisper Systems (2013–present)=== |
|||
Open Whisper Systems' website was launched in January 2013.<ref name="welcome" /> |
Open Whisper Systems' website was launched in January 2013.<ref name="welcome" /> |
||
Toward the end of July 2014, |
In February 2014, Open Whisper Systems introduced the second version of their TextSecure Protocol (now [[Signal Protocol]]), which added end-to-end encrypted group chat and instant messaging capabilities to TextSecure.<ref name="Donohue-2014">{{cite web |date=24 February 2014 |first=Brian |last=Donohue |url=https://threatpost.com/textsecure-sheds-sms-in-latest-version/104456 |title=TextSecure Sheds SMS in Latest Version |website=Threatpost |access-date=14 July 2016 |archive-date=15 February 2017 |archive-url=https://web.archive.org/web/20170215020451/https://threatpost.com/textsecure-sheds-sms-in-latest-version/104456/ |url-status=live}}</ref> Toward the end of July 2014, they announced plans to merge the RedPhone and TextSecure applications as Signal.<ref name="Mimoso-2014-07-29" /> This announcement coincided with the initial release of Signal as a RedPhone counterpart for [[iOS]]. The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a [[Web application|web client]].<ref name="Mimoso-2014-07-29" /> Signal was the first iOS app to enable end-to-end encrypted voice calls for free.<ref name="Greenberg-2014-07-29" /><ref name="Evans-2014-07-29" /> TextSecure compatibility was added to the iOS application in March 2015.<ref name="Lee-2015-03-02" /><ref name="Geuss-2015-03-03" /> |
||
{{multiple image |
|||
| width = 60 |
|||
| align = left |
|||
| image1 = TextSecure Blue Icon.png |
|||
| caption1 = Signal Android icon, 2015–2017 |
|||
| image2 = Signal Blue Icon.png |
|||
| caption2 = Signal icon, 2015–2020 |
|||
| image3 = Signal-Logo.svg |
|||
| caption3 = Signal icon, 2020–2024 |
|||
}} |
|||
From its launch in May 2010<ref name="whispersystems-2010-05-25" /> until March 2015, the Android version of Signal (then called TextSecure) included support for encrypted SMS/[[Multimedia Messaging Service|MMS]] messaging.<ref>{{cite web |url=https://signal.org/blog/goodbye-encrypted-sms/ |title=Saying goodbye to encrypted SMS/MMS |author=Open Whisper Systems |date=6 March 2015 |access-date=24 March 2016 |archive-date=24 August 2017 |archive-url=https://web.archive.org/web/20170824085458/https://whispersystems.org/blog/goodbye-encrypted-sms/ |url-status=live}}</ref> From version 2.7.0 onward, the Android application only supported sending and receiving encrypted messages via the data channel.<ref name="Rottermanner-2015-p3"/> Reasons for this included security flaws of SMS/MMS and problems with the [[key exchange]].<ref name="Rottermanner-2015-p3">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=3}}</ref> Open Whisper Systems' abandonment of SMS/MMS encryption prompted some users to create a [[Fork (software development)|fork]] named Silence (initially called SMSSecure<ref name="github383">{{cite web |url=https://github.com/SilenceIM/Silence/pull/383 |author=BastienLQ |title=Change the name of SMSSecure |website=GitHub |publisher=SilenceIM |type=pull request |date=20 April 2016 |access-date=27 August 2016 |archive-date=23 February 2020 |archive-url=https://web.archive.org/web/20200223121439/https://github.com/SilenceIM/Silence/pull/383 |url-status=live}}</ref>) that is meant solely for the exchange of encrypted SMS and MMS messages.<ref name="Heise-April-2015">{{cite web |title=TextSecure-Fork bringt SMS-Verschlüsselung zurück |url=https://www.heise.de/news/TextSecure-Fork-bringt-SMS-Verschluesselung-zurueck-2595471.html |website=Heise |access-date=17 March 2024 |language=de |date=2 April 2015 |archive-date=19 November 2018 |archive-url=https://web.archive.org/web/20181119024003/https://www.heise.de/security/meldung/TextSecure-Fork-bringt-SMS-Verschluesselung-zurueck-2595471.html |url-status=live}}</ref><ref name="derstandard">{{cite web |title=SMSSecure: TextSecure-Abspaltung belebt SMS-Verschlüsselung wieder |url=https://www.derstandard.at/consent/tcf/2000013841576/SMSSecure-TextSecure-Abspaltung-belebt-SMS-Verschluesselung-wieder |website=Der Standard |access-date=17 March 2024 |language=de |date=3 April 2015 |archive-date=20 November 2018 |archive-url=https://web.archive.org/web/20181120012146/https://derstandard.at/2000013841576/SMSSecure-TextSecure-Abspaltung-belebt-SMS-Verschluesselung-wieder |url-status=live}}</ref> |
|||
In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for Android.<ref name="Greenberg-2015-11-2">{{cite magazine |last1=Greenberg |first1=Andy |title=Signal, the Snowden-Approved Crypto App, Comes to Android |url=https://www.wired.com/2015/11/signals-snowden-approved-phone-crypto-app-comes-to-android/ |magazine=Wired |access-date=19 March 2016 |date=2 November 2015 |archive-date=26 January 2018 |archive-url=https://web.archive.org/web/20180126050207/https://www.wired.com/2015/11/signals-snowden-approved-phone-crypto-app-comes-to-android/ |url-status=live}}</ref> A month later, Open Whisper Systems announced Signal Desktop, a [[Google Chrome Apps|Chrome app]] that could link with a Signal mobile client.<ref name="Motherboard-2015-12-02">{{cite web |last1=Franceschi-Bicchierai |first1=Lorenzo |title=Snowden's Favorite Chat App Is Coming to Your Computer |url=https://www.vice.com/en/article/53dzex/signal-snowdens-favorite-chat-app-is-coming-to-your-computer |website=Motherboard |publisher=Vice Media LLC |access-date=17 March 2024 |date=2 December 2015 |archive-date=16 December 2016 |archive-url=https://web.archive.org/web/20161216025211/http://motherboard.vice.com/read/signal-snowdens-favorite-chat-app-is-coming-to-your-computer |url-status=live}}</ref> At launch, the app could only be linked with the Android version of Signal.<ref name="Coldewey-2016-04-07">{{cite web |last1=Coldewey |first1=Devin |title=Now's your chance to try Signal's desktop Chrome app |url=https://techcrunch.com/2016/04/07/nows-your-chance-to-try-signals-desktop-chrome-app/ |website=TechCrunch |publisher=AOL Inc. |access-date=5 May 2016 |date=7 April 2016 |archive-date=21 October 2019 |archive-url=https://web.archive.org/web/20191021173212/http://techcrunch.com/2016/04/07/nows-your-chance-to-try-signals-desktop-chrome-app/ |url-status=live}}</ref> On 26 September 2016, Open Whisper Systems announced that Signal Desktop could now be linked with the iOS version of Signal as well.<ref name="signal-desktop-ios">{{cite web |last1=Marlinspike |first1=Moxie |title=Desktop support comes to Signal for iPhone |url=https://signal.org/blog/signal-desktop-ios/ |publisher=Open Whisper Systems |access-date=26 September 2016 |date=26 September 2016 |archive-date=7 July 2017 |archive-url=https://web.archive.org/web/20170707095128/https://whispersystems.org/blog/signal-desktop-ios/ |url-status=live}}</ref> On 31 October 2017, Open Whisper Systems announced that the Chrome app was [[deprecation|deprecated]].<ref name="Installing-Signal"/> At the same time, they announced the release of a standalone desktop client (based on the [[Electron (software framework)|Electron]] [[Software framework|framework]]<ref name="signal-desktop-github" />) for [[Microsoft Windows|Windows]], [[macOS]] and certain [[Linux distribution|Linux distributions]].<ref name="Installing-Signal"/><ref>{{cite web |last1=Coldewey |first1=Devin |title=Signal escapes the confines of the browser with a standalone desktop app |url=https://techcrunch.com/2017/10/31/signal-escapes-the-confines-of-the-browser-with-a-standalone-desktop-app/ |website=TechCrunch |publisher=[[Oath Tech Network]] |access-date=31 October 2017 |date=31 October 2017 |archive-date=14 May 2019 |archive-url=https://web.archive.org/web/20190514155929/https://techcrunch.com/2017/10/31/signal-escapes-the-confines-of-the-browser-with-a-standalone-desktop-app/ |url-status=live}}</ref> |
|||
On 4 October 2016, the [[American Civil Liberties Union]] (ACLU) and Open Whisper Systems published a series of documents revealing that OWS had received a [[subpoena]] requiring them to provide information associated with two phone numbers for a federal [[Grand juries in the United States|grand jury]] investigation in the first half of 2016.<ref name="Perlroth-2016-10-04">{{cite web |last1=Perlroth |first1=Nicole |last2=Benner |first2=Katie |title=Subpoenas and Gag Orders Show Government Overreach, Tech Companies Argue |url=https://www.nytimes.com/2016/10/05/technology/subpoenas-and-gag-orders-show-government-overreach-tech-companies-argue.html |website=The New York Times |access-date=4 October 2016 |date=4 October 2016 |archive-date=24 January 2020 |archive-url=https://web.archive.org/web/20200124010809/https://www.nytimes.com/2016/10/05/technology/subpoenas-and-gag-orders-show-government-overreach-tech-companies-argue.html |url-status=live}}</ref><ref name="Kaufman-2016-10-04">{{cite web |last1=Kaufman |first1=Brett Max |title=New Documents Reveal Government Effort to Impose Secrecy on Encryption Company |url=https://www.aclu.org/news/national-security/new-documents-reveal-government-effort-impose-secrecy-encryption |publisher=American Civil Liberties Union |type=Blog post |access-date=17 March 2024 |date=4 October 2016 |archive-date=25 July 2017 |archive-url=https://web.archive.org/web/20170725085001/https://www.aclu.org/blog/free-future/new-documents-reveal-government-effort-impose-secrecy-encryption-company |url-status=live}}</ref><ref name="OWS-2016-10-04">{{cite web |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |publisher=Open Whisper Systems |access-date=4 October 2016 |date=4 October 2016 |archive-date=29 August 2017 |archive-url=https://web.archive.org/web/20170829091039/https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/ |url-status=live}}</ref> Only one of the two phone numbers was registered on Signal, and because of how the service is designed, OWS was only able to provide "the time the user's account had been created and the last time it had connected to the service".<ref name="Kaufman-2016-10-04"/><ref name="Perlroth-2016-10-04"/> Along with the subpoena, OWS received a [[gag order]] requiring OWS not to tell anyone about the subpoena for one year.<ref name="Perlroth-2016-10-04"/> OWS approached the ACLU, and they were able to lift part of the gag order after challenging it in court.<ref name="Perlroth-2016-10-04"/> OWS said it was the first time they had received a subpoena, and that they were "committed to treating any future requests the same way".<ref name="OWS-2016-10-04"/> |
|||
In March 2017, Open Whisper Systems transitioned Signal's calling system from RedPhone to [[WebRTC]], also adding the ability to make video calls with the mobile apps.<ref name="signal-video-calls-beta"/><ref name="signal-video-calls" /><ref name="Mott-2017-03-14"/> |
|||
===Since 2018: Signal Technology Foundation=== |
|||
{{See also|Signal Technology Foundation}} |
|||
On 21 February 2018, [[Moxie Marlinspike]] and [[WhatsApp]] co-founder [[Brian Acton]] announced the formation of the [[Signal Technology Foundation]], a [[501(c) organization|501(c)(3) nonprofit organization]] whose mission is "to support, accelerate, and broaden Signal's mission of making private communication accessible and ubiquitous".<ref name="signal-foundation">{{cite web |last1=Marlinspike |first1=Moxie |last2=Acton |first2=Brian |title=Signal Foundation |url=https://signal.org/blog/signal-foundation/ |website=Signal.org |access-date=21 February 2018 |date=21 February 2018 |archive-date=16 February 2020 |archive-url=https://web.archive.org/web/20200216021349/https://signal.org/blog/signal-foundation/ |url-status=live}}</ref><ref name="Greenberg20180221"/> Acton started the foundation with $50 million in funding and became the foundation's executive chairman after leaving WhatsApp's parent company Facebook in September 2017.<ref name="Greenberg20180221">{{cite magazine |last1=Greenberg |first1=Andy |title=WhatsApp Co-Founder Puts $50M Into Signal To Supercharge Encrypted Messaging |url=https://www.wired.com/story/signal-foundation-whatsapp-brian-acton/ |magazine=Wired |access-date=21 February 2018 |date=21 February 2018 |archive-date=22 February 2018 |archive-url=https://web.archive.org/web/20180222022309/https://www.wired.com/story/signal-foundation-whatsapp-brian-acton/ |url-status=live}}</ref> Marlinspike continued as Signal Messenger's first [[Chief executive officer|CEO]].<ref name="signal-foundation"/> {{As of|2020}}, Signal ran entirely on donations, as a [[nonprofit organization|nonprofit]].<ref name="thenewyorker-2020-10-19"/> |
|||
Between November 2019 and February 2020, Signal added [[iPad]] support, view-once images and videos, [[sticker (messaging)|sticker]]s, and reactions.<ref name="Greenberg2020">{{cite magazine |last1=Greenberg |first1=Andy |title=Signal Is Finally Bringing Its Secure Messaging to the Masses |url=https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/ |access-date=15 February 2020 |magazine=Wired |date=14 February 2020 |archive-date=14 February 2020 |archive-url=https://web.archive.org/web/20200214231514/https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/ |url-status=live}}</ref> They also announced plans for a new group messaging system and an "experimental method for storing encrypted contacts in the cloud."<ref name="Greenberg2020" /> |
|||
Signal was reportedly popularized in the United States during the [[George Floyd protests]]. Heightened awareness of police monitoring led protesters to use the platform to communicate. [[Black Lives Matter]] [[Activism|organizers]] had used the platform "for several years".<ref name=Nierenberg>{{Cite news |last=Nierenberg |first=Amelia |date=12 June 2020 |title=Signal Downloads Are Way Up Since the Protests Began |work=[[The New York Times]] |url=https://www.nytimes.com/2020/06/11/style/signal-messaging-app-encryption-protests.html |url-status=live |archive-date=25 June 2020 |archive-url=https://web.archive.org/web/20200625005732/https://www.nytimes.com/2020/06/11/style/signal-messaging-app-encryption-protests.html}}</ref><ref name="thenewyorker-2020-10-19"/> During the first week of June, the encrypted messaging app was downloaded over five times more than it had been during the week prior to the [[murder of George Floyd]].<ref name=Nierenberg/> In June 2020, Signal Foundation announced a new feature that enables users to blur faces in photos, in response to increased federal efforts to monitor protesters.<ref name="thenewyorker-2020-10-19"/><ref>{{Cite web |last=Lyngaas |first=Sean |date=4 June 2020 |title=Signal aims to boost protesters' phone security at George Floyd demonstrations with face-blurring tool |url=https://cyberscoop.com/george-floyd-protest-phone-security/ |url-status=live |archive-url=https://web.archive.org/web/20200614014517/https://www.cyberscoop.com/george-floyd-protest-phone-security/ |archive-date=14 June 2020 |access-date=14 June 2020 |website=CyberScoop |language=en}}</ref> |
|||
On 7 January 2021, Signal saw a surge in new user registrations, which temporarily overwhelmed Signal's capacity to deliver account verification messages.<ref name="Hardwick-2021-01-08"/> [[CNN]] and [[MacRumors]] linked the surge with a [[WhatsApp]] privacy policy change and a Signal endorsement by [[Elon Musk]] and [[Edward Snowden]] via Twitter.<ref name="Hardwick-2021-01-08">{{Cite web |last=Hardwick |first=Tim |title=Encrypted Messaging App Signal Sees Surge in Popularity Following WhatsApp Privacy Policy Update |url=https://www.macrumors.com/2021/01/08/messaging-app-signal-sees-surge-signups/ |access-date=9 January 2021 |website=MacRumors |date=8 January 2021 |language=en |archive-date=9 January 2021 |archive-url=https://web.archive.org/web/20210109082738/https://www.macrumors.com/2021/01/08/messaging-app-signal-sees-surge-signups/ |url-status=live}}</ref><ref>{{cite news |last1=Duffy |first1=Clare |date=12 January 2021 |title=Why messaging app Signal is surging in popularity right now |publisher=[[CNN]] |url=https://www.cnn.com/2021/01/12/tech/signal-growth-whatsapp-confusion/index.html |access-date=12 January 2021 |archive-date=13 January 2021 |archive-url=https://web.archive.org/web/20210113133528/https://www.cnn.com/2021/01/12/tech/signal-growth-whatsapp-confusion/index.html |url-status=live}}</ref> The surge was also tied to the attack on the [[January 6 United States Capitol attack|United States Capitol]].<ref>{{cite web |last1=Chau |first1=David |title=Donald Trump supporters embrace Signal, Telegram and other 'free speech' apps |url=https://www.abc.net.au/news/2021-01-20/donald-trump-social-media-apps-free-speech-privacy/13071206 |website=ABC News |date=20 January 2021 |access-date=12 May 2023 |archive-date=13 December 2023 |archive-url=https://web.archive.org/web/20231213150315/https://www.abc.net.au/news/2021-01-20/donald-trump-social-media-apps-free-speech-privacy/13071206 |url-status=live }}</ref> International newspapers reported similar trends in the [[United Arab Emirates]].<ref>{{Cite news |last=Cabral |first=Alvin R. |title=UAE WhatsApp users look for other messaging platforms over new terms |url=https://www.khaleejtimes.com/technology/uae-whatsapp-users-look-for-other-messaging-platforms-over-new-terms |access-date=10 January 2021 |website=[[Khaleej Times]] |language=en |archive-date=17 January 2021 |archive-url=https://web.archive.org/web/20210117005233/https://www.khaleejtimes.com/technology/uae-whatsapp-users-look-for-other-messaging-platforms-over-new-terms |url-status=live}}</ref> [[Reuters]] reported that more than 100,000 people had installed Signal between 7 and 8 January.<ref>{{Cite news |date=8 January 2021 |title=Signal, Telegram see demand spike as new WhatsApp terms stir debate |language=en |work=[[Reuters]] |url=https://www.reuters.com/article/us-whatsapp-users-idUSKBN29D1TY |access-date=10 January 2021 |archive-date=17 January 2021 |archive-url=https://web.archive.org/web/20210117005232/https://www.reuters.com/article/us-whatsapp-users-idUSKBN29D1TY |url-status=live}}</ref> |
|||
Between 12 and 14 January 2021, the number of Signal installations listed on Google Play increased from over 10 million to over 50 million.<ref>[[:File:Signal Messenger downloads between 2021-01-12 and 2021-01-14.png|Screenshot]] showing 40 million downloads between 12 and 14 January 2021.</ref><ref>{{cite web |title=Signal Private Messenger - Apps on Google Play |url=https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms |publisher=Google Play |access-date=18 January 2021 |date=12 January 2021 |archive-url=https://web.archive.org/web/20210112141222/https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms |archive-date=12 January 2021}}</ref><ref>{{cite web |title=Signal Private Messenger - Apps on Google Play |url=https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms |access-date=18 January 2021 |date=14 January 2021 |archive-url=https://web.archive.org/web/20210114073330/https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms |archive-date=14 January 2021}}</ref><ref>{{cite web |url=https://www.androidpolice.com/2021/01/14/signal-hits-50-million-installs-on-play-store-amid-whatsapp-privacy-concerns/ |title=Signal hits 50 million installs on Play Store amid WhatsApp privacy concerns |publisher=Android Police |date=14 January 2021 |access-date=20 January 2021 |archive-date=16 March 2021 |archive-url=https://web.archive.org/web/20210316161056/https://www.androidpolice.com/2021/01/14/signal-hits-50-million-installs-on-play-store-amid-whatsapp-privacy-concerns/ |url-status=live }}</ref> |
|||
On 15 January 2021, due to the surge of new users, Signal was overwhelmed with the new traffic and was down for all users.<ref>{{Cite web |title=Signal Status |url=https://status.signal.org/ |url-status=live |archive-url=https://web.archive.org/web/20210115221438/https://status.signal.org/ |archive-date=15 January 2021 |access-date=15 January 2021 |website=status.signal.org}}</ref><ref>{{Cite news |date=15 January 2021 |title=WhatsApp changes: Signal messaging platform stops working as downloads surge |language=en-GB |work=BBC News |url=https://www.bbc.com/news/technology-55684595 |access-date=16 January 2021 |archive-date=16 January 2021 |archive-url=https://web.archive.org/web/20210116092644/https://www.bbc.com/news/technology-55684595 |url-status=live}}</ref> On the afternoon of 16 January, Signal announced via Twitter that service had been restored.<ref>{{Cite tweet |user=SignalApp |number=1350595202872823809 |title=Signal is back! |date=16 January 2021}}</ref> |
|||
On 10 January 2022, Moxie Marlinspike announced that he was stepping down from his role as CEO of Signal Messenger.<ref name="Marlinspike-2022-01-10"/> He continues to remain on the Signal Foundation's [[board of directors]] and Brian Acton has volunteered to serve as [[interim CEO]] during the search for a new CEO.<ref name="Marlinspike-2022-01-10">{{cite web |last1=Marlinspike |first1=Moxie |title=New year, new CEO |url=https://signal.org/blog/new-year-new-ceo/ |website=signal.org |publisher=Signal Messenger |access-date=10 January 2022 |date=10 January 2022 |archive-date=16 December 2022 |archive-url=https://web.archive.org/web/20221216031722/https://signal.org/blog/new-year-new-ceo/ |url-status=live }}</ref> |
|||
In August 2022, Signal notified 1900 users that their data had been affected by the [[Twilio]] breach including user phone numbers and SMS verification codes.<ref name="Twilio-2022-08-15">{{cite web |last1=Page |first1=Carly |title=Signal says 1,900 users' phone numbers exposed by Twilio breach |url=https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/ |website=techcrunch.com |publisher=TechCrunch |access-date=16 August 2022 |date=15 August 2022 |archive-date=13 December 2023 |archive-url=https://web.archive.org/web/20231213150314/https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/ |url-status=live }}</ref> At least one journalist had his account re-registered to a device he did not control as a result of the attack.<ref name="Lorenzo-2022-08-17">{{cite news |last1=Franceschi-Bicchierai |first1=Lorenzo |title=How a Third-Party SMS Service Was Used to Take Over Signal Accounts |url=https://www.vice.com/en/article/qjkvxv/how-a-third-party-sms-service-was-used-to-take-over-signal-accounts |access-date=19 August 2022 |work=VICE |date=17 August 2022 |language=en |archive-date=18 August 2022 |archive-url=https://web.archive.org/web/20220818194205/https://www.vice.com/en/article/qjkvxv/how-a-third-party-sms-service-was-used-to-take-over-signal-accounts |url-status=live }}</ref> |
|||
In September 2022 Signal Messaging LLC announced that AI researcher and noted critic of big tech [[Meredith Whittaker]] would fill the newly created position of President.<ref>{{Cite web |date=6 September 2022 |title=Signal Has a New President and She Has a Plan |url=https://gizmodo.com/meredith-whittaker-new-president-of-signal-messaging-1849501653 |access-date=23 June 2023 |website=Gizmodo |language=en |archive-date=23 June 2023 |archive-url=https://web.archive.org/web/20230623171238/https://gizmodo.com/meredith-whittaker-new-president-of-signal-messaging-1849501653 |url-status=live }}</ref> |
|||
===Usage=== |
|||
{{Graph:Chart |
|||
|width=480 |
|||
|height=150 |
|||
|type=line |
|||
|xType=date |
|||
|xAxisFormat=%b %Y |
|||
|xAxisAngle=-40 |
|||
|yGrid= |
|||
|x=2010-05-01, 2020-12-01, 2022-01-12 |
|||
|y1=0, 20, 40 |
|||
|xAxisTitle=Signal timeline (May 2010 – January 2022) |
|||
|yAxisTitle=Monthly active users (million) |
|||
}} |
|||
Signal's userbase started in May 2010, when its predecessor [[TextSecure]] was launched by [[Whisper Systems]].<ref name="whispersystems-2010-05-25"/> According to App Annie, Signal had approximately 20 million monthly active users at the end of December 2020.<ref>{{cite web |last1=Singh |first1=Manish |title=Signal's Brian Acton talks about exploding growth, monetization and WhatsApp data-sharing outrage |url=https://techcrunch.com/2021/01/12/signal-brian-acton-talks-about-exploding-growth-monetization-and-whatsapp-data-sharing-outrage/ |website=TechCrunch |publisher=Yahoo |access-date=13 January 2022 |date=13 January 2021 |archive-date=13 January 2022 |archive-url=https://web.archive.org/web/20220113135343/https://techcrunch.com/2021/01/12/signal-brian-acton-talks-about-exploding-growth-monetization-and-whatsapp-data-sharing-outrage/ |url-status=live }}</ref> In January 2022, the BBC reported that Signal was used by over 40 million people.<ref>{{cite web |title=Moxie Marlinspike leaves encrypted-messaging app Signal |url=https://www.bbc.com/news/technology-59937614 |website=BBC News |publisher=BBC |access-date=13 January 2022 |date=12 January 2022 |archive-date=12 January 2022 |archive-url=https://web.archive.org/web/20220112173823/https://www.bbc.com/news/technology-59937614 |url-status=live }}</ref> |
|||
=== Developers and funding === |
|||
In October 2014, researchers from [[Ruhr University Bochum]] published an analysis of the protocol that is used in Signal to encrypt its instant messages.<ref name="Frosch-2014" /> Among other findings, they presented an [[unknown key-share attack]] on the protocol, but in general, they found that the encrypted chat client is secure.<ref name="theregister1" /> |
|||
{{Main|Signal Foundation}} |
|||
The development of Signal and its predecessors at [[Open Whisper Systems]] was funded by a combination of consulting contracts, donations and [[Grant (money)|grants]].<ref name="ONeill-2017-01-03">{{cite web |last1=O'Neill |first1=Patrick |date=3 January 2017 |title=How Tor and Signal can maintain the fight for freedom in Trump's America |url=https://cyberscoop.com/tor-signal-funding-donald-trump-steve-bannon-encryption/ |url-status=live |archive-url=https://web.archive.org/web/20170917033354/https://www.cyberscoop.com/tor-signal-funding-donald-trump-steve-bannon-encryption/ |archive-date=17 September 2017 |access-date=17 March 2024 |website=CyberScoop |publisher=Scoop News Group}}</ref> The [[Freedom of the Press Foundation]] acted as Signal's [[fiscal sponsorship|fiscal sponsor]].<ref name="signal-foundation" /><ref>{{cite web |last1=Timm |first1=Trevor |date=8 December 2016 |title=Freedom of the Press Foundation's new look, and our plans to protect press freedom for 2017 |url=https://freedom.press/news/freedom-press-foundations-new-look-and-our-plans-protect-press-freedom-2017/ |url-status=live |archive-url=https://web.archive.org/web/20170202042832/https://freedom.press/news/freedom-press-foundations-new-look-and-our-plans-protect-press-freedom-2017/ |archive-date=2 February 2017 |access-date=25 January 2017 |website=Freedom of the Press Foundation}}</ref><ref name="pressfreedomfoundation" /> Between 2013 and 2016, the project received grants from the [[Knight Foundation]],<ref name="knightfoundation" /> the [[Shuttleworth Foundation]],<ref name="shuttleworthfoundation" /> and almost $3 million from the US government–sponsored [[Open Technology Fund]].<ref name="opentechfund" /> Signal is now developed by Signal Messenger LLC, a software company founded by [[Moxie Marlinspike]] and [[Brian Acton]] in 2018, which is wholly owned by a tax-exempt nonprofit corporation called the [[Signal Foundation|Signal Technology Foundation]], also created by them in 2018. The Foundation was funded with an initial loan of $50 million from Acton, "to support, accelerate, and broaden Signal's mission of making private communication accessible and ubiquitous".<ref name="signal-foundation" /><ref name="Greenberg20180221" /><ref name="propublica">{{cite web |date=9 May 2013 |title=Signal Technology Foundation |url=https://projects.propublica.org/nonprofits/organizations/824506840 |url-status=live |archive-url=https://web.archive.org/web/20210109161310/https://projects.propublica.org/nonprofits/organizations/824506840 |archive-date=9 January 2021 |access-date=7 June 2019 |website=Nonprofit Explorer |publisher=Pro Publica Inc.}}</ref> All of the organization's products are published as [[free and open-source software]]. |
|||
In November 2023, Meredith Whittaker revealed that she expected the annual cost of running Signal to reach $50 million in 2025, with the current cost estimated around $40 million.<ref>{{cite magazine |last1=Greenberg |first1=Andy |title=Running Signal Will Soon Cost $50 Million a Year |url=https://www.wired.com/story/signal-operating-costs/ |magazine=Wired |date=16 November 2023 |access-date=10 December 2023 |archive-date=10 December 2023 |archive-url=https://web.archive.org/web/20231210081135/https://www.wired.com/story/signal-operating-costs/ |url-status=live }}</ref> |
|||
In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for Android.<ref name="just-signal">{{cite web|author=Marlinspike, Moxie|url=https://whispersystems.org/blog/just-signal/|title=Just Signal|date=2 November 2015|publisher=Open Whisper Systems|accessdate=2 November 2015}}</ref> A month later, Open Whisper Systems announced Signal Desktop, a [[Google Chrome Apps|Chrome app]] that can link with a Signal client.<ref name="Motherboard-2015-12-02">{{cite web|last1=Franceschi-Bicchierai|first1=Lorenzo|title=Snowden’s Favorite Chat App Is Coming to Your Computer|url=http://motherboard.vice.com/read/signal-snowdens-favorite-chat-app-is-coming-to-your-computer|website=Motherboard|publisher=Vice Media LLC|accessdate=4 December 2015|date=2 December 2015}}</ref> {{As of|2015|12|2|df=US}}, the app is in beta and can only be linked with the Android version of Signal.<ref name="Motherboard-2015-12-02" /> |
|||
==Features== |
==Features== |
||
Signal provides one-to-one and group<ref name="Group Calls">{{cite web |last1=Davenport |first1=Corbin |title=Signal messaging now supports encrypted group video calls |url=https://www.androidpolice.com/2020/12/14/signal-messaging-now-supports-encrypted-group-video-calls/ |website=Android Police |access-date=15 December 2020 |date=14 December 2020 |archive-date=14 December 2020 |archive-url=https://web.archive.org/web/20201214193352/https://www.androidpolice.com/2020/12/14/signal-messaging-now-supports-encrypted-group-video-calls/ |url-status=live}}</ref> voice and video<ref name="Mott-2017-03-14" /> calls with up to forty participants on iOS, Android, and desktop platforms.<ref>{{cite news |last1=Vonau |first1=Manuel |title=Signal significantly ups its video group call limit, surpassing WhatsApp |url=https://www.androidpolice.com/signal-significantly-ups-its-video-group-call-limit-surpassing-whatsapp/ |access-date=16 December 2021 |work=Android Police |date=16 December 2021 |archive-date=16 December 2021 |archive-url=https://web.archive.org/web/20211216101311/https://www.androidpolice.com/signal-significantly-ups-its-video-group-call-limit-surpassing-whatsapp/ |url-status=live }}</ref><ref>{{cite web |last1=Thatcher |first1=Peter |title=How to build large-scale end-to-end encrypted group video calls |url=https://signal.org/blog/how-to-build-encrypted-group-calls/ |website=signal.org |publisher=Signal Foundation |access-date=16 December 2021 |date=15 December 2021 |archive-date=15 December 2021 |archive-url=https://web.archive.org/web/20211215215210/https://signal.org/blog/how-to-build-encrypted-group-calls/ |url-status=live }}</ref> The calls are carried via the devices' wired or wireless (carrier or [[WiFi]]) data connections.<ref name="Evans-2014-07-29" /> The application can send text messages, documents files,<ref name="arbitrary-file-types">{{cite tweet |author=Signal |user=signalapp |number=859125874901135360 |date=1 May 2017 |title=Today's Signal release for Android, iOS, and Desktop includes the ability to send arbitrary file types. |access-date=5 November 2018}}</ref> voice notes, pictures, [[Sticker (messaging)|stickers]], [[GIF]]s,<ref name="giphy-update">{{cite web |last1=Lund |first1=Joshua |title=Expanding Signal GIF search |url=https://signal.org/blog/signal-and-giphy-update/ |publisher=Open Whisper Systems |access-date=9 November 2017 |date=1 November 2017 |archive-date=23 September 2019 |archive-url=https://web.archive.org/web/20190923133209/https://signal.org/blog/signal-and-giphy-update/ |url-status=live}}</ref> and video messages. The platform also supports group messaging. |
|||
Signal allows users to call other Signal users on iOS and Android. All calls are made over a [[Wi-Fi]] or data connection and are free of charge, including long distance and international.<ref name="techcrunch2" /> Signal also allows users to send group, text, picture, and video messages over a Wi-Fi or data connection to other Signal users on iOS and on Android. |
|||
All |
All communication sessions between Signal users are automatically [[End-to-end encryption|end-to-end encrypted]] (the encryption [[Key (cryptography)|keys]] are generated and stored on the devices, and not on servers).<ref name="eff-2014-11-04" /> To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) [[Out-of-band data|out-of-band]].<ref name="Rottermanner-2015-p5"/> The platform employs a [[trust on first use|trust-on-first-use]] mechanism to notify the user if a correspondent's key changes.<ref name="Rottermanner-2015-p5"/> |
||
Until 2023, Android users could opt into making Signal the default SMS/MMS application, allowing them to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages.<ref name="Donohue-2014"/> Users could then use the same application to communicate with contacts who do not have Signal.<ref name="Donohue-2014"/> As of October 2022, this feature has been deprecated due to safety and security concerns, and was removed in 2023.<ref>{{Cite web |last=Clark |first=Mitchell |date=12 October 2022 |title=Signal is 'starting to phase out SMS support' from its Android app |url=https://www.theverge.com/2022/10/12/23400896/signal-sms-support-ending-android-simplification |access-date=13 October 2022 |website=The Verge |language=en-US |archive-date=12 October 2022 |archive-url=https://web.archive.org/web/20221012233521/https://www.theverge.com/2022/10/12/23400896/signal-sms-support-ending-android-simplification |url-status=live }}</ref><ref name="Nina-signal-2022-10-12" /> |
|||
Signal has built-in mechanisms for verifying that no [[man-in-the-middle attack]] has occurred. For calls, Signal displays two words on the screen. If the words match on both ends of the call, the call is secure.<ref name="techcrunch2" /><ref name="zfone-mitm" /> For messages, Signal users can compare key fingerprints (or scan QR codes) out-of-band. |
|||
TextSecure allowed the user to set a passphrase that encrypted the local message database and the user's encryption keys.<ref name="Rottermanner-2015-p9">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=9}}</ref> This did not encrypt the user's contact database or message timestamps.<ref name="Rottermanner-2015-p9"/> The Signal applications on Android and iOS can be locked with the phone's pin, passphrase, or biometric authentication.<ref name="screen-lock">{{cite web |url=https://support.signal.org/hc/en-us/articles/360007059572-Screen-Lock |title=Screen Lock |website=support.signal.org |publisher=Signal |date=n.d. |access-date=22 November 2018 |archive-date=15 February 2020 |archive-url=https://web.archive.org/web/20200215110134/https://support.signal.org/hc/en-us/articles/360007059572-Screen-Lock |url-status=live}}</ref> The user can define a "screen lock timeout" interval, where Signal will re-encrypt the messages after a certain amount of time, providing an additional protection mechanism in case the phone is lost or stolen.<ref name="Rottermanner-2015-p5">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=5}}</ref><ref name="screen-lock"/> |
|||
The Android version of Signal has two features that the iOS version does not. On Android, Signal can be used as the default SMS application, allowing the user to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages. The iOS version of Signal can not be used as the default SMS application because of restrictions in the operating system. The Android version of Signal also allows the user to set a passphrase that encrypts the local message database. On iOS, the local message database is encrypted by the operating system if the user has a passphrase on their lock screen. |
|||
Signal has a feature for scheduling messages.<ref>{{Cite web |url=https://support.signal.org/hc/en-us/articles/5365881590682-Schedule-a-Message-on-Signal-Android |title=Schedule a Message on Signal Android – Signal Support |access-date=18 May 2023 |archive-date=18 May 2023 |archive-url=https://web.archive.org/web/20230518110700/https://support.signal.org/hc/en-us/articles/5365881590682-Schedule-a-Message-on-Signal-Android |url-status=live }}</ref> In addition, timers may be attached to messages<ref name="Greenberg-2016-10-11"/> to automatically delete the messages from both the sender's and the receivers' devices.<ref name="Greenberg-2016-10-11">{{cite magazine |last1=Greenberg |first1=Andy |title=Signal, the Cypherpunk App of Choice, Adds Disappearing Messages |url=https://www.wired.com/2016/10/signal-cypherpunk-app-choice-adds-disappearing-messages/ |magazine=Wired |access-date=11 October 2016 |date=11 October 2016 |archive-date=12 October 2016 |archive-url=https://web.archive.org/web/20161012075856/https://www.wired.com/2016/10/signal-cypherpunk-app-choice-adds-disappearing-messages/ |url-status=live}}</ref> The time period for keeping the message may be between five seconds and one week,<ref name="Greenberg-2016-10-11"/> and begins for each recipient once they have read their copy of the message.<ref name="disappearing-messages">{{cite web |last1=Marlinspike |first1=Moxie |title=Disappearing messages for Signal |url=https://signal.org/blog/disappearing-messages/ |publisher=Open Whisper Systems |access-date=11 October 2016 |date=11 October 2016 |archive-date=13 June 2017 |archive-url=https://web.archive.org/web/20170613112209/https://whispersystems.org/blog/disappearing-messages/ |url-status=live}}</ref> The developers stressed that this is meant to be "a collaborative feature for conversations where all participants want to automate minimal data hygiene, not for situations where the recipient is an adversary".<ref name="Greenberg-2016-10-11"/><ref name="disappearing-messages"/> |
|||
Signal's app icon may be changed with a variety of colour themes for customization and to hide the app. The application name can also be customized.<ref>{{cite web |url=https://github.com/signalapp/Signal-Android/commit/c963e99dca76d8d334c7dfbf0d062305daebfaa2 |title=Introduce the ability to change the app icon. · signalapp/Signal-Android@c963e99 |website=[[GitHub]] |access-date=19 May 2023 |archive-date=19 May 2023 |archive-url=https://web.archive.org/web/20230519163414/https://github.com/signalapp/Signal-Android/commit/c963e99dca76d8d334c7dfbf0d062305daebfaa2 |url-status=live }}</ref> Messages can have effects like spoilers and italics, and users can add each other via QR code.<ref>{{cite web |url=https://github.com/signalapp/Signal-Android/commit/855e194baaa50de00f90bd7cb7e3f4ac10b10b9c |title=Add initial username link screen + QR code generation. · signalapp/Signal-Android@855e194 |website=[[GitHub]] |access-date=18 May 2023 |archive-date=18 May 2023 |archive-url=https://web.archive.org/web/20230518110700/https://github.com/signalapp/Signal-Android/commit/855e194baaa50de00f90bd7cb7e3f4ac10b10b9c |url-status=live }}</ref> |
|||
Signal excludes users' messages from non-encrypted cloud backups by default.<ref name="Lee-2016-06-22"/> |
|||
Signal allows users to automatically blur faces of people in photos to protect identities.<ref>{{Cite web |last=O'Flaherty |first=Kate |title=Signal Will Now Blur Protesters' Faces: Here's How It Works |url=https://www.forbes.com/sites/kateoflahertyuk/2020/06/04/secure-messaging-app-signal-launches-new-feature-to-protect-protestors-identities/ |access-date=5 June 2020 |website=Forbes |language=en |archive-date=4 June 2020 |archive-url=https://web.archive.org/web/20200604123732/https://www.forbes.com/sites/kateoflahertyuk/2020/06/04/secure-messaging-app-signal-launches-new-feature-to-protect-protestors-identities/ |url-status=live}}</ref><ref>{{Cite web |last=Vincent |first=James |date=4 June 2020 |title=Signal announces new face-blurring tool for Android and iOS |url=https://www.theverge.com/2020/6/4/21280112/signal-face-blurring-tool-ios-android-update |access-date=5 June 2020 |website=The Verge |language=en |archive-date=4 June 2020 |archive-url=https://web.archive.org/web/20200604123950/https://www.theverge.com/2020/6/4/21280112/signal-face-blurring-tool-ios-android-update |url-status=live}}</ref> |
|||
Signal includes a [[cryptocurrency wallet]] functionality for storing, sending and receiving in-app payments.<ref name="payments-support">{{cite web |title=In-app Payments |url=https://support.signal.org/hc/en-us/articles/360057625692-In-app-Payments |website=support.signal.org |publisher=Signal Messenger |access-date=12 January 2022 |archive-date=9 January 2022 |archive-url=https://web.archive.org/web/20220109072526/https://support.signal.org/hc/en-us/articles/360057625692-In-app-Payments |url-status=live }}</ref> Apart from certain regions and countries,<ref name="payments-support"/> the feature was enabled globally in November 2021.<ref name="Greenberg-2022-01-06">{{cite magazine |last1=Greenberg |first1=Andy |title=Signal's Cryptocurrency Feature Has Gone Worldwide |url=https://www.wired.com/story/signal-mobilecoin-cryptocurrency-payments/ |magazine=Wired |access-date=12 January 2022 |date=6 January 2022 |archive-date=11 January 2022 |archive-url=https://web.archive.org/web/20220111220625/https://www.wired.com/story/signal-mobilecoin-cryptocurrency-payments/ |url-status=live }}</ref> {{As of|January 2022}}, the only supported payment method is [[MobileCoin]].<ref name="payments-support"/> |
|||
In February 2024, Signal added a username feature to the beta version of the app. This is a privacy feature that allows users to communicate with others without having to share their telephone number.<ref>{{Cite web |title=Keep your phone number private with Signal usernames |url=https://signal.org/blog/phone-number-privacy-usernames/ |access-date=2024-02-21 |website=Signal Messenger |language=en}}</ref><ref>{{Cite magazine |last=Greenberg |first=Andy |title=Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private |url=https://www.wired.com/story/signal-launches-usersnames-phone-number-privacy/ |access-date=2024-02-21 |magazine=Wired |language=en-US |issn=1059-1028}}</ref> |
|||
==Limitations== |
==Limitations== |
||
Signal requires that the user |
Signal requires that the user provide a telephone number for verification,<ref name="phone-number">{{cite web |first=Masha |last=Kolenkina |title=Will any phone number work? How do I get a verification number? |url=https://support.signal.org/hc/en-us/articles/212476118-Will-any-phone-number-work-How-do-I-get-a-verification-number- |publisher=Open Whisper Systems |date=20 November 2015 |access-date=20 December 2015 |archive-date=16 January 2017 |archive-url=https://web.archive.org/web/20170116181641/https://support.whispersystems.org/hc/en-us/articles/212476118-Will-any-phone-number-work-How-do-I-get-a-verification-number- |url-status=live}}</ref> eliminating the need for user names or passwords and facilitating contact discovery (see below).<ref name=":0">{{Cite web |url=https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ |title=How to Use Signal Without Giving Out Your Phone Number |last=Lee |first=Micah |date=28 September 2017 |website=The Intercept |language=en-US |access-date=25 February 2018 |archive-date=22 January 2020 |archive-url=https://web.archive.org/web/20200122040137/https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ |url-status=live}}</ref> The number does not have to be the same as on the device's SIM card; it can also be a VoIP number<ref name="phone-number" /> or a landline as long as the user can receive the verification code and have a separate device to set up the software. A number can only be registered on one mobile device at a time.<ref name="multiple-devices">{{cite web |title=Troubleshooting multiple devices |url=https://support.signal.org/hc/en-us/articles/360007320451-Troubleshooting-multiple-devices#desktop_multiple_device |url-status=live |archive-url=https://web.archive.org/web/20191220053903/https://support.signal.org/hc/en-us/articles/360007320451-Troubleshooting-multiple-devices#desktop_multiple_device |archive-date=20 December 2019 |access-date=20 March 2019 |website=support.signal.org |publisher=Signal Messenger LLC}}</ref> Account registration requires an iOS or Android device.<ref name="Softpedia-2021"/><ref name="VPNpro-2021"/> |
||
This mandatory connection to a telephone number (a feature Signal shares with [[WhatsApp]], [[KakaoTalk]], and others) has been criticized as a "major issue" for privacy-conscious users who are not comfortable with giving out their private number.<ref name=":0" /> A workaround is to use a secondary phone number.<ref name=":0" /> The ability to choose a public, changeable username instead of sharing one's phone number was a widely-requested feature.<ref name=":0" /><ref>{{Cite web |url=https://github.com/signalapp/Signal-Android/issues/1085 |title=Allow different kinds of identifiers for registration · Issue #1085 · signalapp/Signal-Android |website=GitHub |language=en |access-date=25 February 2018 |archive-date=15 February 2020 |archive-url=https://web.archive.org/web/20200215082751/https://github.com/signalapp/Signal-Android/issues/1085 |url-status=live}}</ref><ref>{{cite web |title=Discussion: A proposal for alternative primary identifiers |url=https://community.signalusers.org/t/a-proposal-for-alternative-primary-identifiers/3023 |website=Signal Community |access-date=26 June 2020 |date=24 May 2018 |archive-date=28 June 2020 |archive-url=https://web.archive.org/web/20200628045054/https://community.signalusers.org/t/a-proposal-for-alternative-primary-identifiers/3023 |url-status=live}}</ref> This feature was added to the beta version of Signal in February 2024.<ref>{{Cite web |title=Keep your phone number private with Signal usernames |url=https://signal.org/blog/phone-number-privacy-usernames/ |access-date=2024-02-21 |website=Signal Messenger |language=en}}</ref> |
|||
===Centralization=== |
|||
Signal's server architecture has been partially decentralized since December 2013, when it was announced that the messaging protocol that is used in Signal had successfully been integrated into the Android-based open-source operating system [[CyanogenMod]].<ref>{{cite news|author=Andy Greenberg |url=http://www.forbes.com/sites/andygreenberg/2013/12/09/ten-million-more-android-users-text-messages-will-soon-be-encrypted-by-default/ |title=Ten Million More Android Users' Text Messages Will Soon Be Encrypted By Default |publisher=Forbes |date=2013-12-09 |accessdate=2014-02-28}}</ref><ref>{{cite news|author=Seth Schoen |url=https://www.eff.org/deeplinks/2013/12/2013-review-encrypting-web-takes-huge-leap-forward |title=2013 in Review: Encrypting the Web Takes A Huge Leap Forward |publisher=Electronic Frontier Foundation |date=2013-12-28 |accessdate=2014-03-01}}</ref><ref name="cyanogen-integration" /> As of CyanogenMod 11.0, the client logic is contained in a system app called WhisperPush. According to Open Whisper Systems, "the Cyanogen team runs their own [Signal messaging] server for WhisperPush clients, which [[Federation (information technology)|federates]] with [Open Whisper Systems' Signal server], so that both clients can exchange messages with each-other seamlessly".<ref name="cyanogen-integration">{{cite news|author=Moxie Marlinspike |url=https://whispersystems.org/blog/cyanogen-integration/ |title=TextSecure, Now With 10 Million More Users |publisher=Open Whisper Systems |date=2013-12-09 |accessdate=2014-02-28}}</ref> The WhisperPush source code is available under the GPLv3 license.<ref>{{cite web |url=https://github.com/CyanogenMod/android_external_whispersystems_WhisperPush |title=android_external_whispersystems_WhisperPush |author=CyanogenMod |website=GitHub |date=Jan 7, 2014 |accessdate=Mar 26, 2015}}</ref> In January 2016, however, the CyanogenMod team announced that they will be discontinuing WhisperPush on February 1, and recommended that its users switch to Signal.<ref>{{cite web|last1=Sinha|first1=Robin|title=CyanogenMod to Shutter WhisperPush Messaging Service on February 1|url=http://gadgets.ndtv.com/mobiles/news/cyanogenmod-to-shutter-whisperpush-messaging-service-on-february-1-792064|website=Gadgets360|publisher=NDTV|accessdate=23 January 2016|date=20 January 2016}}</ref> After this, Signal's server architecture will be entirely [[Centralized computing|centralized]]. |
|||
Using phone numbers as identifiers may also create security risks that arise from the possibility of an attacker taking over a phone number.<ref name=":0" /> A similar vulnerability was used to attack at least one user in August 2022, though the attack was performed via the provider of Signal's SMS services, not any user's provider.<ref name="Twilio-2022-08-15" /> The threat of this attack can be mitigated by enabling Signal's Registration Lock feature, a form of [[Multi-factor authentication|two-factor authentication]] that requires the user to enter a PIN to register the phone number on a new device.<ref>{{Cite web |last=Lovejoy |first=Ben |date=21 May 2020 |title=Signal registration lock stops your account being hijacked on a new phone |url=https://9to5mac.com/2020/05/21/signal-registration-lock/ |access-date=27 May 2023 |website=9 to 5 Mac |archive-date=13 December 2023 |archive-url=https://web.archive.org/web/20231213150314/https://9to5mac.com/2020/05/21/signal-registration-lock/ |url-status=live }}</ref> |
|||
===Android specific=== |
|||
Signal's official Android client requires the proprietary [[Google Play Services]] because the app is dependent on Google's [[Google Cloud Messaging|GCM]] push messaging framework.<ref name="Google-Play-Services"/> {{As of|2015|3}}, Signal's message delivery has been done by Open Whisper Systems themselves and the client relies on GCM only for a wakeup event.<ref>{{cite web |first=Moxie |last=Marlinspike|title=Saying goodbye to encrypted SMS/MMS |url=https://whispersystems.org/blog/goodbye-encrypted-sms/|publisher=Open Whisper Systems|date=6 March 2015|accessdate=20 December 2015}}</ref> The developers have added support for [[WebSocket]] to the open source Signal server.<ref name="Google-Play-Services"/> They claim that "[WebSocket] won't work as well as push messages that are sent via GCM", but that it will allow Signal to work independently of GCM "once support has been added to the client".<ref name="Google-Play-Services"/> |
|||
When linking Signal Desktop to a mobile device, the conversations history will not be synced; only the new messages will be shown on Signal Desktop.<ref>{{Cite web |last=Fedewa |first=Joe |title=How to Use Signal on Your Desktop Computer |url=https://www.howtogeek.com/710253/how-to-use-signal-on-desktop/ |access-date=31 May 2022 |website=How-To Geek |date=27 January 2021 |language=en-US |archive-date=25 June 2022 |archive-url=https://web.archive.org/web/20220625045542/https://www.howtogeek.com/710253/how-to-use-signal-on-desktop/ |url-status=live }}</ref> |
|||
==Architecture== |
|||
==Usability== |
|||
In July 2016, the [[Internet Society]] published a [[user study]] that assessed the ability of Signal users to detect and deter [[man-in-the-middle attack]]s.<ref name="Schröder-2016">{{harvnb|Schröder|Huber|Wind|Rottermanner|2016}}</ref> The study concluded that 21 out of 28 participants failed to correctly compare [[public key fingerprint]]s in order to verify the identity of other Signal users, and that most of these users believed they had succeeded, while they had actually failed.<ref name="Schröder-2016"/> Four months later, Signal's user interface was updated to make verifying the identity of other Signal users simpler.<ref name="safety-number-updates">{{cite web |last1=Marlinspike |first1=Moxie |title=Safety number updates |url=https://signal.org/blog/safety-number-updates/ |publisher=Open Whisper Systems |access-date=17 July 2017 |date=17 November 2016 |archive-date=17 July 2017 |archive-url=https://web.archive.org/web/20170717080736/https://whispersystems.org/blog/safety-number-updates/ |url-status=live}}</ref> |
|||
In 2023, the French government is pushing for the adoption of a European encrypted messaging alternative to Signal and WhatsApp named Olvid as their secured platform for communications.<ref>{{cite news |last1=Elizabeth |first1=Pineau |title=Stop using WhatsApp, get Paris-made alternative, French PM tells ministers |url=https://www.reuters.com/world/europe/stop-using-whatsapp-get-paris-made-alternative-french-pm-tells-ministers-2023-11-29/ |work=Reuters |date=29 November 2023 |access-date=3 December 2023 |archive-date=1 December 2023 |archive-url=https://web.archive.org/web/20231201144238/https://www.reuters.com/world/europe/stop-using-whatsapp-get-paris-made-alternative-french-pm-tells-ministers-2023-11-29/ |url-status=live }}</ref> |
|||
==Architecture== |
|||
===Encryption protocols=== |
===Encryption protocols=== |
||
{{Main|Signal Protocol}} |
|||
{{further|TextSecure#Encryption protocol}} |
|||
Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the [[Double Ratchet Algorithm]], prekeys, and an Extended Triple [[Diffie–Hellman key exchange|Diffie–Hellman]] (X3DH) handshake.<ref>{{harvnb|Unger|Dechand|Bonneau|Fahl|2015|p=241}}</ref><ref>{{cite web |last1=Marlinspike |first1=Moxie |last2=Perrin |first2=Trevor |title=The X3DH Key Agreement Protocol |url=https://signal.org/docs/specifications/x3dh/ |website=signal.org |access-date=24 December 2020 |archive-date=23 November 2020 |archive-url=https://web.archive.org/web/20201123155217/https://signal.org/docs/specifications/x3dh/ |url-status=live}}</ref> It uses [[Curve25519]], [[AES-256]], and [[HMAC-SHA256]] as [[Cryptographic primitive|primitives]].<ref name="Frosch 2016">{{harvnb|Frosch|Mainka|Bader|Bergsma|2016}}</ref> The protocol provides confidentiality, integrity, [[authenticated encryption|authentication]], participant consistency, destination validation, [[forward secrecy]], backward secrecy ({{Aka}} future secrecy), causality preservation, message unlinkability, [[Deniable authentication|message repudiation]], participation repudiation, and [[Asynchronous communication|asynchronicity]].<ref name="Unger-2015-p239"/> It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.<ref name="Unger-2015-p239">{{harvnb|Unger|Dechand|Bonneau|Fahl|2015|p=239}}</ref> |
|||
Signal instant messages are encrypted with the TextSecure encryption protocol (developed by Open Whisper Systems<ref name="theintercept1" />), which uses a variation of the [[Axolotl (protocol)|Axolotl]] key management protocol.<ref name="asynchronous-security" /><ref name="ProtocolV2" /> Signal voice calls are encrypted with the RedPhone encryption protocol, which is based on the [[ZRTP]] encryption protocol (developed by [[Phil Zimmermann]]) and [[Secure Real-time Transport Protocol|SRTP]].<ref name="wired3" /><ref name="RedPhone-Encryption-Protocols">{{cite web|url=https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols|archiveurl=https://web.archive.org/web/20150905192057/https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols|archivedate=5 September 2015|title=Encryption Protocols|website=GitHub|last=Marlinspike|first=Moxie|date=17 July 2012|accessdate=8 January 2016}}</ref> |
|||
The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and [[multicast encryption]].<ref name="Unger-2015-p239"/> In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.<ref name="Unger-2015-p239"/> |
|||
In October 2014, researchers from [[Ruhr University Bochum]] (RUB) published an analysis of the Signal Protocol.<ref name="Frosch 2016"/> Among other findings, they presented an [[unknown key-share attack]] on the protocol, but in general, they found that it was secure.<ref name="Pauli-2014-11-03" /> In October 2016, researchers from UK's [[University of Oxford]], [[Queensland University of Technology]] in Australia, and Canada's [[McMaster University]] published a formal analysis of the protocol.<ref name="Brook-2016-11-10"/><ref name="Cohn-Gordon-2016"/> They concluded that the protocol was cryptographically sound.<ref name="Brook-2016-11-10">{{cite web |last1=Brook |first1=Chris |title=Signal Audit Reveals Protocol Cryptographically Sound |url=https://threatpost.com/signal-audit-reveals-protocol-cryptographically-sound/121892/ |website=Threatpost |publisher=Kaspersky Lab |access-date=11 November 2016 |date=10 November 2016 |archive-date=14 February 2017 |archive-url=https://web.archive.org/web/20170214222434/https://threatpost.com/signal-audit-reveals-protocol-cryptographically-sound/121892/ |url-status=live}}</ref><ref name="Cohn-Gordon-2016">{{harvnb|Cohn-Gordon|Cremers|Dowling|Garratt|2016}}</ref> In July 2017, researchers from RUB found during another analysis of group messengers a purely theoretic attack against the group protocol of Signal: A user who knows the secret group ID of a group (due to having been a group member previously or stealing it from a member's device) can become a member of the group. Since the group ID cannot be guessed and such member changes are displayed to the remaining members, this attack is likely to be difficult to carry out without being detected.<ref>{{Cite journal |last1=Rösler |first1=Paul |last2=Mainka |first2=Christian |last3=Schwenk |first3=Jörg |year=2017 |title=More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema |journal=3rd IEEE European Symposium on Security and Privacy |url=https://eprint.iacr.org/2017/713.pdf |access-date=1 November 2019 |archive-date=19 November 2019 |archive-url=https://web.archive.org/web/20191119140438/https://eprint.iacr.org/2017/713.pdf |url-status=live}}</ref> |
|||
{{As of|August 2018}}, the Signal Protocol has been implemented into [[WhatsApp]], [[Facebook Messenger]], [[Skype]],<ref name="skype">{{cite web |last1=Lund |first1=Joshua |title=Signal partners with Microsoft to bring end-to-end encryption to Skype |url=https://signal.org/blog/skype-partnership/ |publisher=Open Whisper Systems |access-date=17 January 2018 |date=11 January 2018 |archive-date=2 February 2020 |archive-url=https://web.archive.org/web/20200202152037/https://signal.org/blog/skype-partnership/ |url-status=live}}</ref> and [[Google Allo]],<ref name="allo">{{cite web |url=https://signal.org/blog/allo/ |title=Open Whisper Systems partners with Google on end-to-end encryption for Allo |last=Marlinspike |first=Moxie |publisher=Open Whisper Systems |date=18 May 2016 |access-date=22 August 2018 |archive-date=22 January 2020 |archive-url=https://web.archive.org/web/20200122102117/https://signal.org/blog/allo/ |url-status=live}}</ref> making it possible for the conversations of "more than a billion people worldwide" to be end-to-end encrypted.<ref>{{cite web |url=http://fortune.com/40-under-40/moxie-marlinspike-31/ |title=Moxie Marlinspike – 40 under 40 |year=2016 |website=Fortune |access-date=6 October 2016 |archive-date=3 February 2017 |archive-url=https://web.archive.org/web/20170203011735/http://fortune.com/40-under-40/moxie-marlinspike-31/ |url-status=live}}</ref> In Google Allo, Skype and Facebook Messenger, conversations are not encrypted with the Signal Protocol by default; they only offer end-to-end encryption in an optional mode.<ref name="Lee-2016-06-22"/><ref name="facebook-messenger">{{cite web |last1=Marlinspike |first1=Moxie |title=Facebook Messenger deploys Signal Protocol for end to end encryption |url=https://signal.org/blog/facebook-messenger/ |publisher=Open Whisper Systems |access-date=10 May 2017 |date=8 July 2016 |archive-date=1 July 2017 |archive-url=https://web.archive.org/web/20170701124315/https://whispersystems.org/blog/facebook-messenger/ |url-status=live}}</ref><ref name="skype" /><ref>{{cite web |last1=Gebhart |first1=Gennie |title=Google's Allo Sends The Wrong Message About Encryption |url=https://www.eff.org/deeplinks/2016/09/googles-allo-sends-wrong-message-about-encryption |publisher=Electronic Frontier Foundation |access-date=20 August 2018 |date=3 October 2016 |archive-date=30 August 2018 |archive-url=https://web.archive.org/web/20180830024739/https://www.eff.org/deeplinks/2016/09/googles-allo-sends-wrong-message-about-encryption |url-status=live}}</ref> |
|||
Up until March 2017, Signal's voice calls were encrypted with [[Secure Real-time Transport Protocol|SRTP]] and the [[ZRTP]] key-agreement protocol, which was developed by [[Phil Zimmermann]].<ref name="Greenberg-2014-07-29" /><ref name="RedPhone-Encryption-Protocols"/> In March 2017, Signal transitioned to a new [[WebRTC]]-based calling system that introduced the ability to make video calls.<ref name="signal-video-calls">{{cite web |url=https://signal.org/blog/signal-video-calls/ |title=Video calls for Signal out of beta |last1=Marlinspike |first1=Moxie |date=13 March 2017 |website=Signal Blog |publisher=[[Open Whisper Systems]] |access-date=7 April 2017 |archive-date=15 March 2017 |archive-url=https://web.archive.org/web/20170315175109/https://whispersystems.org/blog/signal-video-calls/ |url-status=live}}</ref> Signal's voice and video calling functionalities use the Signal Protocol channel for authentication instead of ZRTP.<ref name="Greenberg-2017-02-14">{{cite magazine |last1=Greenberg |first1=Andy |title=The Best Encrypted Chat App Now Does Video Calls Too |url=https://www.wired.com/2017/02/encryption-app-signal-enables-video-calls-new-privacy-tradeoff/ |magazine=Wired |access-date=15 February 2017 |date=14 February 2017 |archive-date=15 February 2017 |archive-url=https://web.archive.org/web/20170215021847/https://www.wired.com/2017/02/encryption-app-signal-enables-video-calls-new-privacy-tradeoff/ |url-status=live}}</ref><ref name="signal-video-calls-beta">{{cite web |last1=Marlinspike |first1=Moxie |title=Video calls for Signal now in public beta |url=https://signal.org/blog/signal-video-calls-beta/ |publisher=Open Whisper Systems |access-date=15 February 2017 |date=14 February 2017 |archive-date=15 March 2017 |archive-url=https://web.archive.org/web/20170315184106/https://whispersystems.org/blog/signal-video-calls-beta// |url-status=live}}</ref><ref name="Mott-2017-03-14"/> |
|||
====Authentication==== |
|||
To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) [[Out-of-band data|out-of-band]].<ref name="Rottermanner-2015-p5"/> The platform employs a [[trust on first use]] mechanism in order to notify the user if a correspondent's key changes.<ref name="Rottermanner-2015-p5"/> |
|||
===Local storage=== |
|||
After receiving and decrypting messages, the application stored them locally on each device in a [[SQLite]] database that is encrypted with SQLCipher.<ref name="Ganor-2020-12-10"/> The cryptographic key for this database is also stored locally and can be accessed if the device is unlocked.<ref name="Ganor-2020-12-10"/><ref name="Green-2020-12-10">{{cite tweet |author=[[Matthew D. Green]] |user=matthew_d_green |number=1337106648016547843 |date=10 December 2020 |title=Someone asked me what this Cellebrite post meant, and whether it's a big deal for Signal. From what I can see it just means Cellebrite can read your texts if they have your (unlocked) phone, which, duh. |access-date=22 December 2020}}</ref> In December 2020, [[Cellebrite]] published a blog post announcing that one of their products could now access this key and use it to "decrypt the Signal app".<ref name="Ganor-2020-12-10">{{cite web |last1=Ganor |first1=Alon |title=Cellebrite's New Solution for Decrypting the Signal App |publisher=Cellebrite |access-date=22 December 2020 |url=https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ |archive-url=https://web.archive.org/web/20201210150311/https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ |archive-date=10 December 2020 |date=10 December 2020}}</ref><ref name="Snowden-2020-12-15">{{cite tweet |author=[[Edward Snowden]] |user=Snowden |number=1338859880384368641 |date=15 December 2020 |title=No, Cellebrite cannot decrypt Signal communications. What they sell is a forensic device cops connect to insecure, unlockable phones to download a bunch of popular apps' data more easily than doing it manually. They just added Signal to that app list. That's it. There's no magic. |access-date=22 December 2020}}</ref> Technology reporters later published articles about how Cellebrite had claimed to have the ability to "break into the Signal app" and "crack Signal's encryption".<ref>{{cite web |last1=Benjakob |first1=Omer |title=Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App |url=https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581 |work=Haaretz |access-date=22 December 2020 |date=14 December 2020 |archive-date=21 December 2020 |archive-url=https://web.archive.org/web/20201221224157/https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581 |url-status=live}}</ref><ref>{{Cite news |last=Wakefield |first=Jane |date=22 December 2020 |title=Signal: Cellebrite claimed to have cracked chat app's encryption |language=en-GB |work=BBC News |url=https://www.bbc.com/news/technology-55412230 |access-date=22 December 2020 |archive-date=24 December 2020 |archive-url=https://web.archive.org/web/20201224104727/https://www.bbc.com/news/technology-55412230 |url-status=live}}</ref> This latter interpretation was rejected by several experts,<ref>{{unbulleted list|{{cite tweet |author=[[Matthew D. Green]] |user=matthew_d_green |number=1337106648016547843 |date=10 December 2020 |title=Someone asked me what this Cellebrite post meant, and whether it's a big deal for Signal. From what I can see it just means Cellebrite can read your texts if they have your (unlocked) phone, which, duh. |access-date=22 December 2020}}|{{cite tweet |author=[[Edward Snowden]] |user=Snowden |number=1338859880384368641 |date=15 December 2020 |title=No, Cellebrite cannot decrypt Signal communications. What they sell is a forensic device cops connect to insecure, unlockable phones to download a bunch of popular apps' data more easily than doing it manually. They just added Signal to that app list. That's it. There's no magic. |access-date=22 December 2020}}|{{cite web |author1=[[Bruce Schneier]] |title=Cellebrite Can Break Signal |url=https://www.schneier.com/blog/archives/2020/12/cellebrite-can-break-signal.html |website=Schneier on Security |access-date=24 December 2020 |date=21 December 2020 |quote=I finally got the chance to read all of this more carefully, and it seems that all Cellebrite is doing is reading the texts off of a phone they can already access. To [''sic''] this has nothing to do with Signal at all. So: never mind. |archive-date=24 December 2020 |archive-url=https://web.archive.org/web/20201224002854/https://www.schneier.com/blog/archives/2020/12/cellebrite-can-break-signal.html |url-status=live}}|{{cite tweet |author=John Scott-Railton ([[Citizen Lab]]) |user=jsrailton |number=1341421365371559938 |date=22 December 2020 |title=Dangerous misunderstanding spreading that @Cellebrite_UFED can 'crack' & intercept @signalapp. This is FALSE. Modest reality: Cellebrite claimed to extract the Signal chat database from an unlocked Android in their possession. |access-date=24 December 2020}} }}</ref> as well as representatives from Signal, who said the original post by Cellebrite had been about accessing data on "an unlocked Android phone in their physical possession" and that they "could have just opened the app to look at the messages".<ref name="Marlinspike-2020-12-23">{{cite web |last1=Marlinspike |first1=Moxie |title=No, Cellebrite cannot 'break Signal encryption.' |url=https://signal.org/blog/cellebrite-and-clickbait/ |website=signal.org |publisher=Signal Messenger |access-date=24 December 2020 |date=23 December 2020 |archive-date=24 December 2020 |archive-url=https://web.archive.org/web/20201224002643/https://signal.org/blog/cellebrite-and-clickbait/ |url-status=live}}</ref><ref>{{cite tweet |author=Signal |user=signalapp |number=1339362791153487874 |date=17 December 2020 |title=No, Haaretz was duped. The original blog post was about accessing data on an unlocked Android phone in their physical possession. They could have just opened the app to look at the messages. |access-date=22 December 2020}}</ref> Similar extraction tools also exist for iOS devices and Signal Desktop.<ref>{{cite news |last1=Betz |first1=Bradford |title=Court documents show FBI may have tool to access private Signal messages on locked iPhones |url=https://www.foxbusiness.com/technology/fbi-tool-access-private-signal-messages-locked-iphones |access-date=14 February 2021 |work=FOXBusiness |date=9 February 2021 |archive-date=14 February 2021 |archive-url=https://web.archive.org/web/20210214003438/https://www.foxbusiness.com/technology/fbi-tool-access-private-signal-messages-locked-iphones |url-status=live }}</ref><ref>{{Cite web |last=Abrams |first=Lawrence |date=23 October 2018 |title=Signal Desktop Leaves Message Decryption Key in Plain Sight |url=https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/ |url-status=live |archive-url=https://archive.today/20190327174001/https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/ |archive-date=27 March 2019 |access-date=19 March 2021 |website=BleepingComputer |language=en-us}}</ref> |
|||
===Servers=== |
===Servers=== |
||
Signal relies on [[Centralized computing|centralized]] servers that are maintained by Signal Messenger. In addition to routing Signal's messages, the servers also facilitate the discovery of contacts who are also registered Signal users and the automatic [[key exchange|exchange]] of users' [[Public-key cryptography|public keys]]. By default, Signal's voice and video calls are [[peer-to-peer]].<ref name="Mott-2017-03-14"/> If the caller is not in the receiver's address book, the call is routed through a server in order to hide the users' [[IP address]]es.<ref name="Mott-2017-03-14"/> |
|||
Signal messages and calls are routed through Open Whisper Systems' servers. Open Whisper Systems has set up dozens of servers to handle the encrypted calls in more than 10 countries around the world to minimize latency.<ref name="wired3" /> According to the developers, Signal servers do not keep metadata about who called who and when.<ref name="theverge1" /> A network level adversary would only see encrypted data flowing into and out of the Signal infrastructure.<ref name="theverge1" /> All client-server communications are protected by [[Transport Layer Security|TLS]].<ref name="Frosch-2014" /><ref name="RedPhone-Encryption-Protocols" /> |
|||
====Contact discovery==== |
|||
Messages are handled by a [[Representational state transfer|REST]] API and [[Push technology|push messaging]] (both [[Google Cloud Messaging|GCM]] and APN).<ref name="TextSecure-Server" /> |
|||
The servers store registered users' phone numbers, public key material and push tokens which are necessary for setting up calls and transmitting messages.<ref name="privacy-policy">{{cite web |title=Privacy Policy |url=https://signal.org/legal/#privacy-policy |publisher=Signal Messenger LLC. |access-date=24 June 2018 |date=25 May 2018 |archive-date=24 June 2018 |archive-url=https://web.archive.org/web/20180624175800/https://signal.org/legal/#privacy-policy |url-status=live}}</ref> In order to determine which contacts are also Signal users, [[Cryptographic hash function|cryptographic hashes]] of the user's contact numbers are periodically transmitted to the server.<ref name="contact-discovery" /> The server then checks to see if those match any of the SHA256 hashes of registered users and tells the client if any matches are found.<ref name="contact-discovery" /> The hashed numbers are thereafter discarded from the server.<ref name="privacy-policy"/> In 2014, Moxie Marlinspike wrote that it is easy to calculate a map of all possible hash inputs to hash outputs and reverse the mapping because of the limited [[preimage]] space (the set of all possible hash inputs) of phone numbers, and that a "practical privacy preserving contact discovery remains an unsolved problem."<ref name="Rottermanner-2015-p4">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=4}}</ref><ref name="contact-discovery">{{cite web |url=https://signal.org/blog/contact-discovery/ |title=The Difficulty Of Private Contact Discovery |author=Moxie Marlinspike |date=3 January 2013 |publisher=Open Whisper Systems |access-date=14 January 2016 |archive-date=4 March 2016 |archive-url=https://web.archive.org/web/20160304015510/https://whispersystems.org/blog/contact-discovery/ |url-status=live}}</ref> In September 2017, Signal's developers announced that they were working on a way for the Signal client applications to "efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service."<ref name="private-contact-discovery">{{cite web |last1=Marlinspike |first1=Moxie |title=Technology preview: Private contact discovery for Signal |url=https://signal.org/blog/private-contact-discovery/ |publisher=Open Whisper Systems |access-date=28 September 2017 |date=26 September 2017 |archive-date=28 September 2017 |archive-url=https://web.archive.org/web/20170928043707/https://signal.org/blog/private-contact-discovery/ |url-status=live}}</ref><ref>{{cite magazine |last1=Greenberg |first1=Andy |title=Signal Has a Fix for Apps' Contact-Leaking Problem |url=https://www.wired.com/story/signal-contact-lists-private-secure-enclave |magazine=Wired |access-date=28 September 2017 |date=26 September 2017 |archive-date=27 September 2017 |archive-url=https://web.archive.org/web/20170927143335/https://www.wired.com/story/signal-contact-lists-private-secure-enclave |url-status=live}}</ref> |
|||
====Metadata==== |
|||
In order to determine which contacts are also Signal users, [[Cryptographic hash function|cryptographic hashes]] of the user's contact numbers are periodically transmitted to the server.<ref name="contact-discovery" /> The server then checks to see if those match any of the SHA256 hashes of registered users and tells the client if any matches are found.<ref name="contact-discovery" /> Moxie Marlinspike has written that it is easy to calculate a map of all possible hash inputs to hash outputs and reverse the mapping because of the limited [[preimage]] space (the set of all possible hash inputs) of phone numbers, and that "practical privacy preserving contact discovery remains an unsolved problem".<ref name="contact-discovery">{{cite web |url=https://whispersystems.org/blog/contact-discovery/|title=The Difficulty Of Private Contact Discovery |author=Moxie Marlinspike |date=3 January 2013 |publisher= Open Whisper Systems |accessdate=14 January 2016}}</ref> |
|||
All client-server communications are protected by [[Transport Layer Security|TLS]].<ref name="RedPhone-Encryption-Protocols">{{cite web |url=https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols |archive-url=https://web.archive.org/web/20150905192057/https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols |archive-date=5 September 2015 |title=Encryption Protocols |website=GitHub |last=Marlinspike |first=Moxie |date=17 July 2012 |access-date=8 January 2016}}</ref><ref>{{harvnb|Frosch|Mainka|Bader|Bergsma|2016|p=7}}</ref> Signal's developers have asserted that their servers do not keep logs about who called whom and when.<ref name="Brandom-2014-07-29" /> In June 2016, Marlinspike told ''[[The Intercept]]'' that "the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second".<ref name="Lee-2016-06-22">{{cite web |last1=Lee |first1=Micah |title=Battle of the Secure Messaging Apps: How Signal Beats WhatsApp |url=https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/ |website=The Intercept |publisher=First Look Media |access-date=6 September 2016 |date=22 June 2016 |archive-date=19 February 2017 |archive-url=https://web.archive.org/web/20170219051224/https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/ |url-status=live}}</ref> |
|||
The group messaging mechanism is designed so that the servers do not have access to |
The group messaging mechanism is designed so that the servers do not have access to the membership list, group title, or group icon.<ref name="Rottermanner-2015-p3"/> Instead, the creation, updating, joining, and leaving of groups is done by the clients, which deliver pairwise messages to the participants in the same way that one-to-one messages are delivered.<ref name="private-groups">{{cite web |url=https://signal.org/blog/private-groups/ |title=Private Group Messaging |publisher=Open Whisper Systems |author=Moxie Marlinspike |date=5 May 2014 |access-date=9 July 2014 |archive-date=14 July 2014 |archive-url=https://web.archive.org/web/20140714133409/https://whispersystems.org/blog/private-groups/ |url-status=live}}</ref><ref name="the-new-textsecure">{{cite web |url=https://signal.org/blog/the-new-textsecure/ |title=The New TextSecure: Privacy Beyond SMS |author=Moxie Marlinspike |date=24 February 2014 |publisher=Open Whisper Systems |access-date=26 February 2014 |archive-date=24 February 2014 |archive-url=https://web.archive.org/web/20140224200749/https://whispersystems.org/blog/the-new-textsecure/ |url-status=live}}</ref> |
||
====Federation==== |
|||
Signal's server architecture was [[Federation (information technology)|federated]] between December 2013 and February 2016. In December 2013, it was announced that the messaging protocol Signal uses had successfully been integrated into the Android-based open-source operating system [[CyanogenMod]].<ref>{{cite news |author=Andy Greenberg |url=https://www.forbes.com/sites/andygreenberg/2013/12/09/ten-million-more-android-users-text-messages-will-soon-be-encrypted-by-default/ |title=Ten Million More Android Users' Text Messages Will Soon Be Encrypted By Default |work=Forbes |date=9 December 2013 |access-date=28 February 2014 |archive-date=4 March 2014 |archive-url=https://web.archive.org/web/20140304100716/http://www.forbes.com/sites/andygreenberg/2013/12/09/ten-million-more-android-users-text-messages-will-soon-be-encrypted-by-default/ |url-status=live}}</ref><ref>{{cite news |author=Seth Schoen |url=https://www.eff.org/deeplinks/2013/12/2013-review-encrypting-web-takes-huge-leap-forward |title=2013 in Review: Encrypting the Web Takes A Huge Leap Forward |publisher=Electronic Frontier Foundation |date=28 December 2013 |access-date=1 March 2014 |archive-date=1 February 2014 |archive-url=https://web.archive.org/web/20140201093013/https://www.eff.org/deeplinks/2013/12/2013-review-encrypting-web-takes-huge-leap-forward |url-status=live}}</ref><ref name="cyanogen-integration" /> Since CyanogenMod 11.0, the client logic was contained in a system app called WhisperPush. According to Signal's developers, the Cyanogen team ran their own Signal messaging server for WhisperPush clients, which federated with the main server, so that both clients could exchange messages with each other.<ref name="cyanogen-integration">{{cite news |author=Moxie Marlinspike |url=https://signal.org/blog/cyanogen-integration/ |title=TextSecure, Now With 10 Million More Users |publisher=Open Whisper Systems |date=9 December 2013 |access-date=28 February 2014 |archive-date=25 February 2014 |archive-url=https://web.archive.org/web/20140225042302/https://www.whispersystems.org/blog/cyanogen-integration/ |url-status=live}}</ref> The WhisperPush source code was available under the GPLv3 license.<ref>{{cite web |url=https://github.com/CyanogenMod/android_external_whispersystems_WhisperPush |title=android_external_whispersystems_WhisperPush |author=CyanogenMod |website=GitHub |date=7 January 2014 |access-date=26 March 2015 |archive-date=28 June 2015 |archive-url=https://web.archive.org/web/20150628011341/https://github.com/CyanogenMod/android_external_whispersystems_WhisperPush |url-status=live}}</ref> In February 2016, the CyanogenMod team discontinued WhisperPush and recommended that its users switch to Signal.<ref>{{cite web |last1=Sinha |first1=Robin |title=CyanogenMod to Shutter WhisperPush Messaging Service on February 1 |url=https://www.gadgets360.com/mobiles/news/cyanogenmod-to-shutter-whisperpush-messaging-service-on-february-1-792064 |website=Gadgets360 |publisher=NDTV |access-date=17 March 2024 |date=20 January 2016 |archive-date=11 October 2016 |archive-url=https://web.archive.org/web/20161011034310/http://gadgets.ndtv.com/mobiles/news/cyanogenmod-to-shutter-whisperpush-messaging-service-on-february-1-792064 |url-status=live}}</ref> In May 2016, Moxie Marlinspike wrote that federation with the CyanogenMod servers had degraded the user experience and held back development, and that their servers will probably not federate with other servers again.<ref name="Edge-2016-05-18"/> |
|||
In May 2016, Moxie Marlinspike requested that a third-party client called LibreSignal not use the Signal service or the Signal name.<ref name="Edge-2016-05-18">{{cite web |url=https://lwn.net/Articles/687294/ |last=Edge |first=Jake |title=The perils of federated protocols |website=LWN.net |date=18 May 2016 |access-date=5 July 2016 |archive-date=14 September 2016 |archive-url=https://web.archive.org/web/20160914124807/https://lwn.net/Articles/687294/ |url-status=live}}</ref> As a result, on 24 May 2016 the LibreSignal project posted that the project was "abandoned".<ref>{{cite web |last=Le Bihan |first=Michel |url=https://github.com/LibreSignal/LibreSignal/blob/master/README.md |title=README.md |website=GitHub |publisher=LibreSignal |date=24 May 2016 |access-date=6 November 2016 |archive-date=27 June 2017 |archive-url=https://web.archive.org/web/20170627105032/https://github.com/LibreSignal/LibreSignal/blob/master/README.md |url-status=live}}</ref> The functionality provided by LibreSignal was subsequently incorporated into Signal by Marlinspike.<ref>{{Cite web |url=https://github.com/signalapp/Signal-Android/commit/1669731329bcc32c84e33035a67a2fc22444c24b |title=Support for using Signal without Play Services · signalapp/Signal-Android@1669731 |website=GitHub |language=en |access-date=3 January 2020 |archive-date=15 February 2020 |archive-url=https://web.archive.org/web/20200215092119/https://github.com/signalapp/Signal-Android/commit/1669731329bcc32c84e33035a67a2fc22444c24b |url-status=live}}</ref> |
|||
===Licensing=== |
===Licensing=== |
||
The complete [[source code]] of the Signal clients for Android and |
The complete [[source code]] of the Signal clients for Android, iOS and desktop is available on [[GitHub]] under a [[free software license]].<ref name="signal-ios-github" /><ref name="signal-android-github" /><ref name="signal-desktop-github" /> This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also allows advanced users to compile their own copies of the applications and compare them with the versions that are distributed by Signal Messenger. In March 2016, Moxie Marlinspike wrote that, apart from some shared libraries that are not compiled with the project build due to a lack of Gradle NDK support, Signal for Android is [[Deterministic compilation|reproducible]].<ref>{{cite web |last1=Marlinspike |first1=Moxie |title=Reproducible Signal builds for Android |url=https://signal.org/blog/reproducible-android/ |publisher=Open Whisper Systems |access-date=31 March 2016 |date=31 March 2016 |archive-date=15 May 2017 |archive-url=https://web.archive.org/web/20170515171632/https://whispersystems.org/blog/reproducible-android/ |url-status=live}}</ref> Signal's servers are partially open source, but the server software's anti-spam component is proprietary and closed source due to security concerns.<ref name="Signal-Server" /><ref>{{Cite web |title=Improving first impressions on Signal |url=https://signal.org/blog/keeping-spam-off-signal/ |access-date=5 December 2021 |website=Signal Messenger |language=en |archive-date=24 September 2023 |archive-url=https://web.archive.org/web/20230924194458/https://signal.org/blog/keeping-spam-off-signal/ |url-status=live }}</ref> |
||
==Reception== |
|||
The software that handles Signal's message routing is also open source.<ref name="TextSecure-Server" /> This enables anyone to examine the code. Even though it is not officially supported by Open Whisper Systems,<ref>{{cite web|last1=Kolenkina|first1=Masha|title=How can I host my own server?|url=http://support.whispersystems.org/hc/en-us/articles/214684227-How-can-I-host-my-own-server-|publisher=Open Whisper Systems|accessdate=4 January 2016|date=22 November 2015}}</ref> anyone can set up and host their own Signal server and messaging network. |
|||
===Security=== |
|||
In October 2014, the [[Electronic Frontier Foundation]] (EFF) included Signal in their updated surveillance self-defense guide.<ref name="eff-2014-10-23" /> In November 2014, Signal received a perfect score on the EFF's secure messaging scorecard;<ref name="eff-2014-11-04" /> it received points for having communications encrypted in transit, having communications encrypted with keys the provider does not have access to ([[end-to-end encryption]]), making it possible for users to independently verify their correspondents' identities, having past communications secure if the keys are stolen ([[forward secrecy]]), having the code open to independent review ([[Open-source software|open source]]), having the security designs well-documented, and having a recent independent security audit.<ref name="eff-2014-11-04" /> At the time, "[[ChatSecure]] + [[Orbot]]", [[Pidgin (software)|Pidgin]] (with [[Off-the-Record Messaging|OTR]]), [[Silent Circle (software)|Silent Phone]], and [[Telegram (software)|Telegram]]'s optional "secret chats" also received seven out of seven points on the scorecard.<ref name="eff-2014-11-04" /> |
|||
Former [[National Security Agency|NSA]] contractor [[Edward Snowden]] has endorsed Signal on multiple occasions.<ref name="Motherboard-2015-12-02"/> In his keynote speech at [[South by Southwest|SXSW]] in March 2014, he praised Signal's predecessors (TextSecure and RedPhone) for their ease of use.<ref name="Eddy-2014-03-11" /><ref name="thenewyorker-2014-10-11" /> In December 2014, {{lang|de|[[Der Spiegel]]}} leaked slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Signal's encrypted voice calling component (RedPhone) on its own as a "major threat" to its mission of accessing users' private data, and when used in conjunction with other privacy tools such as Cspace, [[Tor (anonymity network)|Tor]], [[Tails (operating system)|Tails]], and [[TrueCrypt]] was ranked as "catastrophic" and led to a "near-total loss/lack of insight to target communications [and] presence".<ref name="spiegel-staff-2014-12-28" /><ref name="spiegel-media-2014-12-28" /> |
|||
===Distribution=== |
|||
Signal is officially distributed only through [[Google Play]] and [[App Store (iOS)|App Store]]. Open Whisper Systems have declined requests to distribute the Android version of Signal through third-party distribution platforms.<ref name="Google-Play-Services">{{cite web |url=http://support.whispersystems.org/hc/en-us/articles/213190817-Why-do-I-need-Google-Play-installed-to-use-Signal-How-can-I-get-Signal-APK- |title= Why do I need Google Play installed to use Signal? How can I get Signal APK? |author=Kolenkina, Masha|publisher=Open Whisper Systems |date=25 November 2015 |accessdate=5 December 2015}}</ref> |
|||
Following the [[2016 Democratic National Committee email leak]], it was reported by ''[[Vanity Fair (magazine)|Vanity Fair]]'' that [[Marc Elias]] (the general counsel for [[Hillary Clinton]]'s presidential campaign) had instructed [[Democratic National Committee|DNC]] staffers to exclusively use Signal when saying anything negative about Republican presidential nominee [[Donald Trump]].<ref name="Bilton-2016-08-26">{{cite magazine |last1=Bilton |first1=Nick |title=How the Clinton Campaign Is Foiling the Kremlin |url=https://www.vanityfair.com/news/2016/08/how-the-clinton-campaign-is-foiling-the-kremlin |magazine=Vanity Fair |access-date=1 September 2016 |date=26 August 2016 |archive-date=29 August 2016 |archive-url=https://web.archive.org/web/20160829230558/http://www.vanityfair.com/news/2016/08/how-the-clinton-campaign-is-foiling-the-kremlin |url-status=live}}</ref><ref name="Blake-2016-08-27">{{cite web |last1=Blake |first1=Andrew |title=Democrats warned to use encryption weeks before email leaks |url=https://www.washingtontimes.com/news/2016/aug/27/dems-urged-encrypt-their-communications-weeks-prio/ |website=The Washington Times |publisher=The Washington Times, LLC |access-date=1 September 2016 |date=27 August 2016 |archive-date=1 September 2016 |archive-url=https://web.archive.org/web/20160901141312/http://www.washingtontimes.com/news/2016/aug/27/dems-urged-encrypt-their-communications-weeks-prio/ |url-status=live}}</ref> |
|||
Signal's predecessor (TextSecure) was briefly included in the [[F-Droid]] software repository in 2012, but was removed at the developer's request because it was an unverified build and exceptionally out of date. Open Whisper Systems have subsequently said that they will not support their applications being distributed through F-Droid because it does not provide timely software updates, relies on a centralized trust model and necessitates allowing the installation of apps from unknown sources which harms Android's security for average users.<ref name="Google-Play-Services" /> |
|||
In March 2017, Signal was approved by the sergeant at arms of the [[U.S. Senate]] for use by senators and their staff.<ref>{{cite web |last1=Whittaker |first1=Zack |title=In encryption push, Senate staff can now use Signal for secure messaging |url=https://www.zdnet.com/article/in-encryption-push-senate-approves-signal-for-encrypted-messaging/ |publisher=ZDNet |access-date=20 July 2017 |date=16 May 2017 |archive-date=19 July 2017 |archive-url=https://web.archive.org/web/20170719021847/http://www.zdnet.com/article/in-encryption-push-senate-approves-signal-for-encrypted-messaging/ |url-status=live}}</ref><ref>{{cite web |last1=Wyden |first1=Ron |title=Ron Wyden letter on Signal encrypted messaging |url=https://www.documentcloud.org/documents/3723701-Ron-Wyden-letter-on-Signal-encrypted-messaging.html |website=Documentcloud |publisher=Zack Whittaker, ZDNet |access-date=20 July 2017 |date=9 May 2017 |archive-date=6 June 2017 |archive-url=https://web.archive.org/web/20170606171205/https://www.documentcloud.org/documents/3723701-Ron-Wyden-letter-on-Signal-encrypted-messaging.html |url-status=live}}</ref> |
|||
==Reception== |
|||
On 27 September 2019, Natalie Silvanovich, a security engineer working in [[Google]]'s vulnerability research team at [[Project Zero]], disclosed how a bug in the [[Android (operating system)|Android]] Signal client could let an attacker spy on a user without their knowledge.<ref>{{cite web |url=https://saltdna.com/news/signal%27s-messenger-eavesdropping-exploit-saltdna-cto-shares-his-views |title=Signal's Messenger Eavesdropping Exploit – SaltDNA CTO Shares His Views |archive-url=https://web.archive.org/web/20200811034319/https://saltdna.com/news/signal's-messenger-eavesdropping-exploit-saltdna-cto-shares-his-views |archive-date=11 August 2020 |url-status=dead |access-date=24 September 2021}}</ref> The bug allowed an attacker to phone a target device, mute the call, and the call would complete – keeping the audio open but without the owner being aware of that (however they would still be aware of a ring and / or a vibration from the initial call).<ref>{{Cite web |url=https://bugs.chromium.org/p/project-zero/issues/detail?id=1943 |title=1943 – project-zero – Project Zero – Monorail |website=bugs.chromium.org |access-date=3 March 2021 |archive-date=28 March 2021 |archive-url=https://web.archive.org/web/20210328084042/https://bugs.chromium.org/p/project-zero/issues/detail?id=1943 |url-status=live }}</ref> The bug was fixed the same day that it was reported and patched in release 4.47.7 of the app for Android.<ref>{{cite web |url=https://www.forbes.com/sites/daveywinder/2019/10/05/signal-messenger-eavesdropping-exploit-confirmedwhat-you-need-to-know |title=Signal Messenger Eavesdropping Exploit Confirmed—What You Need to Know |website=[[Forbes]] |access-date=3 March 2021 |archive-date=17 February 2021 |archive-url=https://web.archive.org/web/20210217104318/https://www.forbes.com/sites/daveywinder/2019/10/05/signal-messenger-eavesdropping-exploit-confirmedwhat-you-need-to-know/ |url-status=live }}</ref> |
|||
In October 2014, the [[Electronic Frontier Foundation]] (EFF) included Signal in their updated surveillance self-defense guide.<ref name="eff2" /> In November 2014, "Signal / RedPhone" received a perfect score on the EFF's secure messaging scorecard;<ref name="eff3" /> they received points for having communications encrypted in transit, having communications encrypted with keys the providers don't have access to ([[end-to-end encryption]]), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen ([[forward secrecy]]), having their code open to independent review ([[open source]]), having their security designs well-documented, and having recent independent security audits.<ref name="eff3" /> {{As of|2015|7|10}}, "[[ChatSecure]] + [[Orbot]]", [[Cryptocat]], [[TextSecure]], [[Pidgin (software)|Pidgin]], [[Silent Circle (software)|Silent Phone]], [[Silent Circle (software)|Silent Text]], and [[Telegram (software)|Telegram]]'s secret chats also have seven out of seven points on the scorecard.<ref name="eff3" /> |
|||
In February 2020, the [[European Commission]] recommended that its staff use Signal.<ref name="Politico-European-Commission-Signal-2020-02-20">{{cite web |title=EU Commission to staff: Switch to Signal messaging app |url=https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/ |website=Politico EU |date=20 February 2020 |access-date=20 February 2020 |archive-date=20 February 2020 |archive-url=https://web.archive.org/web/20200220204534/https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/ |url-status=live}}</ref> Following the [[George Floyd protests]], which began in May 2020, Signal was downloaded 121,000 times in the U.S. between 25 May and 4 June.<ref>{{Cite web |last=Molla |first=Rani |date=3 June 2020 |title=From Citizen to Signal, the most popular apps right now reflect America's protests |url=https://www.vox.com/recode/2020/6/3/21278558/protest-apps-signal-citizen-twitter-instagram-george-floyd |access-date=7 June 2020 |website=Vox |language=en |archive-date=7 June 2020 |archive-url=https://web.archive.org/web/20200607045045/https://www.vox.com/recode/2020/6/3/21278558/protest-apps-signal-citizen-twitter-instagram-george-floyd |url-status=live}}</ref> In July 2020, Signal became the most downloaded app in [[Hong Kong]] on both the Apple App Store and the Google Play Store after the passage of the [[2020 Hong Kong national security law|Hong Kong national security law]].<ref>{{Cite web |last=Lee |first=Timothy B. |date=8 July 2020 |title=Hong Kong downloads of Signal surge as residents fear crackdown |url=https://arstechnica.com/tech-policy/2020/07/hong-kong-downloads-of-signal-surge-as-residents-fear-crackdown/ |access-date=12 July 2020 |website=Ars Technica |language=en-us |archive-date=11 July 2020 |archive-url=https://web.archive.org/web/20200711174108/https://arstechnica.com/tech-policy/2020/07/hong-kong-downloads-of-signal-surge-as-residents-fear-crackdown/ |url-status=live}}</ref> |
|||
On December 28, 2014, ''[[Der Spiegel]]'' published slides from an internal [[NSA]] presentation dating to June 2012 in which the NSA deemed RedPhone on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, [[Tor (anonymity network)|Tor]], [[Tails (operating system)|Tails]], and [[TrueCrypt]] was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."<ref name="spiegel1" /><ref name="spiegel2" /> |
|||
{{As of|2021|January}}, Signal is a contact method for securely providing tips to major news outlets such as ''[[The Washington Post]]'',<ref>{{Cite news |title=How to share documents and news tips with Washington Post journalists. |url=https://www.washingtonpost.com/anonymous-news-tips/ |url-status=live |access-date=17 January 2021 |newspaper=The Washington Post |language=en |archive-date=4 June 2020 |archive-url=https://web.archive.org/web/20200604180541/https://www.washingtonpost.com/anonymous-news-tips/}}</ref> ''[[The Guardian]]'',<ref>{{Cite web |last1=Hoyland |first1=Luke |last2=Fenn |first2=Chris |title=Contact the Guardian securely |url=http://www.theguardian.com/help/ng-interactive/2017/mar/17/contact-the-guardian-securely |access-date=17 January 2021 |website=The Guardian |language=en |archive-date=7 January 2021 |archive-url=https://web.archive.org/web/20210107215254/https://www.theguardian.com/help/ng-interactive/2017/mar/17/contact-the-guardian-securely |url-status=live}}</ref> ''[[The New York Times]]'',<ref>{{Cite news |date=14 December 2016 |title=Tips |language=en-US |work=The New York Times |url=https://www.nytimes.com/tips |url-status=live |access-date=17 January 2021 |issn=0362-4331 |archive-date=9 June 2020 |archive-url=https://web.archive.org/web/20200609200034/https://www.nytimes.com/tips}}</ref> and ''[[The Wall Street Journal]]''.<ref>{{Cite web |title=WSJ.com Secure Drop |url=https://www.wsj.com/tips |url-status=live |access-date=17 January 2021 |website=The Wall Street Journal |archive-date=24 July 2020 |archive-url=https://web.archive.org/web/20200724052433/https://www.wsj.com/tips}}</ref> |
|||
Former [[NSA]] contractor [[Edward Snowden]] has endorsed Open Whisper Systems' applications on multiple occasions. In his keynote speech at [[South by Southwest|SXSW]] in March 2014, he praised TextSecure and RedPhone for their ease-of-use.<ref name="pcmag-snowden" /> During an interview with [[The New Yorker]] in October 2014, he recommended using "anything from Moxie Marlinspike and Open Whisper Systems".<ref name="thenewyorker-snowden" /> During a remote appearance at an event hosted by [[Ryerson University]] and [[Canadian Journalists for Free Expression]] in March 2015, Snowden said that Signal is "very good" and that he knew the security model.<ref name="dailydot-snowden" /> Asked about encrypted messaging apps during a [[Reddit]] AMA in May 2015, he recommended “Signal for iOS, Redphone/TextSecure for Android”.<ref name="theguardian-snowden" /><ref name="voxmedia-snowden" /> |
|||
[[Candiru (spyware company)|Candiru]] claims the ability to capture data from Signal Private Messenger with their spyware, at a fee of €500,000.<ref name="Citizen Lab">{{Cite journal |date=15 July 2021 |title=Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus |url=https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ |access-date=20 July 2021 |website=The Citizen Lab |language=en-US |last1=Marczak |first1=Bill |last2=Scott-Railton |first2=John |last3=Berdan |first3=Kristin |last4=Razzak |first4=Bahr Abdul |last5=Deibert |first5=Ron |archive-date=29 May 2023 |archive-url=https://web.archive.org/web/20230529224455/https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ |url-status=live }}</ref> |
|||
In September 2015, the [[American Civil Liberties Union]] called on officials at the [[U.S. Capitol]] to ensure that lawmakers and staff members have secure communications technology.<ref>{{cite news|last1=Nakashima|first1=Ellen|title=ACLU calls for encryption on Capitol Hill|url=https://www.washingtonpost.com/news/the-switch/wp/2015/09/22/aclu-calls-for-encryption-on-capitol-hill/|accessdate=22 September 2015|work=The Washington Post|publisher=Nash Holdings LLC|date=22 September 2015}}</ref> One of the applications that the ACLU recommended in their letter to the [[Sergeant at Arms of the United States Senate|Senate Sergeant at Arms]] and to the [[Sergeant at Arms of the United States House of Representatives|House Sergeant at Arms]] was Signal, writing: |
|||
{{quote|One of the most widely respected encrypted communication apps, Signal, from Open Whisper Systems, has received significant financial support from the U.S. government, has been audited by independent security experts, and is now widely used by computer security professionals, many of the top national security journalists, and public interest advocates. Indeed, members of the ACLU’s own legal department regularly use Signal to make encrypted telephone calls.<ref>{{cite web|last1=Macleod-Ball|first1=Michael W.|last2=Rottman|first2=Gabe|last3=Soghoian|first3=Christopher|authorlink3=Christopher Soghoian|title=The Civil Liberties Implications of Insecure Congressional Communications and the Need for Encryption|url=https://www.aclu.org/sites/default/files/field_document/encrypt_congress_letter_final.pdf|publisher=American Civil Liberties Union|accessdate=22 September 2015|location=Washington, DC|pages=5–6|format=PDF|date=22 September 2015}}</ref>}} |
|||
On 9 August 2022, [[Ismail Sabri Yaakob]], the [[Prime Minister of Malaysia]], reported that his Signal account was "hacked" and infiltrated by a third party, sending out messages and impersonating the politician. No details were disclosed regarding the method used to gain access to the account.<ref>{{cite web |title=PM lodges report over hacked Telegram, Signal accounts |url=https://www.thestar.com.my/news/nation/2022/08/09/pm-lodges-report-over-hacked-telegram-signal-accounts |work=The Star |access-date=9 August 2022 |archive-date=9 August 2022 |archive-url=https://web.archive.org/web/20220809012705/https://www.thestar.com.my/news/nation/2022/08/09/pm-lodges-report-over-hacked-telegram-signal-accounts |url-status=live }}</ref> |
|||
==Developers== |
|||
{{Main|Open Whisper Systems}} |
|||
Signal is developed by Open Whisper Systems, a [[Nonprofit organization|nonprofit]] software group<ref name="mashable2" /> that develops collaborative [[Open Source]] projects with a mission to "make private communication simple".<ref name="about" /> The group consists of a large community of volunteer Open Source contributors, as well as a small team of dedicated grant-funded developers.<ref name="about" /> Open Whisper Systems is funded by a combination of donations and grants, and all of its products are published as [[free and open-source software]] under the terms of the [[GNU General Public License]] (GPL) version 3. |
|||
===In-app payments=== |
|||
The project has received financial support from, among others, the [[Freedom of the Press Foundation]],<ref name="pressfreedomfoundation" /> the [[Knight Foundation]],<ref name="knightfoundation" /> the [[Shuttleworth Foundation]],<ref name="shuttleworthfoundation" /> and the [[Open Technology Fund]],<ref name="opentechfund" /> a U.S. government funded program that has also supported other privacy projects like the anonymity software [[Tor (anonymity network)|Tor]] and the encrypted instant messaging website [[Cryptocat]]. |
|||
In April 2021, Signal announced the addition of a [[cryptocurrency wallet]] feature that would allow users to send and receive payments in [[MobileCoin]].<ref>{{cite magazine |last1=Greenberg |first1=Andy |title=Signal Adds a Payments Feature—With a Privacy-Focused Cryptocurrency |url=https://www.wired.com/story/signal-mobilecoin-payments-messaging-cryptocurrency/ |magazine=Wired |access-date=12 January 2022 |date=6 April 2021 |archive-date=8 April 2021 |archive-url=https://web.archive.org/web/20210408155920/https://www.wired.com/story/signal-mobilecoin-payments-messaging-cryptocurrency/ |url-status=live }}</ref> This received criticism from security expert [[Bruce Schneier]], who had previously praised the software. Schneier stated that this would bloat the client and attract unwanted attention from the authorities.<ref>{{Cite web |date=7 April 2021 |title=Signal Adds Cryptocurrency Support |url=https://www.schneier.com/blog/archives/2021/04/wtf-signal-adds-cryptocurrency-support.html |access-date=8 April 2021 |website=Schneier on Security |archive-date=8 April 2021 |archive-url=https://web.archive.org/web/20210408015642/https://www.schneier.com/blog/archives/2021/04/wtf-signal-adds-cryptocurrency-support.html |url-status=live }}</ref> The wallet functionality was initially only available in certain countries, but was later enabled globally in November 2021.<ref name="Greenberg-2022-01-06"/> |
|||
== |
===Blocking=== |
||
[[File:Countries_where_Signal_provides_domain_fronting.svg|thumb|400px|{{legend|#346733|Countries where Signal's domain fronting is enabled by default|border=1px #555 solid}}{{legend|#8E0000|Countries where Signal is blocked (March 2021)|border=1px #555 solid}}]] |
|||
{{Portal| Freedom of speech | Free software | Cryptography | Telecommunications}} |
|||
In December 2016, [[Egypt]] blocked access to Signal.<ref>{{cite web |last1=Cox |first1=Joseph |title=Signal Claims Egypt Is Blocking Access to Encrypted Messaging App |url=https://www.vice.com/en/article/nz755w/signal-claims-egypt-is-blocking-access-to-encrypted-messaging-app |website=Motherboard |publisher=Vice Media LLC |access-date=17 March 2024 |date=19 December 2016 |archive-date=29 June 2017 |archive-url=https://web.archive.org/web/20170629080022/https://motherboard.vice.com/en_us/article/nz755w/signal-claims-egypt-is-blocking-access-to-encrypted-messaging-app |url-status=live}}</ref> In response, Signal's developers added [[domain fronting]] to their service.<ref name="doodles-stickers-censorship"/> This allows Signal users in a specific country to circumvent censorship by making it look like they are connecting to a different internet-based service.<ref name="doodles-stickers-censorship">{{cite web |last1=Marlinspike |first1=Moxie |title=Doodles, stickers, and censorship circumvention for Signal Android |url=https://signal.org/blog/doodles-stickers-censorship/ |publisher=Open Whisper Systems |access-date=20 July 2017 |date=21 December 2016 |archive-date=28 December 2016 |archive-url=https://web.archive.org/web/20161228221206/https://whispersystems.org/blog/doodles-stickers-censorship/ |url-status=live}}</ref><ref name="Greenberg-2016-12-21">{{cite magazine |last1=Greenberg |first1=Andy |title=Encryption App 'Signal' Fights Censorship with a Clever Workaround |url=https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/ |magazine=Wired |access-date=20 July 2017 |date=21 December 2016 |archive-date=11 July 2017 |archive-url=https://web.archive.org/web/20170711183009/https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/ |url-status=live}}</ref> {{As of|May 2022}}, Signal's domain fronting is enabled by default in Egypt, [[United Arab Emirates|UAE]], [[Oman]], [[Qatar]], [[Iran]], [[Cuba]], [[Uzbekistan]] and [[Ukraine]].<ref>{{cite web |title=SignalServiceNetworkAccess.kt |url=https://github.com/signalapp/Signal-Android/blob/main/app/src/main/java/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.kt |access-date=17 May 2022 |website=GitHub |publisher=Signal Foundation |archive-date=17 May 2022 |archive-url=https://web.archive.org/web/20220517023825/https://github.com/signalapp/Signal-Android/blob/main/app/src/main/java/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.kt |url-status=live }}</ref> |
|||
* [[Comparison of instant messaging clients]] |
|||
* [[Comparison of VoIP software]] |
|||
* [[Internet privacy]] |
|||
* [[Secure communication]] |
|||
{{Clear}} |
|||
{{As of|January 2018}}, Signal was blocked in Iran.<ref name="Frenkel-2018-1-2">{{cite web |last1=Frenkel |first1=Sheera |title=Iranian Authorities Block Access to Social Media Tools |url=https://www.nytimes.com/2018/01/02/technology/iran-protests-social-media.html |website=The New York Times |access-date=15 January 2018 |date=2 January 2018 |archive-date=16 January 2018 |archive-url=https://web.archive.org/web/20180116135145/https://www.nytimes.com/2018/01/02/technology/iran-protests-social-media.html |url-status=live}}</ref><ref name="issue-7311">{{cite web |title=Domain Fronting for Iran #7311 |url=https://github.com/signalapp/Signal-Android/issues/7311 |website=GitHub |access-date=17 March 2024 |date=1 January 2018}}</ref> Signal's domain fronting feature relies on the [[Google App Engine]] (GAE) service.<ref name="issue-7311"/><ref name="Frenkel-2018-1-2"/> This does not work in Iran because Google has blocked Iranian access to GAE in order to comply with U.S. sanctions.<ref name="Frenkel-2018-1-2"/><ref>{{cite web |last1=Brandom |first1=Russell |title=Iran blocks encrypted messaging apps amid nationwide protests |url=https://www.theverge.com/2018/1/2/16841292/iran-telegram-block-encryption-protest-google-signal |website=The Verge |access-date=23 March 2018 |date=2 January 2018 |archive-date=22 March 2018 |archive-url=https://web.archive.org/web/20180322015257/https://www.theverge.com/2018/1/2/16841292/iran-telegram-block-encryption-protest-google-signal |url-status=live}}</ref> |
|||
==References== |
|||
{{reflist|colwidth=30em|refs= |
|||
In early 2018, [[Google App Engine]] made an internal change to stop domain fronting for all countries. Due to this issue, Signal made a public change to use [[Amazon CloudFront]] for domain fronting. However, [[Amazon Web Services|AWS]] also announced that they would be making changes to their service to prevent domain fronting. As a result, Signal said that they would start investigating new methods/approaches.<ref>{{Cite web |last=Marlinspike |first=Moxie |title=A letter from Amazon |url=https://signal.org/blog/looking-back-on-the-front/ |website=signal.org |publisher=Open Whisper Systems |date=1 May 2018 |access-date=10 January 2019 |archive-date=3 January 2019 |archive-url=https://web.archive.org/web/20190103125121/https://signal.org/blog/looking-back-on-the-front/ |url-status=live}}</ref><ref>{{cite web |last1=Gallagher |first1=Sean |title=Amazon blocks domain fronting, threatens to shut down Signal's account |url=https://arstechnica.com/information-technology/2018/05/amazon-blocks-domain-fronting-threatens-to-shut-down-signals-account/ |website=Ars Technica |access-date=23 January 2019 |date=2 May 2018 |archive-date=24 January 2019 |archive-url=https://web.archive.org/web/20190124041528/https://arstechnica.com/information-technology/2018/05/amazon-blocks-domain-fronting-threatens-to-shut-down-signals-account/ |url-status=live}}</ref> Signal switched from AWS back to Google in April 2019.<ref>{{cite web |last1=Parrelli |first1=Greyson |title=Attempt to resolve connectivity problems for some users. |url=https://github.com/signalapp/Signal-Android/commit/9aed2343c141b1b3809f7eaccce61c22e342fda7 |website=GitHub |publisher=Signal Messenger LLC |access-date=2 May 2019 |date=4 April 2019 |archive-date=17 January 2021 |archive-url=https://web.archive.org/web/20210117005234/https://github.com/signalapp/Signal-Android/commit/9aed2343c141b1b3809f7eaccce61c22e342fda7 |url-status=live}}</ref> |
|||
<ref name="mashable2">{{cite web|last1=Franceschi-Bicchierai|first1=Lorenzo|title=WhatsApp messages now have Snowden-approved encryption on Android|url=http://mashable.com/2014/11/18/whatsapp-encryption-textsecure/|publisher=Mashable|accessdate=23 January 2015|date=18 November 2014}}</ref> |
|||
In January 2021, Iran removed the app from app stores,<ref>{{Cite news |date=15 January 2021 |title=حذف سیگنال از فروشگاههای نرمافزار آنلاین در ایران |url=https://www.bbc.com/persian/iran-55679732 |access-date=17 January 2021 |website=BBC News فارسی |language=fa |archive-date=17 January 2021 |archive-url=https://web.archive.org/web/20210117075004/https://www.bbc.com/persian/iran-55679732 |url-status=live }}</ref><ref>{{Cite news |title=پیامرسان سیگنال به "دستور کمیته فیلترینگ" از فروشگاههای آنلاین در ایران حذف شد |url=https://www.radiofarda.com/a/signal-app-iran-government/31047041.html |access-date=17 January 2021 |website=رادیو فردا |language=fa |publisher=[[Radio Farda]] |archive-date=13 December 2023 |archive-url=https://web.archive.org/web/20231213150316/https://www.radiofarda.com/a/signal-app-iran-government/31047041.html |url-status=live }}</ref> and blocked Signal.<ref>{{cite news |title=Signal Blocked by Iran as Encrypted Messaging App's Popularity Explodes |url=https://gizmodo.com/signal-blocked-by-iran-as-encrypted-messaging-apps-popu-1846141987 |first=Rhett |last=Jones |website=Gizmodo |date=27 January 2021 |access-date=28 January 2021 |archive-date=28 January 2021 |archive-url=https://web.archive.org/web/20210128111300/https://gizmodo.com/signal-blocked-by-iran-as-encrypted-messaging-apps-popu-1846141987 |url-status=live }}</ref> Signal was later blocked by China in March 2021, followed by its removal from the App Store in China on 19 April 2024.<ref>{{cite web |last1=Liao |first1=Rita |title=Rising encrypted app Signal is down in China |url=https://techcrunch.com/2021/03/15/signal-is-down-in-china/ |website=TechCrunch |access-date=16 March 2021 |date=15 March 2021 |archive-date=16 March 2021 |archive-url=https://web.archive.org/web/20210316022725/https://techcrunch.com/2021/03/15/signal-is-down-in-china/ |url-status=live }}</ref><ref>{{cite web |last1=Lomas |first1=Natasha |title=Apple pulls WhatsApp, Threads from China App Store following state order |url=https://techcrunch.com/2024/04/19/threads-whatsapp-removed-from-china-app-store/ |website=TechCrunch |access-date=19 April 2024 |date=19 April 2024}}</ref> |
|||
<ref name="Frosch-2014">{{cite web|title=How Secure is TextSecure? |last1=Frosch |first1=Tilman |last2=Mainka |first2=Christian |last3=Bader |first3=Christoph |last4=Bergsma |first4=Florian |last5=Schwenk |first5=Jörg |last6=Holz |first6=Thorsten |publisher=Horst Görtz Institute for IT Security, Ruhr University Bochum |url=https://eprint.iacr.org/2014/904.pdf |format=PDF |accessdate=4 November 2014}}</ref> |
|||
On August 9, 2024, Signal was blocked in Russia. [[Roskomnadzor]] claimed that this was due to "violations of the law on combating terrorism and extremism".<ref name=Verge2024/><ref>{{Cite web|url=https://www.kommersant.ru/doc/6890199|title=Мессенджер Signal заблокирован в России|language=ru|date=2024-08-09|website=[Kommersant]}}</ref> Around the same, Signal was also blocked in Venezuela following the contested [[2024 Venezuelan presidential election|2024 presidential election]] and subsequent protests.<ref name=Verge2024>{{Cite web |last=Peters |first=Jay |date=2024-08-09 |title=Signal has been blocked by Venezuela and Russia |url=https://www.theverge.com/2024/8/9/24217008/signal-blocked-venezuela-russia |access-date=2024-08-14 |website=The Verge |language=en}}</ref> |
|||
<ref name="theregister1">{{cite web|last1=Pauli|first1=Darren|title=Auditors find encrypted chat client TextSecure is secure|url=http://www.theregister.co.uk/2014/11/03/how_secure_is_textsecure_pretty_well_secure/|publisher= The Register |accessdate=4 November 2014}}</ref> |
|||
===Audience=== |
|||
<ref name="theintercept1">{{cite news|first=Micah |last=Lee |url=https://firstlook.org/theintercept/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text/ |title=You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone |publisher=The Intercept |date=2015-03-02 |accessdate=2015-03-03}}</ref> |
|||
==== Use by activists ==== |
|||
In 2020, the app was used for coordination and communication by protesters during the [[George Floyd protests]] as they relied on the app's end-to-end encryption to share information securely.<ref>{{cite web |last1=Nierenberg |first1=Amelia |title=Signal Downloads Are Way Up Since the Protests Began |url=https://www.nytimes.com/2020/06/11/style/signal-messaging-app-encryption-protests.html |website=The New York Times |date=11 June 2020 |access-date=12 May 2023 |archive-date=25 June 2020 |archive-url=https://web.archive.org/web/20200625005732/https://www.nytimes.com/2020/06/11/style/signal-messaging-app-encryption-protests.html |url-status=live }}</ref> |
|||
In March 2021, the [[United Nations]] recommended Myanmar residents use Signal and [[Proton Mail]] to pass and preserve evidence of human rights violations committed during the [[2021 Myanmar coup d'état|2021 coup]].<ref>{{Cite news |last=Nebehay |first=Stephanie |date=17 March 2021 |title=U.N. team seeks evidence linking Myanmar military leaders to crimes |language=en |work=Reuters |url=https://www.reuters.com/article/us-myanmar-politics-un-crimes-idUSKBN2B90XV |access-date=24 March 2021 |archive-date=25 March 2021 |archive-url=https://web.archive.org/web/20210325105220/https://www.reuters.com/article/us-myanmar-politics-un-crimes-idUSKBN2B90XV |url-status=live }}</ref> |
|||
<ref name="forbes1">{{cite news |first=Andy |last=Greenberg |url=http://www.forbes.com/sites/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/ |title=Android App Aims to Allow Wiretap-Proof Cell Phone Calls |publisher=Forbes |date=2010-05-25 |accessdate=2014-02-28}}</ref> |
|||
====Controversial use==== |
|||
<ref name="welcome">{{cite news |url=https://whispersystems.org/blog/welcome/ |title= A New Home |publisher=Open Whisper Systems |date=2013-01-21 |accessdate=2014-03-01}}</ref> |
|||
Signal's [[terms of service]] states that the product may not be used to violate the law.<ref name="Newton-2021-01-26"/> According to a former employee, Signal's leadership at the time told him they would say something "if and when people start abusing Signal or doing things that we think are terrible".<ref name="Newton-2021-01-26"/> In January 2021, the position of Signal's leadership was to take a "hands-off approach to moderation" as the company's employees are not able to read user messages and the Signal Foundation does not "want to be a media company".<ref name="Newton-2021-01-26">{{Cite web |last=Newton |first=Casey |title=🚨 The battle inside Signal |url=https://www.platformer.news/-the-battle-inside-signal/ |date=26 January 2021 |access-date=17 March 2024 |website=platformer.news |language=en |archive-date=13 December 2023 |archive-url=https://web.archive.org/web/20231213150315/https://www.platformer.news/p/-the-battle-inside-signal |url-status=live }}</ref><ref name="Cohn-Gordon-2016"/> |
|||
In 2016, authorities in [[India]] arrested members of a suspected [[ISIS]]-affiliated terrorist cell that communicated via Signal.<ref>{{cite news |last1=Tripathi |first1=Rahul |date=11 April 2016 |title=Dangerous Signal: This encrypted app is helping ISIS members in India to communicate |work=[[The Times of India]] |url=https://telecom.economictimes.indiatimes.com/news/dangerous-signal-this-encrypted-app-is-helping-isis-members-in-india-to-communicate/51774226 |access-date=13 January 2021 |quote=A group of terrorist suspects in India said to be inspired by Islamic State wanted to emulate US whistleblower Edward Snowden and use encrypted communication tool Signal to stay in touch, it was revealed in interrogation by the National Investigation Agency (NIA). |archive-date=30 September 2020 |archive-url=https://web.archive.org/web/20200930225330/https://telecom.economictimes.indiatimes.com/news/dangerous-signal-this-encrypted-app-is-helping-isis-members-in-india-to-communicate/51774226 |url-status=live}}</ref> |
|||
<ref name="arstechnica1">{{cite news |url=http://arstechnica.com/security/2015/03/now-you-can-easily-send-free-encrypted-messages-between-android-ios/ |title=Now you can easily send (free!) encrypted messages between Android, iOS |publisher=Ars Technica |first=Megan |last=Geuss |date= 2015-03-03 |accessdate=2015-03-03}}</ref> |
|||
[[Radical right (United States)|Radical right-wing]] militias and white nationalists use Signal for organizing their actions, including the [[Unite the Right II]] rally in 2018.<ref>{{cite news |last1=Frenkel |first1=Sheera |quote=In the days since rioters stormed Capitol Hill, fringe groups like armed militias, QAnon conspiracy theorists and far-right supporters of President Trump have vowed to continue their fight in hundreds of conversations on a range of internet platforms. Some of the organizers have moved to encrypted messaging apps like Telegram and Signal, which cannot be as easily monitored as social media platforms. |title=Fringe Groups Splinter Online After Facebook and Twitter Bans |url=https://www.nytimes.com/2021/01/11/technology/fringe-groups-splinter-online-after-facebook-and-twitter-bans.html |access-date=13 January 2021 |work=[[The New York Times]] |date=11 January 2021 |archive-date=12 January 2021 |archive-url=https://web.archive.org/web/20210112141817/https://www.nytimes.com/2021/01/11/technology/fringe-groups-splinter-online-after-facebook-and-twitter-bans.html |url-status=live}}</ref><ref>{{cite news |last1=Glaser |quote=This year, Kessler and his fellow white nationalist co-organizers switched much of their rally planning throughout the summer to private groups on Facebook Messenger and the encrypted texting app Signal... |first1=April |title=How White Supremacists Planned Their Rally in D.C. |url=https://slate.com/technology/2018/08/how-white-supremacists-planned-their-rally-in-d-c-and-what-it-tells-us-about-the-strength-of-their-movement.html |access-date=13 January 2021 |work=[[Slate (magazine)|Slate]] |date=11 August 2018 |archive-date=24 December 2020 |archive-url=https://web.archive.org/web/20201224231522/https://slate.com/technology/2018/08/how-white-supremacists-planned-their-rally-in-d-c-and-what-it-tells-us-about-the-strength-of-their-movement.html |url-status=live}}</ref><ref>{{cite news |quote=Telegram and Signal are far more stable and secure and could prove more enduring homes and recruitment stations for far-right groups. |last1=Daly |first1=Kye |title=The online far right is moving underground |url=https://www.axios.com/the-online-far-right-is-moving-underground-e429d45d-1b30-46e0-82a3-6e240bf44fef.html |access-date=12 January 2021 |work=[[Axios (website)|Axios]] |date=11 January 2021 |archive-date=12 January 2021 |archive-url=https://web.archive.org/web/20210112144650/https://www.axios.com/the-online-far-right-is-moving-underground-e429d45d-1b30-46e0-82a3-6e240bf44fef.html |url-status=live}}</ref><ref>{{cite news |last1=Glaser |first1=April |title=White Supremacists Still Have a Safe Space Online |url=https://slate.com/technology/2018/10/discord-safe-space-white-supremacists.html |quote=A year later, in the runup to an ultimately barely attended sequel to Unite the Right in D.C., organizers appeared to stay off the platform, opting instead to discuss logistics over Facebook Messenger and the encrypted texting app Signal. |access-date=12 January 2021 |work=[[Slate (magazine)|Slate]] |date=9 October 2018 |archive-date=6 January 2021 |archive-url=https://web.archive.org/web/20210106084707/https://slate.com/technology/2018/10/discord-safe-space-white-supremacists.html |url-status=live}}</ref> |
|||
<ref name="spiegel2">{{cite web|title=Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not|url=http://www.spiegel.de/media/media-35535.pdf|publisher=''Der Spiegel''|accessdate=23 January 2015|format=PDF|date=28 December 2014}}</ref> |
|||
The claim that Signal is used to fund terrorist or criminal activities is the justification for [[Turkey]] to criminalize the app for the general population, which [[Abdullah Bozkurt]] claims is a way the "government abuses its counterterrorism laws to punish critics, opponents and dissidents."<ref>{{Cite web |date=2021-07-08 |title=Secure messaging app Signal has been effectively criminalized in Turkey – Nordic Monitor |url=https://nordicmonitor.com/2021/07/secure-messaging-app-signal-has-been-effectively-criminalised-in-turkey/ |access-date=2023-12-25 |website=nordicmonitor.com |language=en-US |archive-date=25 December 2023 |archive-url=https://web.archive.org/web/20231225233656/https://nordicmonitor.com/2021/07/secure-messaging-app-signal-has-been-effectively-criminalised-in-turkey/ |url-status=live }}</ref><ref>{{Cite web |title=Turkey's new media law is bad news – but don't report it |url=https://www.brookings.edu/articles/turkeys-new-media-law-is-bad-news-but-dont-report-it/ |access-date=2023-12-25 |website=Brookings |language=en-US |archive-date=25 December 2023 |archive-url=https://web.archive.org/web/20231225233306/https://www.brookings.edu/articles/turkeys-new-media-law-is-bad-news-but-dont-report-it/ |url-status=live }}</ref> |
|||
<ref name="spiegel1">{{cite news|author=SPIEGEL Staff|title=Prying Eyes: Inside the NSA's War on Internet Security|url=http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html|newspaper=Der Spiegel|accessdate=23 January 2015|date=28 December 2014}}</ref> |
|||
== See also == |
|||
<ref name="venturebeat1">{{cite web|date=28 November 2011 |first=Tom |last=Cheredar |url= http://venturebeat.com/2011/11/28/twitter-buys-whisper-systems/ |title=Twitter acquires Android security startup Whisper Systems |publisher=VentureBeat |accessdate=2011-12-21}}</ref> |
|||
{{Portal| Freedom of speech | Free and open-source software | Telecommunications}} |
|||
* [[Comparison of cross-platform instant messaging clients]] |
|||
* [[Comparison of VoIP software]] |
|||
* [[Internet privacy]] |
|||
* [[List of video telecommunication services and product brands]] |
|||
* [[Secure communication]] |
|||
{{Clear}} |
|||
== Notes == |
|||
<ref name="forbes2">{{cite news|first=Andy |last=Greenberg |url=http://www.forbes.com/sites/andygreenberg/2011/11/28/twitter-acquires-moxie-marlinspikes-encryption-startup-whisper-systems/ |title=Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems |publisher=Forbes |date=2011-11-28 |accessdate=2011-12-21}}</ref> |
|||
{{notelist}} |
|||
==References== |
|||
<ref name="mashable1">{{cite news |url=http://mashable.com/2011/12/20/textsecure-open-source/ |first=Pete |last=Pachal |title=Twitter Takes TextSecure, Texting App for Dissidents, Open Source |publisher=Mashable |date= 2011-12-20 |accessdate=2014-03-01}}</ref> |
|||
{{reflist|refs= |
|||
<ref name="Pauli-2014-11-03">{{cite web |last1=Pauli |first1=Darren |title=Auditors find encrypted chat client TextSecure is secure |url=https://www.theregister.com/2014/11/03/how_secure_is_textsecure_pretty_well_secure/ |website=The Register |access-date=17 March 2024 |archive-date=4 November 2014 |archive-url=https://web.archive.org/web/20141104060458/http://www.theregister.co.uk/2014/11/03/how_secure_is_textsecure_pretty_well_secure/ |url-status=live}}</ref> |
|||
<ref name="businessweek1">{{cite web|url=http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=141104009|title=Company Overview of Whisper Systems Inc. |publisher=Bloomberg Businessweek |date= |accessdate=2014-03-04}}</ref> |
|||
<ref name="Lee-2015-03-02">{{cite web |first=Micah |last=Lee |url=https://theintercept.com/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text/ |title=You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone |website=The Intercept |date=2 March 2015 |access-date=17 March 2024 |archive-date=3 March 2015 |archive-url=https://web.archive.org/web/20150303052746/https://firstlook.org/theintercept/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text/ |url-status=live}}</ref> |
|||
<ref name="wired1">{{cite news|last=Garling |first=Caleb |url=http://www.wired.com/wiredenterprise/2011/12/twitter-open-sources-its-android-moxie/ |title=Twitter Open Sources Its Android Moxie | Wired Enterprise |publisher=Wired |date= 20 December 2011 |accessdate= 21 December 2011}}</ref> |
|||
<ref name="Greenberg-2010-05-25">{{cite news |first=Andy |last=Greenberg |url=https://www.forbes.com/sites/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/ |title=Android App Aims to Allow Wiretap-Proof Cell Phone Calls |work=Forbes |date=25 May 2010 |access-date=28 February 2014 |archive-date=21 January 2012 |archive-url=https://web.archive.org/web/20120121093240/http://www.forbes.com/sites/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls |url-status=live}}</ref> |
|||
<ref name="wired2">{{cite news|last=Garling |first=Caleb |url=http://www.wired.com/wiredenterprise/2011/11/twitter-buys-moxie/ |title=Twitter Buys Some Middle East Moxie | Wired Enterprise |publisher=Wired |date= 28 November 2011|accessdate=21 December 2011}}</ref> |
|||
<ref name=" |
<ref name="welcome">{{cite news |url=https://signal.org/blog/welcome/ |title=A New Home |publisher=Open Whisper Systems |date=21 January 2013 |access-date=1 March 2014 |archive-date=29 April 2013 |archive-url=https://web.archive.org/web/20130429181434/https://whispersystems.org/blog/welcome/ |url-status=live}}</ref> |
||
<ref name="Geuss-2015-03-03">{{cite web |url=https://arstechnica.com/information-technology/2015/03/now-you-can-easily-send-free-encrypted-messages-between-android-ios/ |title=Now you can easily send (free!) encrypted messages between Android, iOS |website=Ars Technica |first=Megan |last=Geuss |date=3 March 2015 |access-date=17 March 2024 |archive-date=3 March 2015 |archive-url=https://web.archive.org/web/20150303214004/http://arstechnica.com/security/2015/03/now-you-can-easily-send-free-encrypted-messages-between-android-ios/ |url-status=live}}</ref> |
|||
<ref name="twitter1">{{cite web |url=https://blog.twitter.com/2011/whispers-are-true |title= The Whispers Are True |archiveurl= https://web.archive.org/web/20141024130437/https://blog.twitter.com/2011/whispers-are-true |archivedate= 24 October 2014 |date= 20 December 2011 |website=The Twitter Developer Blog |first=Chris |last=Aniszczyk |publisher=Twitter |accessdate=22 January 2015}}</ref> |
|||
<ref name="spiegel-media-2014-12-28">{{cite magazine |title=Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not |url=http://www.spiegel.de/media/media-35535.pdf |magazine=Der Spiegel |access-date=23 January 2015 |date=28 December 2014 |archive-date=8 October 2018 |archive-url=https://web.archive.org/web/20181008114248/http://www.spiegel.de/media/media-35535.pdf |url-status=dead}}</ref> |
|||
<ref name="whispersys2">{{cite web |url=http://www.whispersys.com/updates.html |title= TextSecure is now Open Source! |archiveurl= https://web.archive.org/web/20120106024504/http://www.whispersys.com/updates.html |archivedate= 6 January 2012 |date= 20 December 2011 |publisher=Whisper Systems |accessdate=22 January 2015}}</ref> |
|||
<ref name="spiegel-staff-2014-12-28">{{cite news |title=Prying Eyes: Inside the NSA's War on Internet Security |url=https://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html |newspaper=Der Spiegel |access-date=23 January 2015 |date=28 December 2014 |archive-date=24 January 2015 |archive-url=https://web.archive.org/web/20150124202809/http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html |url-status=live}}</ref> |
|||
<ref name="whispersys3">{{cite web |url=http://www.whispersys.com/updates.html |title= RedPhone is now Open Source! |archiveurl= https://web.archive.org/web/20120731143138/http://www.whispersys.com/updates.html |archivedate= 31 July 2012 |date= 18 July 2012 |publisher=Whisper Systems |accessdate=22 January 2015}}</ref> |
|||
<ref name="Cheredar-2011-11-28">{{cite news |date=28 November 2011 |first=Tom |last=Cheredar |url=https://venturebeat.com/entrepreneur/twitter-buys-whisper-systems/ |title=Twitter acquires Android security startup Whisper Systems |work=VentureBeat |access-date=17 March 2024 |archive-date=12 December 2011 |archive-url=https://web.archive.org/web/20111212035416/http://venturebeat.com/2011/11/28/twitter-buys-whisper-systems/ |url-status=live}}</ref> |
|||
<ref name="zfone-mitm">{{cite web|title=Exactly how does Zfone and ZRTP protect against a man-in-the-middle (MiTM) attack?|url=http://zfoneproject.com/faq.html#mitm|publisher=The Zfone Project|accessdate=25 January 2015}}</ref> |
|||
<ref name="Greenberg-2011-11-28">{{cite news |first=Andy |last=Greenberg |url=https://www.forbes.com/sites/andygreenberg/2011/11/28/twitter-acquires-moxie-marlinspikes-encryption-startup-whisper-systems/ |title=Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems |work=Forbes |date=28 November 2011 |access-date=21 December 2011 |archive-date=14 December 2011 |archive-url=https://web.archive.org/web/20111214035729/http://www.forbes.com/sites/andygreenberg/2011/11/28/twitter-acquires-moxie-marlinspikes-encryption-startup-whisper-systems/ |url-status=live}}</ref> |
|||
<ref name="eff2">{{cite web | url = https://ssd.eff.org/en/module/communicating-others | publisher = Electronic Frontier Foundation | title = Surveillance Self-Defense. Communicating with Others | date = 2014-10-23}}</ref> |
|||
<ref name="Pachal-2011-12-20">{{cite news |url=https://mashable.com/2011/12/20/textsecure-open-source/ |first=Pete |last=Pachal |title=Twitter Takes TextSecure, Texting App for Dissidents, Open Source |publisher=Mashable |date=20 December 2011 |access-date=1 March 2014 |archive-date=7 March 2014 |archive-url=https://web.archive.org/web/20140307173850/http://mashable.com/2011/12/20/textsecure-open-source/ |url-status=live}}</ref> |
|||
<ref name="eff3">{{cite web | url = https://www.eff.org/secure-messaging-scorecard | publisher = Electronic Frontier Foundation | title = Secure Messaging Scorecard. Which apps and tools actually keep your messages safe? | date = 4 November 2014}}</ref> |
|||
<ref name="Garling-2011-12-20">{{cite magazine |last=Garling |first=Caleb |url=https://www.wired.com/wiredenterprise/2011/12/twitter-open-sources-its-android-moxie/ |title=Twitter Open Sources Its Android Moxie | Wired Enterprise |magazine=Wired |date=20 December 2011 |access-date=21 December 2011 |archive-date=22 December 2011 |archive-url=https://web.archive.org/web/20111222010355/http://www.wired.com/wiredenterprise/2011/12/twitter-open-sources-its-android-moxie/ |url-status=live}}</ref> |
|||
<ref name="about">{{cite web |url= https://www.whispersystems.org/about/ |title= About us |author= Open Whisper Systems |accessdate=18 January 2015}}</ref> |
|||
<ref name="Garling-2011-11-28">{{cite magazine |last=Garling |first=Caleb |url=https://www.wired.com/wiredenterprise/2011/11/twitter-buys-moxie/ |title=Twitter Buys Some Middle East Moxie | Wired Enterprise |magazine=Wired |date=28 November 2011 |access-date=21 December 2011 |archive-date=22 December 2011 |archive-url=https://web.archive.org/web/20111222020936/http://www.wired.com/wiredenterprise/2011/11/twitter-buys-moxie |url-status=live}}</ref> |
|||
<ref name="signal-ios-github">{{cite web |url=https://github.com/WhisperSystems/Signal-iOS |title=Signal-iOS |author= Open Whisper Systems |website= GitHub |accessdate=14 January 2015}}</ref> |
|||
<ref name=" |
<ref name="Aniszczyk-2011-12-20">{{cite web |url=https://blog.twitter.com/developer/en_us/a/2011/whispers-are-true |title=The Whispers Are True |archive-url=https://web.archive.org/web/20141024130437/https://blog.twitter.com/2011/whispers-are-true |archive-date=24 October 2014 |date=20 December 2011 |website=The Twitter Developer Blog |first=Chris |last=Aniszczyk |via=Twitter |access-date=22 January 2015}}</ref> |
||
<ref name="eff-2014-10-23">{{cite web |url=https://ssd.eff.org/module/communicating-others |publisher=Electronic Frontier Foundation |title=Surveillance Self-Defense. Communicating with Others |date=23 October 2014 |access-date=25 January 2015 |archive-date=8 November 2014 |archive-url=https://web.archive.org/web/20141108170218/https://ssd.eff.org/en/module/communicating-others |url-status=live}}</ref> |
|||
<ref name="wired3">{{cite web| url=http://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/ |title=Your iPhone Can Finally Make Free, Encrypted Calls |publisher= Wired |first=Andy |last=Greenberg |date= 29 July 2014 |accessdate= 18 January 2015}}</ref> |
|||
<ref name="eff-2014-11-04">{{cite web |url=https://www.eff.org/node/101713/ |publisher=Electronic Frontier Foundation |title=Secure Messaging Scorecard. Which apps and tools actually keep your messages safe? |date=4 November 2014 |access-date=17 March 2024 |archive-date=28 July 2016 |archive-url=https://web.archive.org/web/20160728011841/https://www.eff.org/node/82654 |url-status=live}}</ref> |
|||
<ref name="techcrunch2">{{cite web|url=http://techcrunch.com/2014/07/29/talk-private-to-me-free-worldwide-encrypted-voice-calls-with-signal/|title=Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone|publisher=AOL|work=TechCrunch|first=Jon |last=Evans|date=29 July 2014}}</ref> |
|||
<ref name="signal-ios-github">{{cite web |url=https://github.com/signalapp/Signal-iOS |title=Signal-iOS |author=Signal |website=GitHub |access-date=10 May 2023 |archive-date=11 November 2014 |archive-url=https://web.archive.org/web/20141111134037/https://github.com/WhisperSystems/Signal-iOS |url-status=live}}</ref> |
|||
<ref name="threatpost1">{{cite web|url=http://threatpost.com/new-signal-app-brings-encrypted-calling-to-iphone/107491|title=New Signal App Brings Encrypted Calling to iPhone|publisher=Threatpost |first=Michael |last=Mimoso |date=29 July 2014}}</ref> |
|||
<ref name="signal-android-github">{{cite web |url=https://github.com/signalapp/Signal-Android |title=Signal-Android |author=Signal |website=GitHub |access-date=10 May 2023 |archive-date=30 December 2015 |archive-url=https://web.archive.org/web/20151230221156/https://github.com/WhisperSystems/Signal-Android |url-status=live}}</ref> |
|||
<ref name="pressfreedomfoundation">{{cite web|url=https://freedom.press/organization/open-whispersystems |title=Open Whisper Systems |publisher= Freedom of the Press Foundation |accessdate=18 January 2015}}</ref> |
|||
<ref name="signal-desktop-github">{{cite web |url=https://github.com/signalapp/Signal-Desktop |title=Signal-Desktop |author=Signal |website=GitHub |access-date=10 May 2023 |archive-date=8 April 2016 |archive-url=https://web.archive.org/web/20160408205540/https://github.com/WhisperSystems/Signal-Desktop |url-status=live}}</ref> |
|||
<ref name="knightfoundation">{{cite web|title=TextSecure|url=http://www.knightfoundation.org/grants/201499909/|publisher=Knight Foundation|accessdate=5 January 2015}}</ref> |
|||
<ref name="Signal-Server">{{cite web |url=https://github.com/signalapp/Signal-Server |title=Signal-Server |author=Signal |website=GitHub |access-date=10 May 2023 |archive-date=28 December 2016 |archive-url=https://web.archive.org/web/20161228222103/https://github.com/WhisperSystems/Signal-Server |url-status=live}}</ref> |
|||
<ref name="shuttleworthfoundation">{{cite web|title=Moxie Marlinspike|url=https://www.shuttleworthfoundation.org/fellows/moxie-marlinspike/|publisher=Shuttleworth Foundation|accessdate=14 January 2015}}</ref> |
|||
<ref name="Greenberg-2014-07-29">{{cite magazine |url=https://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/ |title=Your iPhone Can Finally Make Free, Encrypted Calls |magazine=Wired |first=Andy |last=Greenberg |date=29 July 2014 |access-date=18 January 2015 |archive-date=18 January 2015 |archive-url=https://web.archive.org/web/20150118152718/http://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/ |url-status=live}}</ref> |
|||
<ref name="opentechfund">{{cite web|title=Open Whisper Systems|url=https://www.opentech.fund/project/open-whisper-systems|publisher=Open Technology Fund|accessdate=26 December 2015}}</ref> |
|||
<ref name="Evans-2014-07-29">{{cite web |url=https://techcrunch.com/2014/07/29/talk-private-to-me-free-worldwide-encrypted-voice-calls-with-signal/ |title=Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone |work=TechCrunch |publisher=AOL |first=Jon |last=Evans |date=29 July 2014 |access-date=25 June 2017 |archive-date=4 June 2016 |archive-url=https://web.archive.org/web/20160604000058/http://techcrunch.com/2014/07/29/talk-private-to-me-free-worldwide-encrypted-voice-calls-with-signal/ |url-status=live}}</ref> |
|||
<ref name="theverge1">{{cite web|last1=Brandom|first1=Russell|title=Signal brings painless encrypted calling to iOS|url=http://www.theverge.com/2014/7/29/5945547/signal-brings-painless-encrypted-calling-whisper-systems-moxie-marlinspike|publisher=The Verge|accessdate=26 January 2015|date=29 July 2014}}</ref> |
|||
<ref name="Mimoso-2014-07-29">{{cite web |url=https://threatpost.com/new-signal-app-brings-encrypted-calling-to-iphone/107491/ |title=New Signal App Brings Encrypted Calling to iPhone |publisher=Threatpost |first=Michael |last=Mimoso |date=29 July 2014 |access-date=17 March 2024 |archive-date=18 January 2015 |archive-url=https://web.archive.org/web/20150118143554/http://threatpost.com/new-signal-app-brings-encrypted-calling-to-iphone/107491 |url-status=live}}</ref> |
|||
<ref name="asynchronous-security">{{cite web|date=22 August 2013 |first=Moxie |last=Marlinspike |url=https://whispersystems.org/blog/asynchronous-security/ |title=Forward Secrecy for Asynchronous Messages |publisher=Open Whisper Systems |accessdate=2014-03-01}}</ref> |
|||
<ref name="pressfreedomfoundation">{{cite web |url=https://signal.org/donate/ |title=Signal |publisher=Freedom of the Press Foundation |access-date=17 March 2024 |archive-date=20 March 2018 |archive-url=https://web.archive.org/web/20180320152018/https://freedom.press/crowdfunding/signal/ |url-status=live}}</ref> |
|||
<ref name="ProtocolV2">{{cite web| url= https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2 |title= ProtocolV2 |website=GitHub |author= Open Whisper Systems | accessdate= 21 January 2015 }}</ref> |
|||
<ref name="knightfoundation">{{cite web |title=TextSecure |url=http://www.knightfoundation.org/grants/201499909/ |publisher=Knight Foundation |access-date=5 January 2015 |archive-date=9 January 2021 |archive-url=https://web.archive.org/web/20210109161315/https://knightfoundation.org/grants/201499909/ |url-status=live}}</ref> |
|||
<ref name="TextSecure-Server">{{cite web |url=https://github.com/whispersystems/TextSecure-Server/ |title=TextSecure-Server |author= Open Whisper Systems |website= GitHub |accessdate=2 March 2014}}</ref> |
|||
<ref name="shuttleworthfoundation">{{cite web |title=Moxie Marlinspike |url=https://www.shuttleworthfoundation.org/alumni/moxie-marlinspike |publisher=Shuttleworth Foundation |access-date=14 January 2015 |url-status=dead |archive-url=https://archive.today/20161115142945/https://www.shuttleworthfoundation.org/alumni/moxie-marlinspike |archive-date=15 November 2016}}</ref> |
|||
<!-- ref name="the-new-signal">{{cite web|date=2 Mar 2015 |first=Moxie |last=Marlinspike |url=https://whispersystems.org/blog/the-new-signal/ |title=Signal 2.0: Private messaging comes to the iPhone |publisher=Open Whisper Systems |accessdate=2015-05-09}}</ref --> |
|||
<ref name="opentechfund">{{cite web |title=Open Whisper Systems |url=https://www.opentech.fund/projects-we-support/supported-projects/signal-open-whisper-systems/ |publisher=Open Technology Fund |access-date=17 March 2024 |archive-date=2 March 2019 |archive-url=https://web.archive.org/web/20190302024657/https://www.opentech.fund/results/supported-projects/open-whisper-systems/ |url-status=live}}</ref> |
|||
<ref name="pcmag-snowden">{{cite web|date=11 March 2014 |first=Max |last=Eddy |url=http://securitywatch.pcmag.com/security/321511-snowden-to-sxsw-here-s-how-to-keep-the-nsa-out-of-your-stuff |title=Snowden to SXSW: Here's How To Keep The NSA Out Of Your Stuff |publisher=PC Magazine: SecurityWatch |accessdate=2014-03-16}}</ref> |
|||
<ref name="Brandom-2014-07-29">{{cite web |last1=Brandom |first1=Russell |title=Signal brings painless encrypted calling to iOS |url=https://www.theverge.com/2014/7/29/5945547/signal-brings-painless-encrypted-calling-whisper-systems-moxie-marlinspike |website=The Verge |access-date=26 January 2015 |date=29 July 2014 |archive-date=3 February 2015 |archive-url=https://web.archive.org/web/20150203221418/http://www.theverge.com/2014/7/29/5945547/signal-brings-painless-encrypted-calling-whisper-systems-moxie-marlinspike |url-status=live}}</ref> |
|||
<ref name="thenewyorker-snowden">{{cite web |url=https://www.youtube.com/watch?v=fidq3jow8bc |title=The Virtual Interview: Edward Snowden - The New Yorker Festival |publisher=The New Yorker |website=YouTube |date=11 October 2014 |accessdate=24 May 2015}}</ref> |
|||
<ref name="Eddy-2014-03-11">{{cite web |date=11 March 2014 |first=Max |last=Eddy |url=https://www.pcmag.com/security/321511-snowden-to-sxsw-here-s-how-to-keep-the-nsa-out-of-your-stuff |title=Snowden to SXSW: Here's How To Keep The NSA Out Of Your Stuff |publisher=PC Magazine: SecurityWatch |access-date=17 March 2024 |archive-date=16 March 2014 |archive-url=https://web.archive.org/web/20140316122922/http://securitywatch.pcmag.com/security/321511-snowden-to-sxsw-here-s-how-to-keep-the-nsa-out-of-your-stuff |url-status=live}}</ref> |
|||
<ref name="dailydot-snowden">{{cite web|title= Edward Snowden tells you what encrypted messaging apps you should use |url=http://www.dailydot.com/politics/edward-snowden-signal-encryption-privacy-messaging/|first= Dell |last=Cameron |publisher=The Daily Dot |date=6 March 2015 |accessdate=24 May 2015}}</ref> |
|||
<ref name="thenewyorker-2014-10-11">{{cite magazine |url=https://www.youtube.com/watch?v=fidq3jow8bc |title=The Virtual Interview: Edward Snowden – The New Yorker Festival |magazine=The New Yorker |via=YouTube |date=11 October 2014 |access-date=24 May 2015 |archive-date=9 January 2021 |archive-url=https://web.archive.org/web/20210109161401/https://www.youtube.com/watch?v=fidq3jow8bc |url-status=live}}</ref> |
|||
<ref name="theguardian-snowden">{{cite web|title= NSA surveillance powers on the brink as pressure mounts on Senate bill – as it happened |url=http://www.theguardian.com/us-news/live/2015/may/21/nsa-surveillance-rand-paul-senate-live |publisher=The Guardian |first= Alan |last=Yuhas |date= 21 May 2015 |accessdate=24 May 2015}}</ref> |
|||
<ref name="thenewyorker-2020-10-19">{{cite magazine |url=https://www.newyorker.com/magazine/2020/10/26/taking-back-our-privacy |title=Taking Back Our Privacy |last=Wiener |first=Anna |magazine=[[The New Yorker]] |date=19 October 2020 |access-date=27 October 2020 |archive-date=27 October 2020 |archive-url=https://web.archive.org/web/20201027010827/https://www.newyorker.com/magazine/2020/10/26/taking-back-our-privacy |url-status=live}}</ref> |
|||
<ref name="Mott-2017-03-14">{{cite web |last1=Mott |first1=Nathaniel |title=Signal's Encrypted Video Calling For iOS, Android Leaves Beta |url=https://www.tomshardware.com/news/signal-encrypted-video-calling-ios-android,33898.html |website=Tom's Hardware |publisher=Purch Group, Inc. |date=14 March 2017 |access-date=14 March 2017}}</ref> |
|||
<ref name="voxmedia-snowden">{{cite web|title= The 9 best moments from Edward Snowden's Reddit Q&A |url=https://www.vox.com/2015/5/21/8638251/snowden-reddit |publisher=Vox Media |first= Zack |last=Beauchamp |date= 21 May 2015 |accessdate=24 May 2015}}</ref> |
|||
}} |
}} |
||
== |
==Bibliography== |
||
{{Refbegin|30em}} |
|||
{{Commons category|Open Whisper Systems}} |
|||
* {{cite journal |last1=Cohn-Gordon |first1=Katriel |last2=Cremers |first2=Cas |last3=Dowling |first3=Benjamin |last4=Garratt |first4=Luke |last5=Stebila |first5=Douglas |title=A Formal Security Analysis of the Signal Messaging Protocol |url=https://eprint.iacr.org/2016/1013.pdf |website=Cryptology ePrint Archive |publisher=International Association for Cryptologic Research (IACR) |date=25 October 2016 |access-date=11 December 2016 |archive-date=22 February 2017 |archive-url=https://web.archive.org/web/20170222185244/https://eprint.iacr.org/2016/1013.pdf |url-status=live }} |
|||
* [https://github.com/WhisperSystems/Signal-iOS ''Signal-iOS''] on [[GitHub]] |
|||
* {{Cite conference |last1=Frosch |first1=Tilman |last2=Mainka |first2=Christian |last3=Bader |first3=Christoph |last4=Bergsma |first4=Florian |last5=Schwenk |first5=Jörg |last6=Holz |first6=Thorsten |title=2016 IEEE European Symposium on Security and Privacy (EuroS&P) |chapter-url=https://eprint.iacr.org/2014/904.pdf |chapter=How Secure is TextSecure? |conference=2016 IEEE European Symposium on Security and Privacy (EuroS&P) |publisher=IEEE |location=Saarbrücken, Germany |date=March 2016 |pages=457–472 |doi=10.1109/EuroSP.2016.41 |isbn=978-1-5090-1752-2 |access-date=8 February 2022 |archive-date=28 February 2019 |archive-url=https://web.archive.org/web/20190228094840/https://eprint.iacr.org/2014/904.pdf |url-status=live |citeseerx=10.1.1.689.6003 }} |
|||
* [https://github.com/WhisperSystems/Signal-Android ''Signal-Android''] on [[GitHub]] |
|||
* {{Cite conference |last1=Rottermanner |first1=Christoph |last2=Kieseberg |first2=Peter |last3=Huber |first3=Markus |last4=Schmiedecker |first4=Martin |last5=Schrittwieser |first5=Sebastian |title=Privacy and Data Protection in Smartphone Messengers |url=https://publications.sba-research.org/publications/paper_drafthp.pdf |conference=Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (iiWAS2015) |publisher=ACM International Conference Proceedings Series |isbn=978-1-4503-3491-4 |date=December 2015 |access-date=17 March 2024 |archive-date=27 March 2016 |archive-url=https://web.archive.org/web/20160327011416/https://www.sba-research.org/wp-content/uploads/publications/paper_drafthp.pdf |url-status=live }} |
|||
* [https://whispersystems.org/ Open Whisper Systems]. The developers' homepage. |
|||
* {{cite conference |last1=Schröder |first1=Svenja |last2=Huber |first2=Markus |last3=Wind |first3=David |last4=Rottermanner |first4=Christoph |title=When Signal hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging |date=18 July 2016 |url=https://www.internetsociety.org/sites/default/files/09%20when-signal-hits-the-fan-on-the-usability-and-security-of-state-of-the-art-secure-mobile-messaging.pdf |publisher=Internet Society (ISOC) |conference=Proceedings of the 1st European Workshop on Usable Security (EuroUSEC '16) |location=Darmstadt, Germany |isbn=978-1-891562-45-7 |access-date=29 August 2016 |url-status=dead |archive-url=https://web.archive.org/web/20160828135326/https://www.internetsociety.org/sites/default/files/09%20when-signal-hits-the-fan-on-the-usability-and-security-of-state-of-the-art-secure-mobile-messaging.pdf |archive-date=28 August 2016 }} |
|||
* {{cite conference |first1=Nik |last1=Unger |first2=Sergej |last2=Dechand |first3=Joseph |last3=Bonneau |first4=Sascha |last4=Fahl |first5=Henning |last5=Perl |first6=Ian Avrum |last6=Goldberg |first7=Matthew |last7=Smith |title=2015 IEEE Symposium on Security and Privacy |chapter=SoK: Secure Messaging |publisher=IEEE Computer Society's Technical Committee on Security and Privacy |conference=Proceedings of the 2015 IEEE Symposium on Security and Privacy |year=2015 |pages=232–249 |doi=10.1109/SP.2015.22 |isbn=978-1-4673-6949-7 |chapter-url=https://www.ieee-security.org/TC/SP2015/papers-archived/6949a232.pdf |access-date=17 March 2024 |archive-date=4 March 2016 |archive-url=https://web.archive.org/web/20160304002758/http://ieee-security.org/TC/SP2015/papers-archived/6949a232.pdf |url-status=live }} |
|||
{{Refend}} |
|||
==External links== |
|||
{{Commons category}} |
|||
* {{Official website}} |
|||
{{Cryptographic software}} |
{{Cryptographic software}} |
||
{{Instant messaging}} |
{{Instant messaging}} |
||
[[Category: |
[[Category:2014 software]] |
||
[[Category: |
[[Category:Cross-platform software]] |
||
[[Category:Cryptographic software]] |
[[Category:Cryptographic software]] |
||
[[Category:End-to-end encryption]] |
|||
[[Category:Free and open-source Android software]] |
[[Category:Free and open-source Android software]] |
||
[[Category:Free software programmed in Java (programming language)]] |
|||
[[Category:Instant messaging clients programmed in Java]] |
|||
[[Category:Free instant messaging clients]] |
[[Category:Free instant messaging clients]] |
||
[[Category:Internet privacy software]] |
|||
[[Category:Free security software]] |
[[Category:Free security software]] |
||
[[Category:Free software programmed in Java (programming language)]] |
|||
[[Category:Free VoIP software]] |
[[Category:Free VoIP software]] |
||
[[Category:Instant messaging clients programmed in Java]] |
|||
[[Category:Internet privacy software]] |
|||
[[Category:IOS software]] |
|||
[[Category:Secure communication]] |
Latest revision as of 21:57, 11 December 2024
Developer(s) |
|
---|---|
Initial release | 29 July 2014[1][2] |
Stable release(s) | |
Preview release(s) | |
Repository | |
Operating system |
|
Type | Encrypted voice calling, video calling and instant messaging |
License | AGPL-3.0-only[10][11][12][13][a][b] |
Website | signal |
Signal is an open-source, encrypted messaging service for instant messaging, voice calls, and video calls.[14][15] The instant messaging function includes sending text, voice notes, images, videos, and other files.[16] Communication may be one-to-one between users or may involve group messaging.
The application uses a centralized computing architecture and is cross-platform software. It is developed by the non-profit Signal Foundation and its subsidiary Signal Messenger LLC. Signal's software is free and open-source. Its mobile clients, desktop client, and server are all published under the AGPL-3.0-only license.[a][b][11][10][12][13] The official Android app generally uses the proprietary Google Play Services, although it is designed to be able to work without them. Signal is also distributed for iOS and desktop programs for Windows, macOS, and Linux. Registration for desktop use requires an iOS or Android device.[20][21]
Signal uses mobile telephone numbers to register and manage user accounts, though configurable usernames were added in March 2024 to allow users to hide their phone numbers from other users.[22] After removing support for SMS on Android in 2023,[23][24] the app now secures all communications with end-to-end encryption. The client software includes mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel.[23][25]
The non-profit Signal Foundation was launched in February 2018 with initial funding of $50 million from WhatsApp co-founder Brian Acton.[26] As of January 2022[update], the platform had approximately 40 million monthly active users. As of May 2021[update], it was downloaded more than 105 million times.[27][28]
History
[edit]Signal Timeline | |
---|---|
May 2010 | Moxie Marlinspike and Stuart Anderson (Whisper Systems) launch TextSecure and RedPhone on Android.[29] |
Nov 2011 | Whisper Systems is acquired by Twitter,[30] "primarily so that Mr. Marlinspike could help the then-startup improve its security."[31] |
Dec 2011 – Jul 2012 | TextSecure and RedPhone are released as free and open-source software under the GPLv3 license.[32][33] |
Jan 2013 | Moxie Marlinspike leaves Twitter and founds Open Whisper Systems (OWS) as a collaborative open source project for the continued development of TextSecure and RedPhone.[34][35] |
Feb 2014 | OWS adds end-to-end encrypted group chat and instant messaging capabilities to TextSecure.[36] |
Jul 2014 | OWS releases Signal as a RedPhone counterpart for iOS.[37][38] |
Mar 2015 | OWS discontinues support for encrypted SMS/MMS messaging in TextSecure, while retaining its encrypted IM capabilities.[39] At the same time, OWS adds encrypted IM to Signal on iOS.[40] |
Nov 2015 | RedPhone is merged into TextSecure on Android and the app is renamed as Signal.[41] |
Dec 2015 | Signal Desktop is launched as a Chrome App.[42] |
Oct 2017 | OWS announces the deprecation of their Chrome App and the release of a new Electron-based Signal Desktop.[43] |
Mar 2017 | OWS transitions Signal's calling system from RedPhone to WebRTC and adds the ability to make video calls with the mobile apps.[44][45] |
Feb 2018 | Moxie Marlinspike and Brian Acton launch the Signal Foundation with an initial $50 million in funding from Acton, who had left WhatsApp's parent company Facebook in September 2017.[46][47] |
Nov 2019 – Feb 2020 | Signal adds support for iPads,[48] view-once images and videos, stickers, and reactions.[49] |
Aug 2020 – Sep 2020 | Signal adds message requests[50] and one-to-one voice and video calling to Signal Desktop.[51][52] |
Oct 2020 – Dec 2020 | Signal starts transitioning to a new encrypted group chat system with support for @mentions, group admins, and more granular permissions.[53] It also adds support for encrypted group calling.[53] |
2010–2013: Origins
[edit]Signal is the successor of the RedPhone encrypted voice calling app and the TextSecure encrypted texting program. The beta versions of RedPhone and TextSecure were first launched in May 2010 by Whisper Systems,[54] a startup company co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson.[55][56] Whisper Systems also produced a firewall and tools for encrypting other forms of data.[55][57] All of these were proprietary enterprise mobile security software and were only available for Android.
In November 2011, Whisper Systems announced that it had been acquired by Twitter. Neither company disclosed the financial terms of the deal.[58] The acquisition was done "primarily so that Mr. Marlinspike could help the then-startup improve its security".[59] Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable.[60] Some criticized the removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the Egyptian revolution of 2011.[61]
Twitter released TextSecure as free and open-source software under the GPLv3 license in December 2011.[55][62][63][64] RedPhone was also released under the same license in July 2012.[65] Marlinspike later left Twitter and founded Open Whisper Systems as a collaborative Open Source project for the continued development of TextSecure and RedPhone.[1][66]
2013–2018: Open Whisper Systems
[edit]Open Whisper Systems' website was launched in January 2013.[66]
In February 2014, Open Whisper Systems introduced the second version of their TextSecure Protocol (now Signal Protocol), which added end-to-end encrypted group chat and instant messaging capabilities to TextSecure.[67] Toward the end of July 2014, they announced plans to merge the RedPhone and TextSecure applications as Signal.[68] This announcement coincided with the initial release of Signal as a RedPhone counterpart for iOS. The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client.[68] Signal was the first iOS app to enable end-to-end encrypted voice calls for free.[1][69] TextSecure compatibility was added to the iOS application in March 2015.[70][71]
From its launch in May 2010[54] until March 2015, the Android version of Signal (then called TextSecure) included support for encrypted SMS/MMS messaging.[72] From version 2.7.0 onward, the Android application only supported sending and receiving encrypted messages via the data channel.[73] Reasons for this included security flaws of SMS/MMS and problems with the key exchange.[73] Open Whisper Systems' abandonment of SMS/MMS encryption prompted some users to create a fork named Silence (initially called SMSSecure[74]) that is meant solely for the exchange of encrypted SMS and MMS messages.[75][76]
In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for Android.[77] A month later, Open Whisper Systems announced Signal Desktop, a Chrome app that could link with a Signal mobile client.[78] At launch, the app could only be linked with the Android version of Signal.[79] On 26 September 2016, Open Whisper Systems announced that Signal Desktop could now be linked with the iOS version of Signal as well.[80] On 31 October 2017, Open Whisper Systems announced that the Chrome app was deprecated.[9] At the same time, they announced the release of a standalone desktop client (based on the Electron framework[12]) for Windows, macOS and certain Linux distributions.[9][81]
On 4 October 2016, the American Civil Liberties Union (ACLU) and Open Whisper Systems published a series of documents revealing that OWS had received a subpoena requiring them to provide information associated with two phone numbers for a federal grand jury investigation in the first half of 2016.[82][83][84] Only one of the two phone numbers was registered on Signal, and because of how the service is designed, OWS was only able to provide "the time the user's account had been created and the last time it had connected to the service".[83][82] Along with the subpoena, OWS received a gag order requiring OWS not to tell anyone about the subpoena for one year.[82] OWS approached the ACLU, and they were able to lift part of the gag order after challenging it in court.[82] OWS said it was the first time they had received a subpoena, and that they were "committed to treating any future requests the same way".[84]
In March 2017, Open Whisper Systems transitioned Signal's calling system from RedPhone to WebRTC, also adding the ability to make video calls with the mobile apps.[85][86][14]
Since 2018: Signal Technology Foundation
[edit]On 21 February 2018, Moxie Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Technology Foundation, a 501(c)(3) nonprofit organization whose mission is "to support, accelerate, and broaden Signal's mission of making private communication accessible and ubiquitous".[87][26] Acton started the foundation with $50 million in funding and became the foundation's executive chairman after leaving WhatsApp's parent company Facebook in September 2017.[26] Marlinspike continued as Signal Messenger's first CEO.[87] As of 2020[update], Signal ran entirely on donations, as a nonprofit.[88]
Between November 2019 and February 2020, Signal added iPad support, view-once images and videos, stickers, and reactions.[89] They also announced plans for a new group messaging system and an "experimental method for storing encrypted contacts in the cloud."[89]
Signal was reportedly popularized in the United States during the George Floyd protests. Heightened awareness of police monitoring led protesters to use the platform to communicate. Black Lives Matter organizers had used the platform "for several years".[90][88] During the first week of June, the encrypted messaging app was downloaded over five times more than it had been during the week prior to the murder of George Floyd.[90] In June 2020, Signal Foundation announced a new feature that enables users to blur faces in photos, in response to increased federal efforts to monitor protesters.[88][91]
On 7 January 2021, Signal saw a surge in new user registrations, which temporarily overwhelmed Signal's capacity to deliver account verification messages.[92] CNN and MacRumors linked the surge with a WhatsApp privacy policy change and a Signal endorsement by Elon Musk and Edward Snowden via Twitter.[92][93] The surge was also tied to the attack on the United States Capitol.[94] International newspapers reported similar trends in the United Arab Emirates.[95] Reuters reported that more than 100,000 people had installed Signal between 7 and 8 January.[96]
Between 12 and 14 January 2021, the number of Signal installations listed on Google Play increased from over 10 million to over 50 million.[97][98][99][100] On 15 January 2021, due to the surge of new users, Signal was overwhelmed with the new traffic and was down for all users.[101][102] On the afternoon of 16 January, Signal announced via Twitter that service had been restored.[103]
On 10 January 2022, Moxie Marlinspike announced that he was stepping down from his role as CEO of Signal Messenger.[104] He continues to remain on the Signal Foundation's board of directors and Brian Acton has volunteered to serve as interim CEO during the search for a new CEO.[104]
In August 2022, Signal notified 1900 users that their data had been affected by the Twilio breach including user phone numbers and SMS verification codes.[105] At least one journalist had his account re-registered to a device he did not control as a result of the attack.[106]
In September 2022 Signal Messaging LLC announced that AI researcher and noted critic of big tech Meredith Whittaker would fill the newly created position of President.[107]
Usage
[edit]Graphs are unavailable due to technical issues. Updates on reimplementing the Graph extension, which will be known as the Chart extension, can be found on Phabricator and on MediaWiki.org. |
Signal's userbase started in May 2010, when its predecessor TextSecure was launched by Whisper Systems.[54] According to App Annie, Signal had approximately 20 million monthly active users at the end of December 2020.[108] In January 2022, the BBC reported that Signal was used by over 40 million people.[109]
Developers and funding
[edit]The development of Signal and its predecessors at Open Whisper Systems was funded by a combination of consulting contracts, donations and grants.[110] The Freedom of the Press Foundation acted as Signal's fiscal sponsor.[87][111][112] Between 2013 and 2016, the project received grants from the Knight Foundation,[113] the Shuttleworth Foundation,[114] and almost $3 million from the US government–sponsored Open Technology Fund.[115] Signal is now developed by Signal Messenger LLC, a software company founded by Moxie Marlinspike and Brian Acton in 2018, which is wholly owned by a tax-exempt nonprofit corporation called the Signal Technology Foundation, also created by them in 2018. The Foundation was funded with an initial loan of $50 million from Acton, "to support, accelerate, and broaden Signal's mission of making private communication accessible and ubiquitous".[87][26][116] All of the organization's products are published as free and open-source software.
In November 2023, Meredith Whittaker revealed that she expected the annual cost of running Signal to reach $50 million in 2025, with the current cost estimated around $40 million.[117]
Features
[edit]Signal provides one-to-one and group[118] voice and video[14] calls with up to forty participants on iOS, Android, and desktop platforms.[119][120] The calls are carried via the devices' wired or wireless (carrier or WiFi) data connections.[69] The application can send text messages, documents files,[16] voice notes, pictures, stickers, GIFs,[121] and video messages. The platform also supports group messaging.
All communication sessions between Signal users are automatically end-to-end encrypted (the encryption keys are generated and stored on the devices, and not on servers).[122] To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) out-of-band.[123] The platform employs a trust-on-first-use mechanism to notify the user if a correspondent's key changes.[123]
Until 2023, Android users could opt into making Signal the default SMS/MMS application, allowing them to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages.[67] Users could then use the same application to communicate with contacts who do not have Signal.[67] As of October 2022, this feature has been deprecated due to safety and security concerns, and was removed in 2023.[124][24]
TextSecure allowed the user to set a passphrase that encrypted the local message database and the user's encryption keys.[125] This did not encrypt the user's contact database or message timestamps.[125] The Signal applications on Android and iOS can be locked with the phone's pin, passphrase, or biometric authentication.[126] The user can define a "screen lock timeout" interval, where Signal will re-encrypt the messages after a certain amount of time, providing an additional protection mechanism in case the phone is lost or stolen.[123][126]
Signal has a feature for scheduling messages.[127] In addition, timers may be attached to messages[128] to automatically delete the messages from both the sender's and the receivers' devices.[128] The time period for keeping the message may be between five seconds and one week,[128] and begins for each recipient once they have read their copy of the message.[129] The developers stressed that this is meant to be "a collaborative feature for conversations where all participants want to automate minimal data hygiene, not for situations where the recipient is an adversary".[128][129]
Signal's app icon may be changed with a variety of colour themes for customization and to hide the app. The application name can also be customized.[130] Messages can have effects like spoilers and italics, and users can add each other via QR code.[131]
Signal excludes users' messages from non-encrypted cloud backups by default.[132]
Signal allows users to automatically blur faces of people in photos to protect identities.[133][134]
Signal includes a cryptocurrency wallet functionality for storing, sending and receiving in-app payments.[135] Apart from certain regions and countries,[135] the feature was enabled globally in November 2021.[136] As of January 2022[update], the only supported payment method is MobileCoin.[135]
In February 2024, Signal added a username feature to the beta version of the app. This is a privacy feature that allows users to communicate with others without having to share their telephone number.[137][138]
Limitations
[edit]Signal requires that the user provide a telephone number for verification,[139] eliminating the need for user names or passwords and facilitating contact discovery (see below).[140] The number does not have to be the same as on the device's SIM card; it can also be a VoIP number[139] or a landline as long as the user can receive the verification code and have a separate device to set up the software. A number can only be registered on one mobile device at a time.[141] Account registration requires an iOS or Android device.[20][21]
This mandatory connection to a telephone number (a feature Signal shares with WhatsApp, KakaoTalk, and others) has been criticized as a "major issue" for privacy-conscious users who are not comfortable with giving out their private number.[140] A workaround is to use a secondary phone number.[140] The ability to choose a public, changeable username instead of sharing one's phone number was a widely-requested feature.[140][142][143] This feature was added to the beta version of Signal in February 2024.[144]
Using phone numbers as identifiers may also create security risks that arise from the possibility of an attacker taking over a phone number.[140] A similar vulnerability was used to attack at least one user in August 2022, though the attack was performed via the provider of Signal's SMS services, not any user's provider.[105] The threat of this attack can be mitigated by enabling Signal's Registration Lock feature, a form of two-factor authentication that requires the user to enter a PIN to register the phone number on a new device.[145]
When linking Signal Desktop to a mobile device, the conversations history will not be synced; only the new messages will be shown on Signal Desktop.[146]
Usability
[edit]In July 2016, the Internet Society published a user study that assessed the ability of Signal users to detect and deter man-in-the-middle attacks.[25] The study concluded that 21 out of 28 participants failed to correctly compare public key fingerprints in order to verify the identity of other Signal users, and that most of these users believed they had succeeded, while they had actually failed.[25] Four months later, Signal's user interface was updated to make verifying the identity of other Signal users simpler.[147]
In 2023, the French government is pushing for the adoption of a European encrypted messaging alternative to Signal and WhatsApp named Olvid as their secured platform for communications.[148]
Architecture
[edit]Encryption protocols
[edit]Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the Double Ratchet Algorithm, prekeys, and an Extended Triple Diffie–Hellman (X3DH) handshake.[149][150] It uses Curve25519, AES-256, and HMAC-SHA256 as primitives.[23] The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (a.k.a. future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity.[151] It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.[151]
The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption.[151] In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.[151]
In October 2014, researchers from Ruhr University Bochum (RUB) published an analysis of the Signal Protocol.[23] Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure.[152] In October 2016, researchers from UK's University of Oxford, Queensland University of Technology in Australia, and Canada's McMaster University published a formal analysis of the protocol.[153][154] They concluded that the protocol was cryptographically sound.[153][154] In July 2017, researchers from RUB found during another analysis of group messengers a purely theoretic attack against the group protocol of Signal: A user who knows the secret group ID of a group (due to having been a group member previously or stealing it from a member's device) can become a member of the group. Since the group ID cannot be guessed and such member changes are displayed to the remaining members, this attack is likely to be difficult to carry out without being detected.[155]
As of August 2018[update], the Signal Protocol has been implemented into WhatsApp, Facebook Messenger, Skype,[156] and Google Allo,[157] making it possible for the conversations of "more than a billion people worldwide" to be end-to-end encrypted.[158] In Google Allo, Skype and Facebook Messenger, conversations are not encrypted with the Signal Protocol by default; they only offer end-to-end encryption in an optional mode.[132][159][156][160]
Up until March 2017, Signal's voice calls were encrypted with SRTP and the ZRTP key-agreement protocol, which was developed by Phil Zimmermann.[1][161] In March 2017, Signal transitioned to a new WebRTC-based calling system that introduced the ability to make video calls.[86] Signal's voice and video calling functionalities use the Signal Protocol channel for authentication instead of ZRTP.[162][85][14]
Authentication
[edit]To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) out-of-band.[123] The platform employs a trust on first use mechanism in order to notify the user if a correspondent's key changes.[123]
Local storage
[edit]After receiving and decrypting messages, the application stored them locally on each device in a SQLite database that is encrypted with SQLCipher.[163] The cryptographic key for this database is also stored locally and can be accessed if the device is unlocked.[163][164] In December 2020, Cellebrite published a blog post announcing that one of their products could now access this key and use it to "decrypt the Signal app".[163][165] Technology reporters later published articles about how Cellebrite had claimed to have the ability to "break into the Signal app" and "crack Signal's encryption".[166][167] This latter interpretation was rejected by several experts,[168] as well as representatives from Signal, who said the original post by Cellebrite had been about accessing data on "an unlocked Android phone in their physical possession" and that they "could have just opened the app to look at the messages".[169][170] Similar extraction tools also exist for iOS devices and Signal Desktop.[171][172]
Servers
[edit]Signal relies on centralized servers that are maintained by Signal Messenger. In addition to routing Signal's messages, the servers also facilitate the discovery of contacts who are also registered Signal users and the automatic exchange of users' public keys. By default, Signal's voice and video calls are peer-to-peer.[14] If the caller is not in the receiver's address book, the call is routed through a server in order to hide the users' IP addresses.[14]
Contact discovery
[edit]The servers store registered users' phone numbers, public key material and push tokens which are necessary for setting up calls and transmitting messages.[173] In order to determine which contacts are also Signal users, cryptographic hashes of the user's contact numbers are periodically transmitted to the server.[174] The server then checks to see if those match any of the SHA256 hashes of registered users and tells the client if any matches are found.[174] The hashed numbers are thereafter discarded from the server.[173] In 2014, Moxie Marlinspike wrote that it is easy to calculate a map of all possible hash inputs to hash outputs and reverse the mapping because of the limited preimage space (the set of all possible hash inputs) of phone numbers, and that a "practical privacy preserving contact discovery remains an unsolved problem."[175][174] In September 2017, Signal's developers announced that they were working on a way for the Signal client applications to "efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service."[176][177]
Metadata
[edit]All client-server communications are protected by TLS.[161][178] Signal's developers have asserted that their servers do not keep logs about who called whom and when.[179] In June 2016, Marlinspike told The Intercept that "the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second".[132]
The group messaging mechanism is designed so that the servers do not have access to the membership list, group title, or group icon.[73] Instead, the creation, updating, joining, and leaving of groups is done by the clients, which deliver pairwise messages to the participants in the same way that one-to-one messages are delivered.[180][181]
Federation
[edit]Signal's server architecture was federated between December 2013 and February 2016. In December 2013, it was announced that the messaging protocol Signal uses had successfully been integrated into the Android-based open-source operating system CyanogenMod.[182][183][184] Since CyanogenMod 11.0, the client logic was contained in a system app called WhisperPush. According to Signal's developers, the Cyanogen team ran their own Signal messaging server for WhisperPush clients, which federated with the main server, so that both clients could exchange messages with each other.[184] The WhisperPush source code was available under the GPLv3 license.[185] In February 2016, the CyanogenMod team discontinued WhisperPush and recommended that its users switch to Signal.[186] In May 2016, Moxie Marlinspike wrote that federation with the CyanogenMod servers had degraded the user experience and held back development, and that their servers will probably not federate with other servers again.[187]
In May 2016, Moxie Marlinspike requested that a third-party client called LibreSignal not use the Signal service or the Signal name.[187] As a result, on 24 May 2016 the LibreSignal project posted that the project was "abandoned".[188] The functionality provided by LibreSignal was subsequently incorporated into Signal by Marlinspike.[189]
Licensing
[edit]The complete source code of the Signal clients for Android, iOS and desktop is available on GitHub under a free software license.[11][10][12] This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also allows advanced users to compile their own copies of the applications and compare them with the versions that are distributed by Signal Messenger. In March 2016, Moxie Marlinspike wrote that, apart from some shared libraries that are not compiled with the project build due to a lack of Gradle NDK support, Signal for Android is reproducible.[190] Signal's servers are partially open source, but the server software's anti-spam component is proprietary and closed source due to security concerns.[13][191]
Reception
[edit]Security
[edit]In October 2014, the Electronic Frontier Foundation (EFF) included Signal in their updated surveillance self-defense guide.[192] In November 2014, Signal received a perfect score on the EFF's secure messaging scorecard;[122] it received points for having communications encrypted in transit, having communications encrypted with keys the provider does not have access to (end-to-end encryption), making it possible for users to independently verify their correspondents' identities, having past communications secure if the keys are stolen (forward secrecy), having the code open to independent review (open source), having the security designs well-documented, and having a recent independent security audit.[122] At the time, "ChatSecure + Orbot", Pidgin (with OTR), Silent Phone, and Telegram's optional "secret chats" also received seven out of seven points on the scorecard.[122]
Former NSA contractor Edward Snowden has endorsed Signal on multiple occasions.[78] In his keynote speech at SXSW in March 2014, he praised Signal's predecessors (TextSecure and RedPhone) for their ease of use.[193][194] In December 2014, Der Spiegel leaked slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Signal's encrypted voice calling component (RedPhone) on its own as a "major threat" to its mission of accessing users' private data, and when used in conjunction with other privacy tools such as Cspace, Tor, Tails, and TrueCrypt was ranked as "catastrophic" and led to a "near-total loss/lack of insight to target communications [and] presence".[195][196]
Following the 2016 Democratic National Committee email leak, it was reported by Vanity Fair that Marc Elias (the general counsel for Hillary Clinton's presidential campaign) had instructed DNC staffers to exclusively use Signal when saying anything negative about Republican presidential nominee Donald Trump.[197][198]
In March 2017, Signal was approved by the sergeant at arms of the U.S. Senate for use by senators and their staff.[199][200]
On 27 September 2019, Natalie Silvanovich, a security engineer working in Google's vulnerability research team at Project Zero, disclosed how a bug in the Android Signal client could let an attacker spy on a user without their knowledge.[201] The bug allowed an attacker to phone a target device, mute the call, and the call would complete – keeping the audio open but without the owner being aware of that (however they would still be aware of a ring and / or a vibration from the initial call).[202] The bug was fixed the same day that it was reported and patched in release 4.47.7 of the app for Android.[203]
In February 2020, the European Commission recommended that its staff use Signal.[204] Following the George Floyd protests, which began in May 2020, Signal was downloaded 121,000 times in the U.S. between 25 May and 4 June.[205] In July 2020, Signal became the most downloaded app in Hong Kong on both the Apple App Store and the Google Play Store after the passage of the Hong Kong national security law.[206]
As of January 2021[update], Signal is a contact method for securely providing tips to major news outlets such as The Washington Post,[207] The Guardian,[208] The New York Times,[209] and The Wall Street Journal.[210]
Candiru claims the ability to capture data from Signal Private Messenger with their spyware, at a fee of €500,000.[211]
On 9 August 2022, Ismail Sabri Yaakob, the Prime Minister of Malaysia, reported that his Signal account was "hacked" and infiltrated by a third party, sending out messages and impersonating the politician. No details were disclosed regarding the method used to gain access to the account.[212]
In-app payments
[edit]In April 2021, Signal announced the addition of a cryptocurrency wallet feature that would allow users to send and receive payments in MobileCoin.[213] This received criticism from security expert Bruce Schneier, who had previously praised the software. Schneier stated that this would bloat the client and attract unwanted attention from the authorities.[214] The wallet functionality was initially only available in certain countries, but was later enabled globally in November 2021.[136]
Blocking
[edit]In December 2016, Egypt blocked access to Signal.[215] In response, Signal's developers added domain fronting to their service.[216] This allows Signal users in a specific country to circumvent censorship by making it look like they are connecting to a different internet-based service.[216][217] As of May 2022[update], Signal's domain fronting is enabled by default in Egypt, UAE, Oman, Qatar, Iran, Cuba, Uzbekistan and Ukraine.[218]
As of January 2018[update], Signal was blocked in Iran.[219][220] Signal's domain fronting feature relies on the Google App Engine (GAE) service.[220][219] This does not work in Iran because Google has blocked Iranian access to GAE in order to comply with U.S. sanctions.[219][221]
In early 2018, Google App Engine made an internal change to stop domain fronting for all countries. Due to this issue, Signal made a public change to use Amazon CloudFront for domain fronting. However, AWS also announced that they would be making changes to their service to prevent domain fronting. As a result, Signal said that they would start investigating new methods/approaches.[222][223] Signal switched from AWS back to Google in April 2019.[224]
In January 2021, Iran removed the app from app stores,[225][226] and blocked Signal.[227] Signal was later blocked by China in March 2021, followed by its removal from the App Store in China on 19 April 2024.[228][229]
On August 9, 2024, Signal was blocked in Russia. Roskomnadzor claimed that this was due to "violations of the law on combating terrorism and extremism".[230][231] Around the same, Signal was also blocked in Venezuela following the contested 2024 presidential election and subsequent protests.[230]
Audience
[edit]Use by activists
[edit]In 2020, the app was used for coordination and communication by protesters during the George Floyd protests as they relied on the app's end-to-end encryption to share information securely.[232]
In March 2021, the United Nations recommended Myanmar residents use Signal and Proton Mail to pass and preserve evidence of human rights violations committed during the 2021 coup.[233]
Controversial use
[edit]Signal's terms of service states that the product may not be used to violate the law.[234] According to a former employee, Signal's leadership at the time told him they would say something "if and when people start abusing Signal or doing things that we think are terrible".[234] In January 2021, the position of Signal's leadership was to take a "hands-off approach to moderation" as the company's employees are not able to read user messages and the Signal Foundation does not "want to be a media company".[234][154]
In 2016, authorities in India arrested members of a suspected ISIS-affiliated terrorist cell that communicated via Signal.[235]
Radical right-wing militias and white nationalists use Signal for organizing their actions, including the Unite the Right II rally in 2018.[236][237][238][239]
The claim that Signal is used to fund terrorist or criminal activities is the justification for Turkey to criminalize the app for the general population, which Abdullah Bozkurt claims is a way the "government abuses its counterterrorism laws to punish critics, opponents and dissidents."[240][241]
See also
[edit]- Comparison of cross-platform instant messaging clients
- Comparison of VoIP software
- Internet privacy
- List of video telecommunication services and product brands
- Secure communication
Notes
[edit]References
[edit]- ^ a b c d Greenberg, Andy (29 July 2014). "Your iPhone Can Finally Make Free, Encrypted Calls". Wired. Archived from the original on 18 January 2015. Retrieved 18 January 2015.
- ^ Marlinspike, Moxie (29 July 2014). "Free, Worldwide, Encrypted Phone Calls for iPhone". Open Whisper Systems. Archived from the original on 31 August 2017. Retrieved 16 January 2017.
- ^ "Release 7.26.1". 22 November 2024. Retrieved 29 November 2024.
- ^ "Release 7.39". Retrieved 27 November 2024.
- ^ "Release 7.34.0". Retrieved 27 November 2024.
- ^ "Release 6.28.1". Retrieved 4 August 2023.
- ^ https://github.com/signalapp/Signal-iOS/releases/tag/5.18.1.2-beta.
{{cite web}}
: Missing or empty|title=
(help) - ^ "Release v5.0.0-beta.0".
- ^ a b c d e "Installing Signal - Signal Support". Archived from the original on 27 December 2023. Retrieved 17 March 2024.
- ^ a b c Signal. "Signal-Android". GitHub. Archived from the original on 30 December 2015. Retrieved 10 May 2023.
- ^ a b c Signal. "Signal-iOS". GitHub. Archived from the original on 11 November 2014. Retrieved 10 May 2023.
- ^ a b c d Signal. "Signal-Desktop". GitHub. Archived from the original on 8 April 2016. Retrieved 10 May 2023.
- ^ a b c Signal. "Signal-Server". GitHub. Archived from the original on 28 December 2016. Retrieved 10 May 2023.
- ^ a b c d e f Mott, Nathaniel (14 March 2017). "Signal's Encrypted Video Calling For iOS, Android Leaves Beta". Tom's Hardware. Purch Group, Inc. Retrieved 14 March 2017.
- ^ Perez, Josh (2 September 2020). "Release v1.35.1". github.com. Signal. Archived from the original on 12 November 2020. Retrieved 3 September 2020.
- ^ a b Signal [@signalapp] (1 May 2017). "Today's Signal release for Android, iOS, and Desktop includes the ability to send arbitrary file types" (Tweet). Retrieved 5 November 2018 – via Twitter.
- ^ "Update top-level LICENSE file to AGPL". GitHub.com. Signal. 1 November 2022. Archived from the original on 28 August 2023. Retrieved 10 May 2023.
- ^ "Update top-level LICENSE file to AGPL". GitHub.com. Signal. 5 May 2023. Archived from the original on 14 August 2023. Retrieved 10 May 2023.
- ^ O'Leary, Jim (1 November 2021). "Improving first impressions on Signal". Signal Blog. Archived from the original on 24 September 2023. Retrieved 3 November 2021.
- ^ a b Ciobica, Vladimir (26 May 2021). "Signal Desktop". Softpedia. Archived from the original on 2 June 2021. Retrieved 28 May 2021.
- ^ a b Youngren, Jan (19 January 2021). "Signal messaging app review 2021". VPNpro. Archived from the original on 2 June 2021. Retrieved 28 May 2021.
- ^ Lee, Micah (4 March 2024). "Signal's New Usernames Help Keep the Cops Out of Your Data". The Intercept. Retrieved 9 May 2024.
- ^ a b c d Frosch et al. 2016
- ^ a b nina-signal (12 October 2022). "Removing SMS support from Signal Android (soon)". signal.org. Archived from the original on 27 November 2022. Retrieved 28 November 2022.
- ^ a b c Schröder et al. 2016
- ^ a b c d Greenberg, Andy (21 February 2018). "WhatsApp Co-Founder Puts $50M Into Signal To Supercharge Encrypted Messaging". Wired. Archived from the original on 22 February 2018. Retrieved 21 February 2018.
- ^ Curry, David (11 January 2022). "Signal Revenue & Usage Statistics (2022)". Business of Apps. Archived from the original on 26 January 2021. Retrieved 13 January 2022.
- ^ "Signal Private Messenger - Apps on Google Play". 28 January 2021. Archived from the original on 11 June 2021. Retrieved 28 January 2021.
- ^ "Announcing the public beta". Whisper Systems. 25 May 2010. Archived from the original on 30 May 2010. Retrieved 22 January 2015.
- ^ Cheredar, Tom (28 November 2011). "Twitter acquires Android security startup Whisper Systems". VentureBeat. Retrieved 21 December 2011.
- ^ Yadron, Danny (9 July 2015). "Moxie Marlinspike: The Coder Who Encrypted Your Texts". The Wall Street Journal. Retrieved 10 July 2015.
- ^ "TextSecure is now Open Source!". Whisper Systems. 20 December 2011. Archived from the original on 6 January 2012. Retrieved 22 January 2015.
- ^ "RedPhone is now Open Source!". Whisper Systems. 18 July 2012. Archived from the original on 31 July 2012. Retrieved 22 January 2015.
- ^ Yadron, Danny (10 July 2015). "What Moxie Marlinspike Did at Twitter". Digits. The Wall Street Journal. Archived from the original on 18 March 2016. Retrieved 27 September 2016.
- ^ "A New Home". Open Whisper Systems. 21 January 2013. Retrieved 1 March 2014.
- ^ Donohue, Brian (24 February 2014). "TextSecure Sheds SMS in Latest Version". Threatpost. Retrieved 14 July 2016.
- ^ Greenberg, Andy (29 July 2014). "Your iPhone Can Finally Make Free, Encrypted Calls". Wired. Retrieved 18 January 2015.
- ^ Evans, Jon (29 July 2014). "Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone". TechCrunch. AOL.
- ^ Open Whisper Systems (6 March 2015). "Saying goodbye to encrypted SMS/MMS". Retrieved 24 March 2016.
- ^ Geuss, Megan (3 March 2015). "Now you can easily send (free!) encrypted messages between Android, iOS". Ars Technica. Retrieved 3 March 2015.
- ^ Greenberg, Andy (2 November 2015). "Signal, the Snowden-Approved Crypto App, Comes to Android". Wired. Condé Nast. Retrieved 19 March 2016.
- ^ Franceschi-Bicchierai, Lorenzo (2 December 2015). "Snowden's Favorite Chat App Is Coming to Your Computer". Motherboard. Vice Media LLC. Retrieved 4 December 2015.
- ^ Coldewey, Devin (31 October 2017). "Signal escapes the confines of the browser with a standalone desktop app". TechCrunch. Oath Tech Network. Retrieved 31 October 2017.
- ^ Marlinspike, Moxie (14 February 2017). "Video calls for Signal now in public beta". Open Whisper Systems. Retrieved 15 February 2017.
- ^ Mott, Nathaniel (14 March 2017). "Signal's Encrypted Video Calling For iOS, Android Leaves Beta". Tom's Hardware. Purch Group, Inc. Retrieved 14 March 2017.
- ^ Marlinspike, Moxie; Acton, Brian (21 February 2018). "Signal Foundation". Signal.org. Retrieved 21 February 2018.
- ^ Greenberg, Andy (21 February 2018). "WhatsApp Co-Founder Puts $50M Into Signal To Supercharge Encrypted Messaging". Wired. Condé Nast. Retrieved 21 February 2018.
- ^ Lund, Joshua (27 November 2019). "Signal for iPad, and other iOS improvements". Signal.org. Signal Messenger. Retrieved 1 December 2019.
- ^ Greenberg, Andy (14 February 2020). "Signal Is Finally Bringing Its Secure Messaging to the Masses". Wired. Condé Nast. Retrieved 15 February 2020.
- ^ Lund, Joshua (12 August 2020). "Accept the unexpected: Message requests are now available in Signal". signal.org. Signal Messenger. Retrieved 3 September 2020.
- ^ Lund, Joshua (13 August 2020). "A new platform is calling: Help us test one-to-one voice and video conversations on Signal Desktop". signal.org. Signal Messenger. Retrieved 3 September 2020.
- ^ Perez, Josh (2 September 2020). "Release v1.35.1". github.com. Signal. Retrieved 3 September 2020.
- ^ a b Porter, Jon (15 December 2020). "Signal adds support for encrypted group video calls". The Verge. Vox Media. Retrieved 18 December 2020.
- ^ a b c "Announcing the public beta". Whisper Systems. 25 May 2010. Archived from the original on 30 May 2010. Retrieved 22 January 2015.
- ^ a b c Garling, Caleb (20 December 2011). "Twitter Open Sources Its Android Moxie | Wired Enterprise". Wired. Archived from the original on 22 December 2011. Retrieved 21 December 2011.
- ^ "Company Overview of Whisper Systems Inc". Bloomberg Businessweek. Archived from the original on 4 March 2014. Retrieved 4 March 2014.
- ^ Greenberg, Andy (25 May 2010). "Android App Aims to Allow Wiretap-Proof Cell Phone Calls". Forbes. Archived from the original on 21 January 2012. Retrieved 28 February 2014.
- ^ Cheredar, Tom (28 November 2011). "Twitter acquires Android security startup Whisper Systems". VentureBeat. Archived from the original on 12 December 2011. Retrieved 17 March 2024.
- ^ Yadron, Danny (9 July 2015). "Moxie Marlinspike: The Coder Who Encrypted Your Texts". The Wall Street Journal. Archived from the original on 12 July 2015. Retrieved 10 July 2015.
- ^ Greenberg, Andy (28 November 2011). "Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems". Forbes. Archived from the original on 14 December 2011. Retrieved 21 December 2011.
- ^ Garling, Caleb (28 November 2011). "Twitter Buys Some Middle East Moxie | Wired Enterprise". Wired. Archived from the original on 22 December 2011. Retrieved 21 December 2011.
- ^ Aniszczyk, Chris (20 December 2011). "The Whispers Are True". The Twitter Developer Blog. Archived from the original on 24 October 2014. Retrieved 22 January 2015 – via Twitter.
- ^ "TextSecure is now Open Source!". Whisper Systems. 20 December 2011. Archived from the original on 6 January 2012. Retrieved 22 January 2015.
- ^ Pachal, Pete (20 December 2011). "Twitter Takes TextSecure, Texting App for Dissidents, Open Source". Mashable. Archived from the original on 7 March 2014. Retrieved 1 March 2014.
- ^ "RedPhone is now Open Source!". Whisper Systems. 18 July 2012. Archived from the original on 31 July 2012. Retrieved 22 January 2015.
- ^ a b "A New Home". Open Whisper Systems. 21 January 2013. Archived from the original on 29 April 2013. Retrieved 1 March 2014.
- ^ a b c Donohue, Brian (24 February 2014). "TextSecure Sheds SMS in Latest Version". Threatpost. Archived from the original on 15 February 2017. Retrieved 14 July 2016.
- ^ a b Mimoso, Michael (29 July 2014). "New Signal App Brings Encrypted Calling to iPhone". Threatpost. Archived from the original on 18 January 2015. Retrieved 17 March 2024.
- ^ a b Evans, Jon (29 July 2014). "Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone". TechCrunch. AOL. Archived from the original on 4 June 2016. Retrieved 25 June 2017.
- ^ Lee, Micah (2 March 2015). "You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone". The Intercept. Archived from the original on 3 March 2015. Retrieved 17 March 2024.
- ^ Geuss, Megan (3 March 2015). "Now you can easily send (free!) encrypted messages between Android, iOS". Ars Technica. Archived from the original on 3 March 2015. Retrieved 17 March 2024.
- ^ Open Whisper Systems (6 March 2015). "Saying goodbye to encrypted SMS/MMS". Archived from the original on 24 August 2017. Retrieved 24 March 2016.
- ^ a b c Rottermanner et al. 2015, p. 3
- ^ BastienLQ (20 April 2016). "Change the name of SMSSecure". GitHub (pull request). SilenceIM. Archived from the original on 23 February 2020. Retrieved 27 August 2016.
- ^ "TextSecure-Fork bringt SMS-Verschlüsselung zurück". Heise (in German). 2 April 2015. Archived from the original on 19 November 2018. Retrieved 17 March 2024.
- ^ "SMSSecure: TextSecure-Abspaltung belebt SMS-Verschlüsselung wieder". Der Standard (in German). 3 April 2015. Archived from the original on 20 November 2018. Retrieved 17 March 2024.
- ^ Greenberg, Andy (2 November 2015). "Signal, the Snowden-Approved Crypto App, Comes to Android". Wired. Archived from the original on 26 January 2018. Retrieved 19 March 2016.
- ^ a b Franceschi-Bicchierai, Lorenzo (2 December 2015). "Snowden's Favorite Chat App Is Coming to Your Computer". Motherboard. Vice Media LLC. Archived from the original on 16 December 2016. Retrieved 17 March 2024.
- ^ Coldewey, Devin (7 April 2016). "Now's your chance to try Signal's desktop Chrome app". TechCrunch. AOL Inc. Archived from the original on 21 October 2019. Retrieved 5 May 2016.
- ^ Marlinspike, Moxie (26 September 2016). "Desktop support comes to Signal for iPhone". Open Whisper Systems. Archived from the original on 7 July 2017. Retrieved 26 September 2016.
- ^ Coldewey, Devin (31 October 2017). "Signal escapes the confines of the browser with a standalone desktop app". TechCrunch. Oath Tech Network. Archived from the original on 14 May 2019. Retrieved 31 October 2017.
- ^ a b c d Perlroth, Nicole; Benner, Katie (4 October 2016). "Subpoenas and Gag Orders Show Government Overreach, Tech Companies Argue". The New York Times. Archived from the original on 24 January 2020. Retrieved 4 October 2016.
- ^ a b Kaufman, Brett Max (4 October 2016). "New Documents Reveal Government Effort to Impose Secrecy on Encryption Company" (Blog post). American Civil Liberties Union. Archived from the original on 25 July 2017. Retrieved 17 March 2024.
- ^ a b "Grand jury subpoena for Signal user data, Eastern District of Virginia". Open Whisper Systems. 4 October 2016. Archived from the original on 29 August 2017. Retrieved 4 October 2016.
- ^ a b Marlinspike, Moxie (14 February 2017). "Video calls for Signal now in public beta". Open Whisper Systems. Archived from the original on 15 March 2017. Retrieved 15 February 2017.
- ^ a b Marlinspike, Moxie (13 March 2017). "Video calls for Signal out of beta". Signal Blog. Open Whisper Systems. Archived from the original on 15 March 2017. Retrieved 7 April 2017.
- ^ a b c d Marlinspike, Moxie; Acton, Brian (21 February 2018). "Signal Foundation". Signal.org. Archived from the original on 16 February 2020. Retrieved 21 February 2018.
- ^ a b c Wiener, Anna (19 October 2020). "Taking Back Our Privacy". The New Yorker. Archived from the original on 27 October 2020. Retrieved 27 October 2020.
- ^ a b Greenberg, Andy (14 February 2020). "Signal Is Finally Bringing Its Secure Messaging to the Masses". Wired. Archived from the original on 14 February 2020. Retrieved 15 February 2020.
- ^ a b Nierenberg, Amelia (12 June 2020). "Signal Downloads Are Way Up Since the Protests Began". The New York Times. Archived from the original on 25 June 2020.
- ^ Lyngaas, Sean (4 June 2020). "Signal aims to boost protesters' phone security at George Floyd demonstrations with face-blurring tool". CyberScoop. Archived from the original on 14 June 2020. Retrieved 14 June 2020.
- ^ a b Hardwick, Tim (8 January 2021). "Encrypted Messaging App Signal Sees Surge in Popularity Following WhatsApp Privacy Policy Update". MacRumors. Archived from the original on 9 January 2021. Retrieved 9 January 2021.
- ^ Duffy, Clare (12 January 2021). "Why messaging app Signal is surging in popularity right now". CNN. Archived from the original on 13 January 2021. Retrieved 12 January 2021.
- ^ Chau, David (20 January 2021). "Donald Trump supporters embrace Signal, Telegram and other 'free speech' apps". ABC News. Archived from the original on 13 December 2023. Retrieved 12 May 2023.
- ^ Cabral, Alvin R. "UAE WhatsApp users look for other messaging platforms over new terms". Khaleej Times. Archived from the original on 17 January 2021. Retrieved 10 January 2021.
- ^ "Signal, Telegram see demand spike as new WhatsApp terms stir debate". Reuters. 8 January 2021. Archived from the original on 17 January 2021. Retrieved 10 January 2021.
- ^ Screenshot showing 40 million downloads between 12 and 14 January 2021.
- ^ "Signal Private Messenger - Apps on Google Play". Google Play. 12 January 2021. Archived from the original on 12 January 2021. Retrieved 18 January 2021.
- ^ "Signal Private Messenger - Apps on Google Play". 14 January 2021. Archived from the original on 14 January 2021. Retrieved 18 January 2021.
- ^ "Signal hits 50 million installs on Play Store amid WhatsApp privacy concerns". Android Police. 14 January 2021. Archived from the original on 16 March 2021. Retrieved 20 January 2021.
- ^ "Signal Status". status.signal.org. Archived from the original on 15 January 2021. Retrieved 15 January 2021.
- ^ "WhatsApp changes: Signal messaging platform stops working as downloads surge". BBC News. 15 January 2021. Archived from the original on 16 January 2021. Retrieved 16 January 2021.
- ^ @SignalApp (16 January 2021). "Signal is back!" (Tweet) – via Twitter.
- ^ a b Marlinspike, Moxie (10 January 2022). "New year, new CEO". signal.org. Signal Messenger. Archived from the original on 16 December 2022. Retrieved 10 January 2022.
- ^ a b Page, Carly (15 August 2022). "Signal says 1,900 users' phone numbers exposed by Twilio breach". techcrunch.com. TechCrunch. Archived from the original on 13 December 2023. Retrieved 16 August 2022.
- ^ Franceschi-Bicchierai, Lorenzo (17 August 2022). "How a Third-Party SMS Service Was Used to Take Over Signal Accounts". VICE. Archived from the original on 18 August 2022. Retrieved 19 August 2022.
- ^ "Signal Has a New President and She Has a Plan". Gizmodo. 6 September 2022. Archived from the original on 23 June 2023. Retrieved 23 June 2023.
- ^ Singh, Manish (13 January 2021). "Signal's Brian Acton talks about exploding growth, monetization and WhatsApp data-sharing outrage". TechCrunch. Yahoo. Archived from the original on 13 January 2022. Retrieved 13 January 2022.
- ^ "Moxie Marlinspike leaves encrypted-messaging app Signal". BBC News. BBC. 12 January 2022. Archived from the original on 12 January 2022. Retrieved 13 January 2022.
- ^ O'Neill, Patrick (3 January 2017). "How Tor and Signal can maintain the fight for freedom in Trump's America". CyberScoop. Scoop News Group. Archived from the original on 17 September 2017. Retrieved 17 March 2024.
- ^ Timm, Trevor (8 December 2016). "Freedom of the Press Foundation's new look, and our plans to protect press freedom for 2017". Freedom of the Press Foundation. Archived from the original on 2 February 2017. Retrieved 25 January 2017.
- ^ "Signal". Freedom of the Press Foundation. Archived from the original on 20 March 2018. Retrieved 17 March 2024.
- ^ "TextSecure". Knight Foundation. Archived from the original on 9 January 2021. Retrieved 5 January 2015.
- ^ "Moxie Marlinspike". Shuttleworth Foundation. Archived from the original on 15 November 2016. Retrieved 14 January 2015.
- ^ "Open Whisper Systems". Open Technology Fund. Archived from the original on 2 March 2019. Retrieved 17 March 2024.
- ^ "Signal Technology Foundation". Nonprofit Explorer. Pro Publica Inc. 9 May 2013. Archived from the original on 9 January 2021. Retrieved 7 June 2019.
- ^ Greenberg, Andy (16 November 2023). "Running Signal Will Soon Cost $50 Million a Year". Wired. Archived from the original on 10 December 2023. Retrieved 10 December 2023.
- ^ Davenport, Corbin (14 December 2020). "Signal messaging now supports encrypted group video calls". Android Police. Archived from the original on 14 December 2020. Retrieved 15 December 2020.
- ^ Vonau, Manuel (16 December 2021). "Signal significantly ups its video group call limit, surpassing WhatsApp". Android Police. Archived from the original on 16 December 2021. Retrieved 16 December 2021.
- ^ Thatcher, Peter (15 December 2021). "How to build large-scale end-to-end encrypted group video calls". signal.org. Signal Foundation. Archived from the original on 15 December 2021. Retrieved 16 December 2021.
- ^ Lund, Joshua (1 November 2017). "Expanding Signal GIF search". Open Whisper Systems. Archived from the original on 23 September 2019. Retrieved 9 November 2017.
- ^ a b c d "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014. Archived from the original on 28 July 2016. Retrieved 17 March 2024.
- ^ a b c d e Rottermanner et al. 2015, p. 5
- ^ Clark, Mitchell (12 October 2022). "Signal is 'starting to phase out SMS support' from its Android app". The Verge. Archived from the original on 12 October 2022. Retrieved 13 October 2022.
- ^ a b Rottermanner et al. 2015, p. 9
- ^ a b "Screen Lock". support.signal.org. Signal. n.d. Archived from the original on 15 February 2020. Retrieved 22 November 2018.
- ^ "Schedule a Message on Signal Android – Signal Support". Archived from the original on 18 May 2023. Retrieved 18 May 2023.
- ^ a b c d Greenberg, Andy (11 October 2016). "Signal, the Cypherpunk App of Choice, Adds Disappearing Messages". Wired. Archived from the original on 12 October 2016. Retrieved 11 October 2016.
- ^ a b Marlinspike, Moxie (11 October 2016). "Disappearing messages for Signal". Open Whisper Systems. Archived from the original on 13 June 2017. Retrieved 11 October 2016.
- ^ "Introduce the ability to change the app icon. · signalapp/Signal-Android@c963e99". GitHub. Archived from the original on 19 May 2023. Retrieved 19 May 2023.
- ^ "Add initial username link screen + QR code generation. · signalapp/Signal-Android@855e194". GitHub. Archived from the original on 18 May 2023. Retrieved 18 May 2023.
- ^ a b c Lee, Micah (22 June 2016). "Battle of the Secure Messaging Apps: How Signal Beats WhatsApp". The Intercept. First Look Media. Archived from the original on 19 February 2017. Retrieved 6 September 2016.
- ^ O'Flaherty, Kate. "Signal Will Now Blur Protesters' Faces: Here's How It Works". Forbes. Archived from the original on 4 June 2020. Retrieved 5 June 2020.
- ^ Vincent, James (4 June 2020). "Signal announces new face-blurring tool for Android and iOS". The Verge. Archived from the original on 4 June 2020. Retrieved 5 June 2020.
- ^ a b c "In-app Payments". support.signal.org. Signal Messenger. Archived from the original on 9 January 2022. Retrieved 12 January 2022.
- ^ a b Greenberg, Andy (6 January 2022). "Signal's Cryptocurrency Feature Has Gone Worldwide". Wired. Archived from the original on 11 January 2022. Retrieved 12 January 2022.
- ^ "Keep your phone number private with Signal usernames". Signal Messenger. Retrieved 21 February 2024.
- ^ Greenberg, Andy. "Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private". Wired. ISSN 1059-1028. Retrieved 21 February 2024.
- ^ a b Kolenkina, Masha (20 November 2015). "Will any phone number work? How do I get a verification number?". Open Whisper Systems. Archived from the original on 16 January 2017. Retrieved 20 December 2015.
- ^ a b c d e Lee, Micah (28 September 2017). "How to Use Signal Without Giving Out Your Phone Number". The Intercept. Archived from the original on 22 January 2020. Retrieved 25 February 2018.
- ^ "Troubleshooting multiple devices". support.signal.org. Signal Messenger LLC. Archived from the original on 20 December 2019. Retrieved 20 March 2019.
- ^ "Allow different kinds of identifiers for registration · Issue #1085 · signalapp/Signal-Android". GitHub. Archived from the original on 15 February 2020. Retrieved 25 February 2018.
- ^ "Discussion: A proposal for alternative primary identifiers". Signal Community. 24 May 2018. Archived from the original on 28 June 2020. Retrieved 26 June 2020.
- ^ "Keep your phone number private with Signal usernames". Signal Messenger. Retrieved 21 February 2024.
- ^ Lovejoy, Ben (21 May 2020). "Signal registration lock stops your account being hijacked on a new phone". 9 to 5 Mac. Archived from the original on 13 December 2023. Retrieved 27 May 2023.
- ^ Fedewa, Joe (27 January 2021). "How to Use Signal on Your Desktop Computer". How-To Geek. Archived from the original on 25 June 2022. Retrieved 31 May 2022.
- ^ Marlinspike, Moxie (17 November 2016). "Safety number updates". Open Whisper Systems. Archived from the original on 17 July 2017. Retrieved 17 July 2017.
- ^ Elizabeth, Pineau (29 November 2023). "Stop using WhatsApp, get Paris-made alternative, French PM tells ministers". Reuters. Archived from the original on 1 December 2023. Retrieved 3 December 2023.
- ^ Unger et al. 2015, p. 241
- ^ Marlinspike, Moxie; Perrin, Trevor. "The X3DH Key Agreement Protocol". signal.org. Archived from the original on 23 November 2020. Retrieved 24 December 2020.
- ^ a b c d Unger et al. 2015, p. 239
- ^ Pauli, Darren. "Auditors find encrypted chat client TextSecure is secure". The Register. Archived from the original on 4 November 2014. Retrieved 17 March 2024.
- ^ a b Brook, Chris (10 November 2016). "Signal Audit Reveals Protocol Cryptographically Sound". Threatpost. Kaspersky Lab. Archived from the original on 14 February 2017. Retrieved 11 November 2016.
- ^ a b c Cohn-Gordon et al. 2016
- ^ Rösler, Paul; Mainka, Christian; Schwenk, Jörg (2017). "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema" (PDF). 3rd IEEE European Symposium on Security and Privacy. Archived (PDF) from the original on 19 November 2019. Retrieved 1 November 2019.
- ^ a b Lund, Joshua (11 January 2018). "Signal partners with Microsoft to bring end-to-end encryption to Skype". Open Whisper Systems. Archived from the original on 2 February 2020. Retrieved 17 January 2018.
- ^ Marlinspike, Moxie (18 May 2016). "Open Whisper Systems partners with Google on end-to-end encryption for Allo". Open Whisper Systems. Archived from the original on 22 January 2020. Retrieved 22 August 2018.
- ^ "Moxie Marlinspike – 40 under 40". Fortune. 2016. Archived from the original on 3 February 2017. Retrieved 6 October 2016.
- ^ Marlinspike, Moxie (8 July 2016). "Facebook Messenger deploys Signal Protocol for end to end encryption". Open Whisper Systems. Archived from the original on 1 July 2017. Retrieved 10 May 2017.
- ^ Gebhart, Gennie (3 October 2016). "Google's Allo Sends The Wrong Message About Encryption". Electronic Frontier Foundation. Archived from the original on 30 August 2018. Retrieved 20 August 2018.
- ^ a b Marlinspike, Moxie (17 July 2012). "Encryption Protocols". GitHub. Archived from the original on 5 September 2015. Retrieved 8 January 2016.
- ^ Greenberg, Andy (14 February 2017). "The Best Encrypted Chat App Now Does Video Calls Too". Wired. Archived from the original on 15 February 2017. Retrieved 15 February 2017.
- ^ a b c Ganor, Alon (10 December 2020). "Cellebrite's New Solution for Decrypting the Signal App". Cellebrite. Archived from the original on 10 December 2020. Retrieved 22 December 2020.
- ^ Matthew D. Green [@matthew_d_green] (10 December 2020). "Someone asked me what this Cellebrite post meant, and whether it's a big deal for Signal. From what I can see it just means Cellebrite can read your texts if they have your (unlocked) phone, which, duh" (Tweet). Retrieved 22 December 2020 – via Twitter.
- ^ Edward Snowden [@Snowden] (15 December 2020). "No, Cellebrite cannot decrypt Signal communications. What they sell is a forensic device cops connect to insecure, unlockable phones to download a bunch of popular apps' data more easily than doing it manually. They just added Signal to that app list. That's it. There's no magic" (Tweet). Retrieved 22 December 2020 – via Twitter.
- ^ Benjakob, Omer (14 December 2020). "Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App". Haaretz. Archived from the original on 21 December 2020. Retrieved 22 December 2020.
- ^ Wakefield, Jane (22 December 2020). "Signal: Cellebrite claimed to have cracked chat app's encryption". BBC News. Archived from the original on 24 December 2020. Retrieved 22 December 2020.
- ^
- Matthew D. Green [@matthew_d_green] (10 December 2020). "Someone asked me what this Cellebrite post meant, and whether it's a big deal for Signal. From what I can see it just means Cellebrite can read your texts if they have your (unlocked) phone, which, duh" (Tweet). Retrieved 22 December 2020 – via Twitter.
- Edward Snowden [@Snowden] (15 December 2020). "No, Cellebrite cannot decrypt Signal communications. What they sell is a forensic device cops connect to insecure, unlockable phones to download a bunch of popular apps' data more easily than doing it manually. They just added Signal to that app list. That's it. There's no magic" (Tweet). Retrieved 22 December 2020 – via Twitter.
- Bruce Schneier (21 December 2020). "Cellebrite Can Break Signal". Schneier on Security. Archived from the original on 24 December 2020. Retrieved 24 December 2020.
I finally got the chance to read all of this more carefully, and it seems that all Cellebrite is doing is reading the texts off of a phone they can already access. To [sic] this has nothing to do with Signal at all. So: never mind.
- John Scott-Railton (Citizen Lab) [@jsrailton] (22 December 2020). "Dangerous misunderstanding spreading that @Cellebrite_UFED can 'crack' & intercept @signalapp. This is FALSE. Modest reality: Cellebrite claimed to extract the Signal chat database from an unlocked Android in their possession" (Tweet). Retrieved 24 December 2020 – via Twitter.
- ^ Marlinspike, Moxie (23 December 2020). "No, Cellebrite cannot 'break Signal encryption.'". signal.org. Signal Messenger. Archived from the original on 24 December 2020. Retrieved 24 December 2020.
- ^ Signal [@signalapp] (17 December 2020). "No, Haaretz was duped. The original blog post was about accessing data on an unlocked Android phone in their physical possession. They could have just opened the app to look at the messages" (Tweet). Retrieved 22 December 2020 – via Twitter.
- ^ Betz, Bradford (9 February 2021). "Court documents show FBI may have tool to access private Signal messages on locked iPhones". FOXBusiness. Archived from the original on 14 February 2021. Retrieved 14 February 2021.
- ^ Abrams, Lawrence (23 October 2018). "Signal Desktop Leaves Message Decryption Key in Plain Sight". BleepingComputer. Archived from the original on 27 March 2019. Retrieved 19 March 2021.
- ^ a b "Privacy Policy". Signal Messenger LLC. 25 May 2018. Archived from the original on 24 June 2018. Retrieved 24 June 2018.
- ^ a b c Moxie Marlinspike (3 January 2013). "The Difficulty Of Private Contact Discovery". Open Whisper Systems. Archived from the original on 4 March 2016. Retrieved 14 January 2016.
- ^ Rottermanner et al. 2015, p. 4
- ^ Marlinspike, Moxie (26 September 2017). "Technology preview: Private contact discovery for Signal". Open Whisper Systems. Archived from the original on 28 September 2017. Retrieved 28 September 2017.
- ^ Greenberg, Andy (26 September 2017). "Signal Has a Fix for Apps' Contact-Leaking Problem". Wired. Archived from the original on 27 September 2017. Retrieved 28 September 2017.
- ^ Frosch et al. 2016, p. 7
- ^ Brandom, Russell (29 July 2014). "Signal brings painless encrypted calling to iOS". The Verge. Archived from the original on 3 February 2015. Retrieved 26 January 2015.
- ^ Moxie Marlinspike (5 May 2014). "Private Group Messaging". Open Whisper Systems. Archived from the original on 14 July 2014. Retrieved 9 July 2014.
- ^ Moxie Marlinspike (24 February 2014). "The New TextSecure: Privacy Beyond SMS". Open Whisper Systems. Archived from the original on 24 February 2014. Retrieved 26 February 2014.
- ^ Andy Greenberg (9 December 2013). "Ten Million More Android Users' Text Messages Will Soon Be Encrypted By Default". Forbes. Archived from the original on 4 March 2014. Retrieved 28 February 2014.
- ^ Seth Schoen (28 December 2013). "2013 in Review: Encrypting the Web Takes A Huge Leap Forward". Electronic Frontier Foundation. Archived from the original on 1 February 2014. Retrieved 1 March 2014.
- ^ a b Moxie Marlinspike (9 December 2013). "TextSecure, Now With 10 Million More Users". Open Whisper Systems. Archived from the original on 25 February 2014. Retrieved 28 February 2014.
- ^ CyanogenMod (7 January 2014). "android_external_whispersystems_WhisperPush". GitHub. Archived from the original on 28 June 2015. Retrieved 26 March 2015.
- ^ Sinha, Robin (20 January 2016). "CyanogenMod to Shutter WhisperPush Messaging Service on February 1". Gadgets360. NDTV. Archived from the original on 11 October 2016. Retrieved 17 March 2024.
- ^ a b Edge, Jake (18 May 2016). "The perils of federated protocols". LWN.net. Archived from the original on 14 September 2016. Retrieved 5 July 2016.
- ^ Le Bihan, Michel (24 May 2016). "README.md". GitHub. LibreSignal. Archived from the original on 27 June 2017. Retrieved 6 November 2016.
- ^ "Support for using Signal without Play Services · signalapp/Signal-Android@1669731". GitHub. Archived from the original on 15 February 2020. Retrieved 3 January 2020.
- ^ Marlinspike, Moxie (31 March 2016). "Reproducible Signal builds for Android". Open Whisper Systems. Archived from the original on 15 May 2017. Retrieved 31 March 2016.
- ^ "Improving first impressions on Signal". Signal Messenger. Archived from the original on 24 September 2023. Retrieved 5 December 2021.
- ^ "Surveillance Self-Defense. Communicating with Others". Electronic Frontier Foundation. 23 October 2014. Archived from the original on 8 November 2014. Retrieved 25 January 2015.
- ^ Eddy, Max (11 March 2014). "Snowden to SXSW: Here's How To Keep The NSA Out Of Your Stuff". PC Magazine: SecurityWatch. Archived from the original on 16 March 2014. Retrieved 17 March 2024.
- ^ "The Virtual Interview: Edward Snowden – The New Yorker Festival". The New Yorker. 11 October 2014. Archived from the original on 9 January 2021. Retrieved 24 May 2015 – via YouTube.
- ^ "Prying Eyes: Inside the NSA's War on Internet Security". Der Spiegel. 28 December 2014. Archived from the original on 24 January 2015. Retrieved 23 January 2015.
- ^ "Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not" (PDF). Der Spiegel. 28 December 2014. Archived from the original (PDF) on 8 October 2018. Retrieved 23 January 2015.
- ^ Bilton, Nick (26 August 2016). "How the Clinton Campaign Is Foiling the Kremlin". Vanity Fair. Archived from the original on 29 August 2016. Retrieved 1 September 2016.
- ^ Blake, Andrew (27 August 2016). "Democrats warned to use encryption weeks before email leaks". The Washington Times. The Washington Times, LLC. Archived from the original on 1 September 2016. Retrieved 1 September 2016.
- ^ Whittaker, Zack (16 May 2017). "In encryption push, Senate staff can now use Signal for secure messaging". ZDNet. Archived from the original on 19 July 2017. Retrieved 20 July 2017.
- ^ Wyden, Ron (9 May 2017). "Ron Wyden letter on Signal encrypted messaging". Documentcloud. Zack Whittaker, ZDNet. Archived from the original on 6 June 2017. Retrieved 20 July 2017.
- ^ "Signal's Messenger Eavesdropping Exploit – SaltDNA CTO Shares His Views". Archived from the original on 11 August 2020. Retrieved 24 September 2021.
- ^ "1943 – project-zero – Project Zero – Monorail". bugs.chromium.org. Archived from the original on 28 March 2021. Retrieved 3 March 2021.
- ^ "Signal Messenger Eavesdropping Exploit Confirmed—What You Need to Know". Forbes. Archived from the original on 17 February 2021. Retrieved 3 March 2021.
- ^ "EU Commission to staff: Switch to Signal messaging app". Politico EU. 20 February 2020. Archived from the original on 20 February 2020. Retrieved 20 February 2020.
- ^ Molla, Rani (3 June 2020). "From Citizen to Signal, the most popular apps right now reflect America's protests". Vox. Archived from the original on 7 June 2020. Retrieved 7 June 2020.
- ^ Lee, Timothy B. (8 July 2020). "Hong Kong downloads of Signal surge as residents fear crackdown". Ars Technica. Archived from the original on 11 July 2020. Retrieved 12 July 2020.
- ^ "How to share documents and news tips with Washington Post journalists". The Washington Post. Archived from the original on 4 June 2020. Retrieved 17 January 2021.
- ^ Hoyland, Luke; Fenn, Chris. "Contact the Guardian securely". The Guardian. Archived from the original on 7 January 2021. Retrieved 17 January 2021.
- ^ "Tips". The New York Times. 14 December 2016. ISSN 0362-4331. Archived from the original on 9 June 2020. Retrieved 17 January 2021.
- ^ "WSJ.com Secure Drop". The Wall Street Journal. Archived from the original on 24 July 2020. Retrieved 17 January 2021.
- ^ Marczak, Bill; Scott-Railton, John; Berdan, Kristin; Razzak, Bahr Abdul; Deibert, Ron (15 July 2021). "Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus". The Citizen Lab. Archived from the original on 29 May 2023. Retrieved 20 July 2021.
- ^ "PM lodges report over hacked Telegram, Signal accounts". The Star. Archived from the original on 9 August 2022. Retrieved 9 August 2022.
- ^ Greenberg, Andy (6 April 2021). "Signal Adds a Payments Feature—With a Privacy-Focused Cryptocurrency". Wired. Archived from the original on 8 April 2021. Retrieved 12 January 2022.
- ^ "Signal Adds Cryptocurrency Support". Schneier on Security. 7 April 2021. Archived from the original on 8 April 2021. Retrieved 8 April 2021.
- ^ Cox, Joseph (19 December 2016). "Signal Claims Egypt Is Blocking Access to Encrypted Messaging App". Motherboard. Vice Media LLC. Archived from the original on 29 June 2017. Retrieved 17 March 2024.
- ^ a b Marlinspike, Moxie (21 December 2016). "Doodles, stickers, and censorship circumvention for Signal Android". Open Whisper Systems. Archived from the original on 28 December 2016. Retrieved 20 July 2017.
- ^ Greenberg, Andy (21 December 2016). "Encryption App 'Signal' Fights Censorship with a Clever Workaround". Wired. Archived from the original on 11 July 2017. Retrieved 20 July 2017.
- ^ "SignalServiceNetworkAccess.kt". GitHub. Signal Foundation. Archived from the original on 17 May 2022. Retrieved 17 May 2022.
- ^ a b c Frenkel, Sheera (2 January 2018). "Iranian Authorities Block Access to Social Media Tools". The New York Times. Archived from the original on 16 January 2018. Retrieved 15 January 2018.
- ^ a b "Domain Fronting for Iran #7311". GitHub. 1 January 2018. Retrieved 17 March 2024.
- ^ Brandom, Russell (2 January 2018). "Iran blocks encrypted messaging apps amid nationwide protests". The Verge. Archived from the original on 22 March 2018. Retrieved 23 March 2018.
- ^ Marlinspike, Moxie (1 May 2018). "A letter from Amazon". signal.org. Open Whisper Systems. Archived from the original on 3 January 2019. Retrieved 10 January 2019.
- ^ Gallagher, Sean (2 May 2018). "Amazon blocks domain fronting, threatens to shut down Signal's account". Ars Technica. Archived from the original on 24 January 2019. Retrieved 23 January 2019.
- ^ Parrelli, Greyson (4 April 2019). "Attempt to resolve connectivity problems for some users". GitHub. Signal Messenger LLC. Archived from the original on 17 January 2021. Retrieved 2 May 2019.
- ^ "حذف سیگنال از فروشگاههای نرمافزار آنلاین در ایران". BBC News فارسی (in Persian). 15 January 2021. Archived from the original on 17 January 2021. Retrieved 17 January 2021.
- ^ "پیامرسان سیگنال به "دستور کمیته فیلترینگ" از فروشگاههای آنلاین در ایران حذف شد". رادیو فردا (in Persian). Radio Farda. Archived from the original on 13 December 2023. Retrieved 17 January 2021.
- ^ Jones, Rhett (27 January 2021). "Signal Blocked by Iran as Encrypted Messaging App's Popularity Explodes". Gizmodo. Archived from the original on 28 January 2021. Retrieved 28 January 2021.
- ^ Liao, Rita (15 March 2021). "Rising encrypted app Signal is down in China". TechCrunch. Archived from the original on 16 March 2021. Retrieved 16 March 2021.
- ^ Lomas, Natasha (19 April 2024). "Apple pulls WhatsApp, Threads from China App Store following state order". TechCrunch. Retrieved 19 April 2024.
- ^ a b Peters, Jay (9 August 2024). "Signal has been blocked by Venezuela and Russia". The Verge. Retrieved 14 August 2024.
- ^ "Мессенджер Signal заблокирован в России". [Kommersant] (in Russian). 9 August 2024.
- ^ Nierenberg, Amelia (11 June 2020). "Signal Downloads Are Way Up Since the Protests Began". The New York Times. Archived from the original on 25 June 2020. Retrieved 12 May 2023.
- ^ Nebehay, Stephanie (17 March 2021). "U.N. team seeks evidence linking Myanmar military leaders to crimes". Reuters. Archived from the original on 25 March 2021. Retrieved 24 March 2021.
- ^ a b c Newton, Casey (26 January 2021). "🚨 The battle inside Signal". platformer.news. Archived from the original on 13 December 2023. Retrieved 17 March 2024.
- ^ Tripathi, Rahul (11 April 2016). "Dangerous Signal: This encrypted app is helping ISIS members in India to communicate". The Times of India. Archived from the original on 30 September 2020. Retrieved 13 January 2021.
A group of terrorist suspects in India said to be inspired by Islamic State wanted to emulate US whistleblower Edward Snowden and use encrypted communication tool Signal to stay in touch, it was revealed in interrogation by the National Investigation Agency (NIA).
- ^ Frenkel, Sheera (11 January 2021). "Fringe Groups Splinter Online After Facebook and Twitter Bans". The New York Times. Archived from the original on 12 January 2021. Retrieved 13 January 2021.
In the days since rioters stormed Capitol Hill, fringe groups like armed militias, QAnon conspiracy theorists and far-right supporters of President Trump have vowed to continue their fight in hundreds of conversations on a range of internet platforms. Some of the organizers have moved to encrypted messaging apps like Telegram and Signal, which cannot be as easily monitored as social media platforms.
- ^ Glaser, April (11 August 2018). "How White Supremacists Planned Their Rally in D.C." Slate. Archived from the original on 24 December 2020. Retrieved 13 January 2021.
This year, Kessler and his fellow white nationalist co-organizers switched much of their rally planning throughout the summer to private groups on Facebook Messenger and the encrypted texting app Signal...
- ^ Daly, Kye (11 January 2021). "The online far right is moving underground". Axios. Archived from the original on 12 January 2021. Retrieved 12 January 2021.
Telegram and Signal are far more stable and secure and could prove more enduring homes and recruitment stations for far-right groups.
- ^ Glaser, April (9 October 2018). "White Supremacists Still Have a Safe Space Online". Slate. Archived from the original on 6 January 2021. Retrieved 12 January 2021.
A year later, in the runup to an ultimately barely attended sequel to Unite the Right in D.C., organizers appeared to stay off the platform, opting instead to discuss logistics over Facebook Messenger and the encrypted texting app Signal.
- ^ "Secure messaging app Signal has been effectively criminalized in Turkey – Nordic Monitor". nordicmonitor.com. 8 July 2021. Archived from the original on 25 December 2023. Retrieved 25 December 2023.
- ^ "Turkey's new media law is bad news – but don't report it". Brookings. Archived from the original on 25 December 2023. Retrieved 25 December 2023.
Bibliography
[edit]- Cohn-Gordon, Katriel; Cremers, Cas; Dowling, Benjamin; Garratt, Luke; Stebila, Douglas (25 October 2016). "A Formal Security Analysis of the Signal Messaging Protocol" (PDF). Cryptology ePrint Archive. International Association for Cryptologic Research (IACR). Archived (PDF) from the original on 22 February 2017. Retrieved 11 December 2016.
- Frosch, Tilman; Mainka, Christian; Bader, Christoph; Bergsma, Florian; Schwenk, Jörg; Holz, Thorsten (March 2016). "How Secure is TextSecure?" (PDF). 2016 IEEE European Symposium on Security and Privacy (EuroS&P). 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrücken, Germany: IEEE. pp. 457–472. CiteSeerX 10.1.1.689.6003. doi:10.1109/EuroSP.2016.41. ISBN 978-1-5090-1752-2. Archived (PDF) from the original on 28 February 2019. Retrieved 8 February 2022.
- Rottermanner, Christoph; Kieseberg, Peter; Huber, Markus; Schmiedecker, Martin; Schrittwieser, Sebastian (December 2015). Privacy and Data Protection in Smartphone Messengers (PDF). Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (iiWAS2015). ACM International Conference Proceedings Series. ISBN 978-1-4503-3491-4. Archived (PDF) from the original on 27 March 2016. Retrieved 17 March 2024.
- Schröder, Svenja; Huber, Markus; Wind, David; Rottermanner, Christoph (18 July 2016). When Signal hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging (PDF). Proceedings of the 1st European Workshop on Usable Security (EuroUSEC '16). Darmstadt, Germany: Internet Society (ISOC). ISBN 978-1-891562-45-7. Archived from the original (PDF) on 28 August 2016. Retrieved 29 August 2016.
- Unger, Nik; Dechand, Sergej; Bonneau, Joseph; Fahl, Sascha; Perl, Henning; Goldberg, Ian Avrum; Smith, Matthew (2015). "SoK: Secure Messaging" (PDF). 2015 IEEE Symposium on Security and Privacy. Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society's Technical Committee on Security and Privacy. pp. 232–249. doi:10.1109/SP.2015.22. ISBN 978-1-4673-6949-7. Archived (PDF) from the original on 4 March 2016. Retrieved 17 March 2024.
External links
[edit]- 2014 software
- Cross-platform software
- Cryptographic software
- End-to-end encryption
- Free and open-source Android software
- Free instant messaging clients
- Free security software
- Free software programmed in Java (programming language)
- Free VoIP software
- Instant messaging clients programmed in Java
- Internet privacy software
- IOS software
- Secure communication