>Owsum |
>Owsum |
| Line 1: |
Line 1: |
| {{delete|direct copy from wikipedia}} | | {{delete|direct copy from wikipedia}} |
|
| |
| {{short description|Free encrypted communications app}}
| |
| {{Infobox software
| |
| | name = Signal
| |
| | logo = Signal Blue Icon.png
| |
| | screenshot = Screenshot Signal.png
| |
| | caption = Signal running on iOS
| |
| | author =
| |
| | developer = {{Plainlist|
| |
| * [[Signal Foundation]],
| |
| * [[Signal Messenger LLC]] and contributors
| |
| }}
| |
| | released = {{Start date|2014|7|29}}<ref name="Greenberg-2014-07-29" /><ref name="Marlinspike-2014-07-29">{{cite web| url=https://whispersystems.org/blog/signal/ |title=Free, Worldwide, Encrypted Phone Calls for iPhone |publisher= Open Whisper Systems |first=Moxie |last=Marlinspike |date= 29 July 2014 |accessdate= 16 January 2017}}</ref>
| |
| | operating system = {{Plainlist|
| |
| * [[Android 4.4]] or later
| |
| * [[iOS 10]] or later
| |
| * [[Windows 7]] or later (64-bit)<ref name="standalone-signal-desktop">{{cite web|last1=Nonnenberg|first1=Scott|title=Standalone Signal Desktop|url=https://signal.org/blog/standalone-signal-desktop/|publisher=Open Whisper Systems|accessdate=31 October 2017|date=31 October 2017}}</ref>
| |
| * [[MacOS 10.10]] or later<ref name="Installing-Signal">{{cite web|url=https://support.signal.org/hc/en-us/articles/360008216551#install_desktop|title=Installing Signal - Signal Support}}</ref>
| |
| * [[Linux distribution]]s supporting [[APT (Debian)|APT]]<ref name="standalone-signal-desktop"/>
| |
| }}
| |
| | platform =
| |
| | size =
| |
| <!-- language varies based on the platform
| |
| | language count = 51
| |
| | language footnote = <ref>{{cite web |title=Signal Messenger localization |url=https://www.transifex.com/signalapp/public/ |website=Transifex |accessdate=5 November 2018}}</ref>-->
| |
| | programming language =
| |
| | genre = Encrypted [[voice calling]], [[video calling]] and [[instant messaging]]
| |
| | license = {{Plain list|
| |
| * '''Clients:''' [[GNU General Public License|GPLv3]]<ref name="signal-ios-github" /><ref name="signal-android-github" /><ref name="signal-desktop-github"/>
| |
| * '''Server:''' [[AGPLv3]]<ref name="Signal-Server" />
| |
| }}
| |
| }}
| |
|
| |
| '''Signal''' is a [[Cross-platform software|cross-platform]] [[encryption|encrypted]] [[messaging app|messaging service]] developed by the [[Signal Foundation]] and [[Signal Messenger LLC]]. It uses the Internet to send one-to-one and group messages, which can include files, voice notes, images and videos.<ref name="arbitrary-file-types"/> Its mobile apps can also make one-to-one voice and video calls,<ref name="Mott-2017-03-14"/> and the Android version can optionally function as an SMS app.<ref name="Frosch 2016"/>
| |
|
| |
| Signal uses standard cellular [[telephone number]]s as identifiers and uses [[end-to-end encryption]] to secure all communications to other Signal users. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel.<ref name="Frosch 2016"/><ref name="Schröder-2016"/>
| |
|
| |
| All Signal software is [[free and open-source software|free and open-source]]. The [[Client (computing)|clients]] are published under the [[GPLv3]] license,<ref name="signal-ios-github" /><ref name="signal-android-github" /><ref name="signal-desktop-github"/> while the [[Server (computing)|server]] code is published under the [[AGPLv3]] license.<ref name="Signal-Server" /> The non-profit Signal Foundation was launched in February 2018 with an initial funding of $50 million.<ref name="Greenberg-2018-02-21"/>
| |
|
| |
| ==History==
| |
| {{Signal timeline}}
| |
|
| |
| ===2010–2013: Origins===
| |
| Signal is the successor of the [[RedPhone]] encrypted voice calling app and the [[TextSecure]] encrypted texting program. The [[beta version]]s of RedPhone and TextSecure were first launched in May 2010 by [[Whisper Systems]],<ref name="whispersystems-2010-05-25">{{cite web |url=http://www.whispersys.com/updates.html |title=Announcing the public beta |date=25 May 2010 |archiveurl= https://web.archive.org/web/20100530011131/http://www.whispersys.com/updates.html |archivedate= 30 May 2010 |publisher=Whisper Systems |accessdate=22 January 2015}}</ref> a startup company co-founded by security researcher [[Moxie Marlinspike]] and roboticist Stuart Anderson.<ref name="Garling-2011-12-20" /><ref>{{cite web|url=http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=141104009|title=Company Overview of Whisper Systems Inc. |publisher=Bloomberg Businessweek |date= |accessdate=2014-03-04}}</ref> Whisper Systems also produced a firewall and tools for encrypting other forms of data.<ref name="Garling-2011-12-20" /><ref name="Greenberg-2010-05-25" /> All of these were [[Proprietary software|proprietary]] enterprise mobile security software and were only available for Android.
| |
|
| |
| In November 2011, Whisper Systems announced that it had been acquired by [[Twitter]]. The financial terms of the deal were not disclosed by either company.<ref name="Cheredar-2011-11-28" /> The acquisition was done "primarily so that Mr. Marlinspike could help the then-startup improve its security".<ref name="Yadron-2015">{{cite news|last1=Yadron|first1=Danny|title=Moxie Marlinspike: The Coder Who Encrypted Your Texts|url=https://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274|accessdate=10 July 2015|work=The Wall Street Journal|date=9 July 2015}}</ref> Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable.<ref name="Greenberg-2011-11-28" /> Some criticized the removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the [[2011 Egyptian revolution]].<ref name="Garling-2011-11-28" />
| |
|
| |
| Twitter released TextSecure as [[free and open-source software]] under the [[GNU General Public License|GPLv3]] license in December 2011.<ref name="Garling-2011-12-20"/><ref name="Aniszczyk-2011-12-20" /><ref name="whispersystems-2011-12-20">{{cite web |url=http://www.whispersys.com/updates.html |title= TextSecure is now Open Source! |archiveurl= https://web.archive.org/web/20120106024504/http://www.whispersys.com/updates.html |archivedate= 6 January 2012 |date= 20 December 2011 |publisher=Whisper Systems |accessdate=22 January 2015}}</ref><ref name="Pachal-2011-12-20" /> RedPhone was also released under the same license in July 2012.<ref name="whispersystems-2012-07-18">{{cite web |url=http://www.whispersys.com/updates.html |title= RedPhone is now Open Source! |archiveurl= https://web.archive.org/web/20120731143138/http://www.whispersys.com/updates.html |archivedate= 31 July 2012 |date= 18 July 2012 |publisher=Whisper Systems |accessdate=22 January 2015}}</ref> Marlinspike later left Twitter and founded Open Whisper Systems as a collaborative Open Source project for the continued development of TextSecure and RedPhone.<ref name="Greenberg-2014-07-29" /><ref name="welcome" />
| |
|
| |
| ===2013–2018: Open Whisper Systems===
| |
| Open Whisper Systems' website was launched in January 2013.<ref name="welcome" />
| |
|
| |
| In February 2014, Open Whisper Systems introduced the second version of their TextSecure Protocol (now [[Signal Protocol]]), which added end-to-end encrypted group chat and instant messaging capabilities to TextSecure.<ref name="Donohue-2014">{{cite web|date=24 February 2014 |first=Brian |last=Donohue |url=https://threatpost.com/textsecure-sheds-sms-in-latest-version/104456 |title=TextSecure Sheds SMS in Latest Version |website=Threatpost |accessdate=14 July 2016}}</ref> Toward the end of July 2014, they announced plans to unify the RedPhone and TextSecure applications as Signal.<ref name="Mimoso-2014-07-29" /> This announcement coincided with the initial release of Signal as a RedPhone counterpart for iOS. The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client.<ref name="Mimoso-2014-07-29" /> Signal was the first iOS app to enable easy, strongly encrypted voice calls for free.<ref name="Greenberg-2014-07-29" /><ref name="Evans-2014-07-29" /> TextSecure compatibility was added to the iOS application in March 2015.<ref name="Lee-2015-03-02" /><ref name="Geuss-2015-03-03" />
| |
|
| |
| [[File:TextSecure Blue Icon.png|100px|thumb|left|The Android client's logo from February 2015 to March 2017.]]
| |
| From its launch in May 2010<ref name="whispersystems-2010-05-25" /> until March 2015, the Android version of Signal (then called TextSecure) included support for encrypted SMS/MMS messaging.<ref>{{cite web |url=https://whispersystems.org/blog/goodbye-encrypted-sms/ |title=Saying goodbye to encrypted SMS/MMS |author=Open Whisper Systems |date=6 March 2015 |accessdate=24 March 2016}}</ref> From version 2.7.0 onward, the Android application only supported sending and receiving encrypted messages via the data channel.<ref name="Rottermanner-2015-p3"/> Reasons for this included security flaws of SMS/MMS and problems with the key exchange.<ref name="Rottermanner-2015-p3">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=3}}</ref> Open Whisper Systems' abandonment of SMS/MMS encryption prompted some users to create a [[Fork (software development)|fork]] named Silence (initially called SMSSecure<ref name="github383">{{cite web|url=https://github.com/SilenceIM/Silence/pull/383|author=BastienLQ|title= Change the name of SMSSecure |website=GitHub|publisher=SilenceIM |type=pull request |date=20 April 2016|accessdate=27 August 2016}}</ref>) that is meant solely for the exchange of encrypted SMS and MMS messages.<ref name="Heise-April-2015">{{cite web|title=TextSecure-Fork bringt SMS-Verschlüsselung zurück|url=http://www.heise.de/security/meldung/TextSecure-Fork-bringt-SMS-Verschluesselung-zurueck-2595471.html|website=Heise|accessdate=29 July 2015|language=de|date=2 April 2015}}</ref><ref name="derstandard">{{cite web|title=SMSSecure: TextSecure-Abspaltung belebt SMS-Verschlüsselung wieder|url=http://derstandard.at/2000013841576/SMSSecure-TextSecure-Abspaltung-belebt-SMS-Verschluesselung-wieder|website=Der Standard|accessdate=1 August 2015|language=de|date=3 April 2015}}</ref>
| |
|
| |
| In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for Android.<ref name="Greenberg-2015-11-2">{{cite journal|last1=Greenberg|first1=Andy|title=Signal, the Snowden-Approved Crypto App, Comes to Android|url=https://www.wired.com/2015/11/signals-snowden-approved-phone-crypto-app-comes-to-android/|journal=Wired|publisher=Condé Nast|accessdate=19 March 2016|date=2 November 2015}}</ref> A month later, Open Whisper Systems announced Signal Desktop, a [[Google Chrome Apps|Chrome app]] that could link with a Signal mobile client.<ref name="Motherboard-2015-12-02">{{cite web|last1=Franceschi-Bicchierai|first1=Lorenzo|title=Snowden's Favorite Chat App Is Coming to Your Computer|url=http://motherboard.vice.com/read/signal-snowdens-favorite-chat-app-is-coming-to-your-computer|website=Motherboard|publisher=Vice Media LLC|accessdate=4 December 2015|date=2 December 2015}}</ref> At launch, the app could only be linked with the Android version of Signal.<ref name="Coldewey-2016-04-07">{{cite web|last1=Coldewey|first1=Devin|title=Now's your chance to try Signal's desktop Chrome app|url=https://techcrunch.com/2016/04/07/nows-your-chance-to-try-signals-desktop-chrome-app/|website=TechCrunch|publisher=AOL Inc.|accessdate=5 May 2016|date=7 April 2016}}</ref> On September 26, 2016, Open Whisper Systems announced that Signal Desktop could now be linked with the iOS version of Signal as well.<ref name="signal-desktop-ios">{{cite web|last1=Marlinspike|first1=Moxie|title=Desktop support comes to Signal for iPhone|url=https://whispersystems.org/blog/signal-desktop-ios/|publisher=Open Whisper Systems|accessdate=26 September 2016|date=26 September 2016}}</ref> On October 31, 2017, Open Whisper Systems announced that the Chrome app was [[deprecation|deprecated]].<ref name="standalone-signal-desktop"/> At the same time, they announced the release of a standalone desktop client (based on the [[Electron (software framework)|Electron]] framework<ref name="signal-desktop-github" />) for Windows, MacOS and certain Linux distributions.<ref name="standalone-signal-desktop"/><ref>{{cite web|last1=Coldewey|first1=Devin|title=Signal escapes the confines of the browser with a standalone desktop app|url=https://techcrunch.com/2017/10/31/signal-escapes-the-confines-of-the-browser-with-a-standalone-desktop-app/|website=TechCrunch|publisher=[[Oath Tech Network]]|accessdate=31 October 2017|date=31 October 2017}}</ref>
| |
|
| |
| On October 4, 2016, the [[American Civil Liberties Union]] (ACLU) and Open Whisper Systems published a series of documents revealing that OWS had received a [[subpoena]] requiring them to provide information associated with two phone numbers for a federal [[Grand juries in the United States|grand jury]] investigation in the first half of 2016.<ref name="Perlroth-2016-10-04">{{cite web|last1=Perlroth|first1=Nicole|last2=Benner|first2=Katie|title=Subpoenas and Gag Orders Show Government Overreach, Tech Companies Argue|url=https://www.nytimes.com/2016/10/05/technology/subpoenas-and-gag-orders-show-government-overreach-tech-companies-argue.html|website=The New York Times|publisher=The New York Times Company|accessdate=4 October 2016|date=4 October 2016}}</ref><ref name="Kaufman-2016-10-04">{{cite web|last1=Kaufman|first1=Brett Max|title=New Documents Reveal Government Effort to Impose Secrecy on Encryption Company|url=https://www.aclu.org/blog/free-future/new-documents-reveal-government-effort-impose-secrecy-encryption-company|publisher=American Civil Liberties Union|type=Blog post|accessdate=4 October 2016|date=4 October 2016}}</ref><ref name="OWS-2016-10-04">{{cite web|title=Grand jury subpoena for Signal user data, Eastern District of Virginia|url=https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/|publisher=Open Whisper Systems|accessdate=4 October 2016|date=4 October 2016}}</ref> Only one of the two phone numbers was registered on Signal, and because of how the service is designed, OWS was only able to provide "the time the user's account had been created and the last time it had connected to the service".<ref name="Kaufman-2016-10-04"/><ref name="Perlroth-2016-10-04"/> Along with the subpoena, OWS received a [[gag order]] requiring OWS not to tell anyone about the subpoena for one year.<ref name="Perlroth-2016-10-04"/> OWS approached the ACLU, and they were able to lift part of the gag order after challenging it in court.<ref name="Perlroth-2016-10-04"/> OWS said it was the first time they had received a subpoena, and that they were committed to treat "any future requests the same way".<ref name="OWS-2016-10-04"/>
| |
|
| |
| In March 2017, Open Whisper Systems transitioned Signal's calling system from RedPhone to [[WebRTC]], also adding the ability to make video calls.<ref name="signal-video-calls-beta"/><ref name="signal-video-calls">{{cite web|last1=Marlinspike|first1=Moxie|title=Video calls for Signal out of beta|url=https://whispersystems.org/blog/signal-video-calls/|publisher=Open Whisper Systems|accessdate=17 July 2017|date=13 March 2017}}</ref><ref name="Mott-2017-03-14"/>
| |
|
| |
| ===2018–present: Signal Messenger===
| |
|
| |
| On February 21, 2018, Moxie Marlinspike and [[WhatsApp]] co-founder [[Brian Acton]] announced the formation of the [[Signal Foundation]], a [[501(c) organization|501(c)(3) nonprofit organization]] whose mission is "to support, accelerate, and broaden Signal’s mission of making private communication accessible and ubiquitous."<ref name="signal-foundation">{{cite web|last1=Marlinspike|first1=Moxie|last2=Acton|first2=Brian|title=Signal Foundation|url=https://signal.org/blog/signal-foundation/|website=Signal.org|accessdate=21 February 2018|date=21 February 2018}}</ref><ref name="Greenberg-2018-02-21"/> The foundation was started with an initial $50 million in funding from Acton, who had left WhatsApp's parent company Facebook in September 2017.<ref name="Greenberg-2018-02-21">{{cite journal|last1=Greenberg|first1=Andy|title=WhatsApp Co-Founder Puts $50M Into Signal To Supercharge Encrypted Messaging|url=https://www.wired.com/story/signal-foundation-whatsapp-brian-acton/|journal=Wired|publisher=Condé Nast|accessdate=21 February 2018|date=21 February 2018}}</ref> According to the announcement, Acton is the foundation's Executive Chairman and Marlinspike continues as the CEO of Signal Messenger.<ref name="signal-foundation"/>
| |
|
| |
| Between November 2019 and February 2020, Signal added support for iPads, view-once images and videos, stickers, and reactions.<ref name="Greenberg-2020"/> They also announced plans for a new group messaging system and an "experimental method for storing encrypted contacts in the cloud."<ref name="Greenberg-2020">{{cite news |last1=Greenberg |first1=Andy |title=Signal Is Finally Bringing Its Secure Messaging to the Masses |url=https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/ |accessdate=15 February 2020 |work=Wired |publisher=Condé Nast |date=14 February 2020}}</ref>
| |
|
| |
| ==Features==
| |
| Signal allows users to make voice and video<ref name="Mott-2017-03-14">{{cite web|last1=Mott|first1=Nathaniel|title=Signal's Encrypted Video Calling For iOS, Android Leaves Beta|url=http://www.tomshardware.com/news/signal-encrypted-video-calling-ios-android,33898.html|website=Tom's Hardware|publisher=Purch Group, Inc.|date=14 March 2017|accessdate=14 March 2017}}</ref> calls to other Signal users on iOS and Android. All calls are made over a [[Wi-Fi]] or data connection and (with the exception of data fees) are free of charge, including long distance and international.<ref name="Evans-2014-07-29" /> Signal also allows users to send text messages, files,<ref name="arbitrary-file-types">{{cite tweet |author=Signal |user=signalapp |number=859125874901135360 |date=1 May 2017 |title= Today's Signal release for Android, iOS, and Desktop includes the ability to send arbitrary file types.|accessdate=5 November 2018 }}</ref> voice notes, pictures, [[GIF]]s,<ref name="giphy-update">{{cite web|last1=Lund|first1=Joshua|title=Expanding Signal GIF search|url=https://signal.org/blog/signal-and-giphy-update/|publisher=Open Whisper Systems|accessdate=9 November 2017|date=1 November 2017}}</ref> and video messages over a Wi-Fi or data connection to other Signal users on iOS, Android and a desktop app. The app also supports group messaging.
| |
|
| |
| All communications to other Signal users are automatically end-to-end encrypted. The [[Key (cryptography)|keys]] that are used to encrypt the user's communications are generated and stored at the endpoints (i.e. by users, not by servers).<ref name="eff-2014-11-04" /> To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) [[Out-of-band data|out-of-band]].<ref name="Rottermanner-2015-p5"/> The app employs a [[trust on first use|trust-on-first-use]] mechanism in order to notify the user if a correspondent's key changes.<ref name="Rottermanner-2015-p5"/>
| |
|
| |
| On Android, users can opt into making Signal the default SMS/MMS application, allowing them to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages.<ref name="Donohue-2014"/> Users can then use the same application to communicate with contacts who do not have Signal.<ref name="Donohue-2014"/> Sending a message unencrypted is also available as an override between Signal users.<ref>https://support.signal.org/hc/en-us/articles/212535548-How-do-I-send-an-insecure-SMS-</ref>
| |
|
| |
| TextSecure allowed the user to set a passphrase that encrypted the local message database and the user's encryption keys.<ref name="Rottermanner-2015-p9">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=9}}</ref> This did not encrypt the user's contact database or message timestamps.<ref name="Rottermanner-2015-p9"/> The Signal applications on Android and iOS can be locked with the phone's pin, passphrase, or biometric authentication.<ref name="screen-lock">{{cite web|url=https://support.signal.org/hc/en-us/articles/360007059572-Screen-Lock|title=Screen Lock|website=support.signal.org|publisher=Signal|date=n.d.|accessdate=22 November 2018}}</ref> The user can define a "screen lock timeout" interval, providing an additional protection mechanism in case the phone is lost or stolen.<ref name="Rottermanner-2015-p5">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=5}}</ref><ref name="screen-lock"/>
| |
|
| |
| Signal also allows users to set timers to messages.<ref name="Greenberg-2016-10-11"/> After a specified time interval, the messages will be deleted from both the sender's and the receivers' devices.<ref name="Greenberg-2016-10-11">{{cite journal|last1=Greenberg|first1=Andy|title=Signal, the Cypherpunk App of Choice, Adds Disappearing Messages|url=https://www.wired.com/2016/10/signal-cypherpunk-app-choice-adds-disappearing-messages/|journal=Wired|publisher=Condé Nast|accessdate=11 October 2016|date=11 October 2016}}</ref> The time interval can be between five seconds and one week long,<ref name="Greenberg-2016-10-11"/> and the timer begins for each recipient once they have read their copy of the message.<ref name="disappearing-messages">{{cite web|last1=Marlinspike|first1=Moxie|title=Disappearing messages for Signal|url=https://www.whispersystems.org/blog/disappearing-messages/|publisher=Open Whisper Systems|accessdate=11 October 2016|date=11 October 2016}}</ref> The developers have stressed that this is meant to be "a collaborative feature for conversations where all participants want to automate minimalist data hygiene, not for situations where your contact is your adversary".<ref name="Greenberg-2016-10-11"/><ref name="disappearing-messages"/>
| |
|
| |
| Signal excludes users' messages from non-encrypted cloud backups by default.<ref name="Lee-2016-06-22"/>
| |
|
| |
| Signal has support for read receipts and typing indicators, both of which can be disabled.<ref>{{Cite web|url=http://support.signal.org/hc/en-us/articles/360007320751-How-do-I-know-if-my-message-was-delivered-or-read-|title=How do I know if my message was delivered or read?|website=Signal Support Center|publisher=Signal Messenger|language=en-US|access-date=2019-02-22}}</ref><ref>{{Cite web|url=http://support.signal.org/hc/en-us/articles/360020798451-Typing-Indicators|title=Typing Indicators|website=Signal Support Center|publisher=Signal Messenger|language=en-US|access-date=2019-02-22}}</ref>
| |
|
| |
| ==Limitations==
| |
| Signal requires that the user provides a phone number for verification,<ref name="phone-number">{{cite web|first=Masha|last=Kolenkina|title= Will any phone number work? How do I get a verification number?|url=http://support.whispersystems.org/hc/en-us/articles/212476118-Will-any-phone-number-work-How-do-I-get-a-verification-number-|publisher=Open Whisper Systems|date=20 November 2015|accessdate=20 December 2015}}</ref> eliminating the need for user names or passwords and facilitating contact discovery (see below).<ref name=":0">{{Cite web|url=https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/|title=How to Use Signal Without Giving Out Your Phone Number|last=Lee|first=Micah|date=2017-09-28|website=The Intercept|language=en-US|access-date=2018-02-25}}</ref> The number does not have to be the same as on the device's SIM card; it can also be a VoIP number<ref name="phone-number" /> or a landline as long as the user can receive the verification code and have a separate device to set up the software. A number can only be registered on one mobile device at a time.<ref name="multiple-devices"/>
| |
|
| |
| This mandatory connection to a phone number (a feature Signal shares with [[WhatsApp]], [[KakaoTalk]], and others) has been criticized as a "major issue" for privacy-conscious users who are not comfortable with giving out their private phone number.<ref name=":0" /> A workaround is to use a secondary phone number.<ref name=":0" /> The option to register with an email address instead of a phone number is a widely requested feature, which as of early 2018 has not yet been implemented.<ref name=":0" /><ref>{{Cite web|url=https://github.com/signalapp/Signal-Android/issues/1085|title=Allow different kinds of identifiers for registration · Issue #1085 · signalapp/Signal-Android|website=GitHub|language=en|access-date=2018-02-25}}</ref>
| |
|
| |
| Using phone numbers as identifiers may also create security risks that arise from the possibility of an attacker taking over a phone number.<ref name=":0" /> This can be mitigated by enabling an optional Registration Lock PIN in Signal's privacy settings.<ref>{{cite web |title=Registration Lock |url=https://support.signal.org/hc/en-us/articles/360007059792-Registration-Lock |website=support.signal.org |publisher=Signal Messenger LLC |accessdate=20 March 2019}}</ref>
| |
|
| |
| ===Android-specific===
| |
| From February 2014<ref name="Donohue-2014"/> to February 2017,<ref name="commit-16697313">{{cite web|last1=Marlinspike|first1=Moxie|title=Support for using Signal without Play Services|url=https://github.com/WhisperSystems/Signal-Android/commit/1669731329bcc32c84e33035a67a2fc22444c24b|website=GitHub|publisher=Open Whisper Systems|accessdate=24 February 2017|date=20 February 2017}}</ref> Signal's official Android client required the proprietary [[Google Play Services]] because the app was dependent on Google's [[Google Cloud Messaging|GCM]] push-messaging framework.<ref name="Google-Play-Services">{{cite web |url=http://support.whispersystems.org/hc/en-us/articles/213190817-Why-do-I-need-Google-Play-installed-to-use-Signal-How-can-I-get-Signal-APK- |archiveurl=https://web.archive.org/web/20160402043545/http://support.whispersystems.org/hc/en-us/articles/213190817-Why-do-I-need-Google-Play-installed-to-use-Signal-How-can-I-get-Signal-APK- |archivedate=2 April 2016 |title= Why do I need Google Play installed to use Signal? How can I get Signal APK? |author=Kolenkina, Masha|publisher=Open Whisper Systems |date=25 February 2016 |accessdate=13 October 2016}}</ref><ref name="commit-16697313"/> In March 2015, Signal moved to a model of handling the app's message delivery themselves and only using GCM for a wakeup event.<ref name="goodbye-encrypted-sms">{{cite web |first=Moxie |last=Marlinspike|title=Saying goodbye to encrypted SMS/MMS |url=https://whispersystems.org/blog/goodbye-encrypted-sms/|publisher=Open Whisper Systems|date=6 March 2015|accessdate=20 December 2015}}</ref> In February 2017, Signal's developers implemented [[WebSocket]] support into the client, making it possible for it to be used without Google Play Services.<ref name="commit-16697313"/>
| |
|
| |
| ===Desktop-specific===
| |
| Setting up Signal's desktop app requires that the user first install Signal on an Android or iOS based smartphone with an Internet connection.<ref name="Installing-Signal" /> Once the desktop app has been linked to the user's account, it will function as an independent client; the mobile app does not need to be present or online.<ref name="SMS-support">{{cite web |title=Can I send SMS/MMS with Signal? |url=https://support.signal.org/hc/en-us/articles/360007321171-Can-I-send-SMS-MMS-with-Signal-#desktop_sms |website=support.signal.org |publisher=Signal Messenger LLC |accessdate=20 March 2019}}</ref> Users can link up to 5 desktop apps to their account.<ref name="multiple-devices">{{cite web |title=Troubleshooting multiple devices |url=https://support.signal.org/hc/en-us/articles/360007320451-Troubleshooting-multiple-devices#desktop_multiple_device |website=support.signal.org |publisher=Signal Messenger LLC |accessdate=20 March 2019}}</ref> {{As of|March 2019}}, Signal's desktop app does not include support for voice or video calling.<ref>{{Cite web|url=https://community.signalusers.org/t/adding-voice-and-video-call-support-to-the-desktop-app/1078|title=Adding voice and video call support to the desktop app|date=2017-06-04|website=Signal Community|type=Forum|language=en|access-date=2019-03-19}}</ref> The Signal desktop app does not work well{{Explain|date=December 2019}} in an IPv6 only environment, even when NAT64/DNS64 is present.{{cn|date=December 2019}} Despite an announcement in 2016 that GIF support would be added "soon", the desktop app does not allow sending animated GIFs.
| |
|
| |
| ==Usability==
| |
|
| |
| In July 2016, the [[Internet Society]] published a [[user study]] that assessed the ability of Signal users to detect and deter [[man-in-the-middle attack]]s.<ref name="Schröder-2016">{{harvnb|Schröder|Huber|Wind|Rottermanner|2016}}</ref> The study concluded that 21 out of 28 participants failed to correctly compare [[public key fingerprint]]s in order to verify the identity of other Signal users, and that the majority of these users still believed they had succeeded, while in reality they failed.<ref name="Schröder-2016"/> Four months later, Signal's user interface was updated to make verifying the identity of other Signal users simpler.<ref name="safety-number-updates">{{cite web|last1=Marlinspike|first1=Moxie|title=Safety number updates|url=https://whispersystems.org/blog/safety-number-updates/|publisher=Open Whisper Systems|accessdate=17 July 2017|date=17 November 2016}}</ref>
| |
|
| |
| Before version 4.17,<ref name="Restoring-Android"/> the Signal Android client could only make plain text-only backups of the message history, i.e. without media messages.<ref>{{Cite web|url=https://community.signalusers.org/t/encrypted-backup/1227|title=Encrypted backup|website=Signal Community|type=Internet forum|language=en|access-date=2 April 2018|date=2017-08-16}}</ref><ref>{{cite web|title=Media Not Exporting to XML #1619|url=https://github.com/WhisperSystems/Signal-Android/issues/1619|website=GitHub|accessdate=21 December 2017|date=17 July 2014}}</ref> On February 26, 2018, Signal added support for "full backup/restore to [[SD card]]",<ref>{{cite web|last1=Marlinspike|first1=Moxie|title=Support for full backup/restore to sdcard|url=https://github.com/signalapp/Signal-Android/commit/332ccbb4eb480221c93baf259a1d307560390747|website=GitHub|publisher=Open Whisper Systems|accessdate=2 April 2018|date=26 February 2018}}</ref> and as of version 4.17, users are able to restore their entire message history when switching to a new Android phone.<ref name="Restoring-Android">{{cite web|last1=Kolenkina|first1=Masha|title=Restoring messages on Signal Android|url=https://support.signal.org/hc/en-us/articles/360001890291-Restoring-messages-on-Signal-Android|website=Signal.org|publisher=Open Whisper Systems|accessdate=2 April 2018}}</ref> The Signal iOS client does not support exporting or importing the user's messaging history.<ref>{{cite web|title=iOS Import/Export #2542|url=https://github.com/WhisperSystems/Signal-iOS/issues/2542|website=GitHub|accessdate=2 April 2018|date=16 September 2017}}</ref>
| |
|
| |
| ==Architecture==
| |
|
| |
| ===Encryption protocols===
| |
| {{Main|Signal Protocol}}
| |
|
| |
| Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the [[Double Ratchet Algorithm]], prekeys, and a Triple [[Diffie–Hellman key exchange|Diffie-Hellman]] (3XDH) handshake.<ref>{{harvnb|Unger|Dechand|Bonneau|Fahl|2015|p=241}}</ref> It uses [[Curve25519]], [[AES-256]], and [[HMAC-SHA256]] as [[Cryptographic primitive|primitives]].<ref name="Frosch 2016">{{harvnb|Frosch|Mainka|Bader|Bergsma|2016}}</ref> The protocol provides confidentiality, integrity, [[authenticated encryption|authentication]], participant consistency, destination validation, [[forward secrecy]], backward secrecy (aka future secrecy), causality preservation, message unlinkability, [[Deniable authentication|message repudiation]], participation repudiation, and [[Asynchronous communication|asynchronicity]].<ref name="Unger-2015-p239"/> It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.<ref name="Unger-2015-p239">{{harvnb|Unger|Dechand|Bonneau|Fahl|2015|p=239}}</ref>
| |
|
| |
| The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and [[multicast encryption]].<ref name="Unger-2015-p239"/> In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.<ref name="Unger-2015-p239"/>
| |
|
| |
| In October 2014, researchers from [[Ruhr University Bochum]] published an analysis of the Signal Protocol.<ref name="Frosch 2016"/> Among other findings, they presented an [[unknown key-share attack]] on the protocol, but in general, they found that it was secure.<ref name="Pauli-2014-11-03" /> In October 2016, researchers from UK’s [[University of Oxford]], [[Queensland University of Technology]] in Australia, and Canada’s [[McMaster University]] published a formal analysis of the protocol.<ref name="Brook-2016-11-10"/><ref name="Cohn-Gordon-2016"/> They concluded that the protocol was cryptographically sound.<ref name="Brook-2016-11-10">{{cite web|last1=Brook|first1=Chris|title=Signal Audit Reveals Protocol Cryptographically Sound|url=https://threatpost.com/signal-audit-reveals-protocol-cryptographically-sound/121892/|website=Threatpost|publisher=Kaspersky Lab|accessdate=11 November 2016|date=10 November 2016}}</ref><ref name="Cohn-Gordon-2016">{{harvnb|Cohn-Gordon|Cremers|Dowling|Garratt|2016}}</ref> In July 2017, researchers from [[Ruhr University Bochum]] found during another analysis of group messengers a purely theoretic attack against the group protocol of Signal: A user who knows the secret group ID of a group (due to having been a group member previously or stealing it from a member's device) can become a member of the group. Since the group ID cannot be guessed and such member changes are displayed to the remaining members, this attack has only little practical impact.<ref>{{Cite journal|last=Rösler|first=Paul|last2=Mainka|first2=Christian|last3=Schwenk|first3=Jörg|date=2017|title=More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema|url=https://eprint.iacr.org/2017/713.pdf|journal=|volume=|pages=|via=}}</ref>
| |
|
| |
| {{As of|August 2018}}, the Signal Protocol has been implemented into [[WhatsApp]], [[Facebook Messenger]], [[Skype]],<ref name="skype">{{cite web|last1=Lund|first1=Joshua|title=Signal partners with Microsoft to bring end-to-end encryption to Skype|url=https://signal.org/blog/skype-partnership/|publisher=Open Whisper Systems|accessdate=17 January 2018|date=11 January 2018}}</ref> and [[Google Allo]],<ref name="allo">{{cite web|url=https://signal.org/blog/allo/ |title=Open Whisper Systems partners with Google on end-to-end encryption for Allo |last=Marlinspike |first=Moxie |publisher=Open Whisper Systems |date=18 May 2016 |accessdate=22 August 2018}}</ref> making it possible for the conversations of "more than a billion people worldwide" to be end-to-end encrypted.<ref>{{cite web|url=http://fortune.com/40-under-40/moxie-marlinspike-31/|title=Moxie Marlinspike - 40 under 40|year=2016|website=Fortune|publisher=Time Inc.|accessdate=6 October 2016}}</ref> In Google Allo, Skype and Facebook Messenger, conversations are not encrypted with the Signal Protocol by default; they only offer end-to-end encryption in an optional mode.<ref name="Lee-2016-06-22"/><ref name="facebook-messenger">{{cite web|last1=Marlinspike|first1=Moxie|title=Facebook Messenger deploys Signal Protocol for end to end encryption|url=https://whispersystems.org/blog/facebook-messenger/|publisher=Open Whisper Systems|accessdate=10 May 2017|date=8 July 2016}}</ref><ref name="skype" /><ref>{{cite web |last1=Gebhart |first1=Gennie |title=Google's Allo Sends The Wrong Message About Encryption |url=https://www.eff.org/deeplinks/2016/09/googles-allo-sends-wrong-message-about-encryption |publisher=Electronic Frontier Foundation |accessdate=20 August 2018 |date=3 October 2016}}</ref>
| |
|
| |
| Up until March 2017, Signal's voice calls were encrypted with [[Secure Real-time Transport Protocol|SRTP]] and the [[ZRTP]] key-agreement protocol, which was developed by [[Phil Zimmermann]].<ref name="Greenberg-2014-07-29" /><ref name="RedPhone-Encryption-Protocols"/> {{As of|2017|3}}, Signal's voice and video calling functionalities use the app's Signal Protocol channel for authentication instead of ZRTP.<ref name="Greenberg-2017-02-14">{{cite journal|last1=Greenberg|first1=Andy|title=The Best Encrypted Chat App Now Does Video Calls Too|url=https://www.wired.com/2017/02/encryption-app-signal-enables-video-calls-new-privacy-tradeoff/|journal=Wired|publisher=Condé Nast|accessdate=15 February 2017|date=14 February 2017}}</ref><ref name="signal-video-calls-beta">{{cite web|last1=Marlinspike|first1=Moxie|title=Video calls for Signal now in public beta|url=https://whispersystems.org/blog/signal-video-calls-beta/|publisher=Open Whisper Systems|accessdate=15 February 2017|date=14 February 2017}}</ref><ref name="Mott-2017-03-14"/>
| |
|
| |
| ====Authentication====
| |
| To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) [[Out-of-band data|out-of-band]].<ref name="Rottermanner-2015-p5"/> The app employs a [[trust on first use]] mechanism in order to notify the user if a correspondent's key changes.<ref name="Rottermanner-2015-p5"/>
| |
|
| |
| ===Servers===
| |
|
| |
| Signal relies on [[Centralized computing|centralized]] servers that are maintained by Signal Messenger. In addition to routing Signal's messages, the servers also facilitate the discovery of contacts who are also registered Signal users and the automatic [[key exchange|exchange]] of users' [[Public-key cryptography|public keys]]. By default, Signal's voice and video calls are [[peer-to-peer]].<ref name="Mott-2017-03-14"/> If the caller is not in the receiver's address book, the call is routed through a server in order to hide the users' [[IP address]]es.<ref name="Mott-2017-03-14"/>
| |
|
| |
| ====Contact discovery====
| |
| The servers store registered users' phone numbers, public key material and push tokens which are necessary for setting up calls and transmitting messages.<ref name="privacy-policy">{{cite web|title=Privacy Policy|url=https://signal.org/legal/#privacy-policy|publisher=Signal Messenger LLC.|accessdate=24 June 2018|date=25 May 2018}}</ref> In order to determine which contacts are also Signal users, [[Cryptographic hash function|cryptographic hashes]] of the user's contact numbers are periodically transmitted to the server.<ref name="contact-discovery" /> The server then checks to see if those match any of the SHA256 hashes of registered users and tells the client if any matches are found.<ref name="contact-discovery" /> The hashed numbers are thereafter discarded from the server.<ref name="privacy-policy"/> In 2014, Moxie Marlinspike wrote that it is easy to calculate a map of all possible hash inputs to hash outputs and reverse the mapping because of the limited [[preimage]] space (the set of all possible hash inputs) of phone numbers, and that a "practical privacy preserving contact discovery remains an unsolved problem."<ref name="Rottermanner-2015-p4">{{harvnb|Rottermanner|Kieseberg|Huber|Schmiedecker|2015|p=4}}</ref><ref name="contact-discovery">{{cite web |url=https://whispersystems.org/blog/contact-discovery/|title=The Difficulty Of Private Contact Discovery |author=Moxie Marlinspike |date=3 January 2013 |publisher= Open Whisper Systems |accessdate=14 January 2016}}</ref> In September 2017, Signal's developers announced that they were working on a way for the Signal client applications to "efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service."<ref name="private-contact-discovery">{{cite web|last1=Marlinspike|first1=Moxie|title=Technology preview: Private contact discovery for Signal|url=https://signal.org/blog/private-contact-discovery/|publisher=Open Whisper Systems|accessdate=28 September 2017|date=26 September 2017}}</ref><ref>{{cite journal|last1=Greenberg|first1=Andy|title=Signal Has a Fix for Apps' Contact-Leaking Problem|url=https://www.wired.com/story/signal-contact-lists-private-secure-enclave|journal=Wired|publisher=Condé Nast|accessdate=28 September 2017|date=26 September 2017}}</ref>
| |
|
| |
| ====Metadata====
| |
| All client-server communications are protected by [[Transport Layer Security|TLS]].<ref name="RedPhone-Encryption-Protocols">{{cite web|url=https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols|archiveurl=https://web.archive.org/web/20150905192057/https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols|archivedate=5 September 2015|title=Encryption Protocols|website=GitHub|last=Marlinspike|first=Moxie|date=17 July 2012|accessdate=8 January 2016}}</ref><ref>{{harvnb|Frosch|Mainka|Bader|Bergsma|2016|p=7}}</ref> In October 2018, Signal deployed a "Sealed Sender" feature which encrypts the sender's information using the sender and recipient identity keys, and includes it inside the message. With this feature Signal's servers can no longer see who is sending messages to whom.<ref>{{Cite web|url=https://signal.org/blog/sealed-sender/|title=Signal >> Blog >> Technology preview: Sealed sender for Signal|date=October 29, 2018|website=Signal.org|url-status=live|archive-url=|archive-date=|access-date=}}</ref> Signal's [[privacy policy]] states that any identifiers are only kept on the servers as long as necessary in order to place each call or transmit each message.<ref name="privacy-policy"/> Signal's developers have asserted that their servers do not keep logs about who called whom and when.<ref name="Brandom-2014-07-29" /> In June 2016, Marlinspike told ''[[The Intercept]]'' that "the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second".<ref name="Lee-2016-06-22">{{cite web|last1=Lee|first1=Micah|title=Battle of the Secure Messaging Apps: How Signal Beats WhatsApp|url=https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/|website=The Intercept|publisher=First Look Media|accessdate=6 September 2016|date=22 June 2016}}</ref>
| |
|
| |
| The group messaging mechanism is designed so that the servers do not have access to the membership list, group title, or group icon.<ref name="Rottermanner-2015-p3"/> Instead, the creation, updating, joining, and leaving of groups is done by the clients, which deliver pairwise messages to the participants in the same way that one-to-one messages are delivered.<ref name="private-groups">{{cite web|url=https://whispersystems.org/blog/private-groups/ |title=Private Group Messaging |publisher=Open Whisper Systems|author=Moxie Marlinspike |date=5 May 2014|accessdate=2014-07-09}}</ref><ref name="the-new-textsecure">{{cite web |url=https://whispersystems.org/blog/the-new-textsecure/ |title=The New TextSecure: Privacy Beyond SMS |author= Moxie Marlinspike |date= 24 February 2014|website= |publisher= Open Whisper Systems |accessdate=26 February 2014}}</ref>
| |
|
| |
| ====Federation====
| |
| Signal's server architecture was [[Federation (information technology)|federated]] between December 2013 and February 2016. In December 2013, it was announced that the messaging protocol that is used in Signal had successfully been integrated into the Android-based open-source operating system [[CyanogenMod]].<ref>{{cite news|author=Andy Greenberg |url=https://www.forbes.com/sites/andygreenberg/2013/12/09/ten-million-more-android-users-text-messages-will-soon-be-encrypted-by-default/ |title=Ten Million More Android Users' Text Messages Will Soon Be Encrypted By Default |work=Forbes |date=2013-12-09 |accessdate=2014-02-28}}</ref><ref>{{cite news|author=Seth Schoen |url=https://www.eff.org/deeplinks/2013/12/2013-review-encrypting-web-takes-huge-leap-forward |title=2013 in Review: Encrypting the Web Takes A Huge Leap Forward |publisher=Electronic Frontier Foundation |date=2013-12-28 |accessdate=2014-03-01}}</ref><ref name="cyanogen-integration" /> Since CyanogenMod 11.0, the client logic was contained in a system app called WhisperPush. According to Signal's developers, the Cyanogen team ran their own Signal messaging server for WhisperPush clients, which federated with the main server, so that both clients could exchange messages with each other.<ref name="cyanogen-integration">{{cite news|author=Moxie Marlinspike |url=https://whispersystems.org/blog/cyanogen-integration/ |title=TextSecure, Now With 10 Million More Users |publisher=Open Whisper Systems |date=2013-12-09 |accessdate=2014-02-28}}</ref> The WhisperPush source code was available under the GPLv3 license.<ref>{{cite web |url=https://github.com/CyanogenMod/android_external_whispersystems_WhisperPush |title=android_external_whispersystems_WhisperPush |author=CyanogenMod |website=GitHub |date=Jan 7, 2014 |accessdate=Mar 26, 2015}}</ref> In February 2016, the CyanogenMod team discontinued WhisperPush and recommended that its users switch to Signal.<ref>{{cite web|last1=Sinha|first1=Robin|title=CyanogenMod to Shutter WhisperPush Messaging Service on February 1|url=http://gadgets.ndtv.com/mobiles/news/cyanogenmod-to-shutter-whisperpush-messaging-service-on-february-1-792064|website=Gadgets360|publisher=NDTV|accessdate=23 January 2016|date=20 January 2016}}</ref> In May 2016, Moxie Marlinspike wrote that federation with the CyanogenMod servers had degraded the user experience and held back development, and that their servers will probably not federate with other servers again.<ref name="Edge-2016-05-18"/>
| |
|
| |
| In May 2016, Moxie Marlinspike requested that a third-party client called LibreSignal not use the Signal service or the Signal name.<ref name="Edge-2016-05-18">{{cite web|url=https://lwn.net/Articles/687294/|last=Edge|first=Jake|title=The perils of federated protocols|website=LWN.net|date=18 May 2016|accessdate=5 July 2016}}</ref> As a result, on 24 May 2016 the LibreSignal project posted that the project was "abandoned".<ref>{{cite web |last=Le Bihan |first=Michel |url=https://github.com/LibreSignal/LibreSignal/blob/master/README.md|title=README.md|publisher=LibreSignal|website=GitHub|date=24 May 2016|accessdate=6 November 2016}}</ref> The functionality provided by LibreSignal was subsequently incorporated into Signal by Marlinspike.<ref>{{Cite web|url=https://github.com/signalapp/Signal-Android/commit/1669731329bcc32c84e33035a67a2fc22444c24b|title=Support for using Signal without Play Services · signalapp/Signal-Android@1669731|website=GitHub|language=en|access-date=2020-01-03}}</ref>
| |
|
| |
| ===Licensing===
| |
| The complete [[source code]] of the Signal clients for Android, iOS and desktop is available on [[GitHub]] under a [[free software license]].<ref name="signal-ios-github" /><ref name="signal-android-github" /><ref name="signal-desktop-github" /> This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also allows advanced users to compile their own copies of the applications and compare them with the versions that are distributed by Signal Messenger. In March 2016, Moxie Marlinspike wrote that, apart from some shared libraries that are not compiled with the project build due to a lack of Gradle NDK support, Signal for Android is [[Deterministic compilation|reproducible]].<ref>{{cite web|last1=Marlinspike|first1=Moxie|title=Reproducible Signal builds for Android|url=https://whispersystems.org/blog/reproducible-android/|publisher=Open Whisper Systems|accessdate=31 March 2016|date=31 March 2016}}</ref> Signal's servers are also open source.<ref name="Signal-Server" />
| |
|
| |
| ===Distribution===
| |
| Signal is officially distributed through the [[Google Play]] store, Apple's [[App Store (iOS)|App Store]], and the official website. Applications distributed via Google Play are [[Digital signature|signed]] by the developer of the application, and the [[Android (operating system)|Android operating system]] checks that updates are signed with the same [[Key (cryptography)|key]], preventing others from distributing updates that the developer themselves did not sign.<ref name="moxie-127-1">{{cite web|url=https://github.com/WhisperSystems/Signal-Android/issues/127#issuecomment-13447074|title= moxie0 commented Feb 12, 2013 |last=Marlinspike|first=Moxie|website=GitHub|date=12 February 2013 |accessdate=13 October 2016}}</ref><ref>{{cite web|url=https://developer.android.com/studio/publish/app-signing.html|title=Sign Your App|website=Android Studio|date= |accessdate=13 October 2016}}</ref> The same applies to iOS applications that are distributed via Apple's App Store.<ref>{{cite web|title=About Code Signing|url=https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html|website=Apple Developer|publisher=Apple|accessdate=13 October 2016|date=13 September 2016}}</ref> As of March 2017, the Android version of Signal can also be downloaded as a separate [[Android application package|APK]] package binary from Signal Messenger's website.<ref>{{cite web|title=Signal Android APK|url=https://signal.org/android/apk/|publisher=Open Whisper Systems|accessdate=14 March 2017}}</ref>
| |
|
| |
| ==Reception==
| |
|
| |
| In October 2014, the [[Electronic Frontier Foundation]] (EFF) included Signal in their updated surveillance self-defense guide.<ref name="eff-2014-10-23" /> In November 2014, Signal received a perfect score on the EFF's secure messaging scorecard;<ref name="eff-2014-11-04" /> it received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to ([[end-to-end encryption]]), making it possible for users to independently verify their correspondents' identities, having past communications secure if the keys are stolen ([[forward secrecy]]), having the code open to independent review ([[Open-source software|open source]]), having the security designs well-documented, and having a recent independent security audit.<ref name="eff-2014-11-04" /> At the time, "[[ChatSecure]] + [[Orbot]]", [[Pidgin (software)|Pidgin]] (with [[Off-the-Record Messaging|OTR]]), [[Silent Circle (software)|Silent Phone]], and [[Telegram (software)|Telegram]]'s optional "secret chats" also received seven out of seven points on the scorecard.<ref name="eff-2014-11-04" />
| |
|
| |
| On December 28, 2014, ''[[Der Spiegel]]'' published slides from an internal [[NSA]] presentation dating to June 2012 in which the NSA deemed Signal's encrypted voice calling component (RedPhone) on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, [[Tor (anonymity network)|Tor]], [[Tails (operating system)|Tails]], and [[TrueCrypt]] was ranked as "catastrophic", leading to a "near-total loss/lack of insight to target communications, presence..."<ref name="spiegel-staff-2014-12-28" /><ref name="spiegel-media-2014-12-28" />
| |
|
| |
| Former [[NSA]] contractor [[Edward Snowden]] has endorsed Signal on multiple occasions.<ref name="Motherboard-2015-12-02"/> In his keynote speech at [[South by Southwest|SXSW]] in March 2014, he praised Signal's predecessors (TextSecure and RedPhone) for their ease of use.<ref name="Eddy-2014-03-11" /> During an interview with ''[[The New Yorker]]'' in October 2014, he recommended using "anything from Moxie Marlinspike and Open Whisper Systems".<ref name="thenewyorker-2014-10-11" /> During a remote appearance at an event hosted by [[Ryerson University]] and [[Canadian Journalists for Free Expression]] in March 2015, Snowden said that Signal is "very good" and that he knew the security model.<ref name="Cameron-2015-03-06" /> Asked about encrypted messaging apps during a [[Reddit AMA]] in May 2015, he recommended Signal.<ref name="Yuhas-2015-05-21"/><ref name="Beauchamp-2015-05-21" /> In November 2015, Snowden tweeted that he used Signal "every day".<ref name="Greenberg-2015-11-2"/><ref name="Barrett-2016-02-25">{{cite journal|last1=Barrett|first1=Brian|title=Apple Hires Lead Dev of Snowden's Favorite Messaging App|url=https://www.wired.com/2016/02/apple-hires-lead-dev-snowdens-favorite-messaging-app/|journal=Wired|publisher=Condé Nast|accessdate=2 March 2016|date=25 February 2016}}</ref>
| |
|
| |
| In September 2015, the [[American Civil Liberties Union]] called on officials at the [[U.S. Capitol]] to ensure that lawmakers and staff members have secure communications technology.<ref>{{cite news|last1=Nakashima|first1=Ellen|title=ACLU calls for encryption on Capitol Hill|url=https://www.washingtonpost.com/news/the-switch/wp/2015/09/22/aclu-calls-for-encryption-on-capitol-hill/|accessdate=22 September 2015|work=The Washington Post|publisher=Nash Holdings LLC|date=22 September 2015}}</ref> One of the applications that the ACLU recommended in their letter to the [[Sergeant at Arms of the United States Senate|Senate Sergeant at Arms]] and to the [[Sergeant at Arms of the United States House of Representatives|House Sergeant at Arms]] was Signal, writing:
| |
| {{quote|One of the most widely respected encrypted communication apps, Signal, from Open Whisper Systems, has received significant financial support from the U.S. government, has been audited by independent security experts, and is now widely used by computer security professionals, many of the top national security journalists, and public interest advocates. Indeed, members of the ACLU’s own legal department regularly use Signal to make encrypted telephone calls.<ref>{{cite web|last1=Macleod-Ball|first1=Michael W.|last2=Rottman|first2=Gabe|last3=Soghoian|first3=Christopher|authorlink3=Christopher Soghoian|title=The Civil Liberties Implications of Insecure Congressional Communications and the Need for Encryption|url=https://www.aclu.org/sites/default/files/field_document/encrypt_congress_letter_final.pdf|publisher=American Civil Liberties Union|accessdate=22 September 2015|location=Washington, DC|pages=5–6|date=22 September 2015}}</ref>}}
| |
|
| |
| In March 2017, Signal was approved by the Sergeant at Arms of the U.S. Senate for use by senators and their staff.<ref>{{cite web|last1=Whittaker|first1=Zack|title=In encryption push, Senate staff can now use Signal for secure messaging|url=http://www.zdnet.com/article/in-encryption-push-senate-approves-signal-for-encrypted-messaging/|website=ZDNet|publisher=CBS Interactive|accessdate=20 July 2017|date=16 May 2017}}</ref><ref>{{cite web|last1=Wyden|first1=Ron|title=Ron Wyden letter on Signal encrypted messaging|url=https://www.documentcloud.org/documents/3723701-Ron-Wyden-letter-on-Signal-encrypted-messaging.html|website=Documentcloud|publisher=Zack Whittaker, ZDNet|accessdate=20 July 2017|date=9 May 2017}}</ref>
| |
|
| |
| Following the [[2016 Democratic National Committee email leak]], ''[[Vanity Fair (magazine)|Vanity Fair]]'' reported that [[Marc Elias]], the general counsel for [[Hillary Clinton]]'s presidential campaign, had instructed DNC staffers to exclusively use Signal when saying anything "remotely contentious or disparaging" about Republican presidential nominee [[Donald Trump]].<ref name="Bilton-2016-08-26">{{cite web|last1=Bilton|first1=Nick|title=How the Clinton Campaign Is Foiling the Kremlin|url=http://www.vanityfair.com/news/2016/08/how-the-clinton-campaign-is-foiling-the-kremlin|website=Vanity Fair|publisher=Condé Nast|accessdate=1 September 2016|date=26 August 2016}}</ref><ref name="Blake-2016-08-27">{{cite web|last1=Blake|first1=Andrew|title=Democrats warned to use encryption weeks before email leaks|url=http://www.washingtontimes.com/news/2016/aug/27/dems-urged-encrypt-their-communications-weeks-prio/|website=The Washington Times|publisher=The Washington Times, LLC|accessdate=1 September 2016|date=27 August 2016}}</ref>
| |
|
| |
| In February 2020, the European Commission has recommended that its staff use Signal<ref name="Politico-European-Commission-Signal-2020-02-20">{{cite web|title=EU Commission to staff: Switch to Signal messaging app|url=https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/|website=Politico EU|date=20 February 2020}}</ref>
| |
|
| |
| ===Blocking===
| |
| [[File:https://upload.wikimedia.org/wikipedia/commons/2/28/Countries_where_Signal_provides_domain_fronting.svg|thumb|400px|{{legend|#346733|Countries where Signal's domain fronting is enabled by default|border=1px #555 solid}}{{legend|#8E0000|Countries where Signal is blocked (January 2018)|border=1px #555 solid}}]]
| |
|
| |
|
| |
| In December 2016, [[Egypt]] blocked access to Signal.<ref>{{cite web|last1=Cox|first1=Joseph|title=Signal Claims Egypt Is Blocking Access to Encrypted Messaging App|url=https://motherboard.vice.com/en_us/article/nz755w/signal-claims-egypt-is-blocking-access-to-encrypted-messaging-app|website=Motherboard|publisher=Vice Media LLC|accessdate=20 July 2017|date=19 December 2016}}</ref> In response, Signal's developers added [[domain fronting]] to their service.<ref name="doodles-stickers-censorship"/> This allows Signal users in a specific country to circumvent censorship by making it look like they are connecting to a different internet-based service.<ref name="doodles-stickers-censorship">{{cite web|last1=Marlinspike|first1=Moxie|title=Doodles, stickers, and censorship circumvention for Signal Android|url=https://whispersystems.org/blog/doodles-stickers-censorship/|publisher=Open Whisper Systems|accessdate=20 July 2017|date=21 December 2016}}</ref><ref name="Greenberg-2016-12-21">{{cite journal|last1=Greenberg|first1=Andy|title=Encryption App 'Signal' Fights Censorship with a Clever Workaround|url=https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/|journal=Wired|publisher=Condé Nast|accessdate=20 July 2017|date=21 December 2016}}</ref> {{As of|October 2017}}, Signal's domain fronting is enabled by default in Egypt, the [[United Arab Emirates]], [[Oman]] and [[Qatar]].<ref>{{cite web|title=SignalServiceNetworkAccess.java|url=https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java#L116-L152|website=GitHub|publisher=Open Whisper Systems|accessdate=5 October 2017}}</ref>
| |
|
| |
| {{As of|January 2018}}, Signal is blocked in [[Iran]].<ref name="Frenkel-2018-1-2">{{cite web|last1=Frenkel|first1=Sheera|title=Iranian Authorities Block Access to Social Media Tools|url=https://www.nytimes.com/2018/01/02/technology/iran-protests-social-media.html|website=The New York Times|accessdate=15 January 2018|date=2 January 2018}}</ref><ref name="issue-7311">{{cite web|title=Domain Fronting for Iran #7311|url=https://github.com/WhisperSystems/Signal-Android/issues/7311|website=GitHub|accessdate=15 January 2018|date=1 January 2018}}</ref> Signal's domain fronting feature relies on the [[Google App Engine]] service.<ref name="issue-7311"/><ref name="Frenkel-2018-1-2"/> This does not work in Iran because Google has blocked Iranian access to GAE in order to comply with U.S. sanctions.<ref name="Frenkel-2018-1-2"/><ref>{{cite web|last1=Brandom|first1=Russell|title=Iran blocks encrypted messaging apps amid nationwide protests|url=https://www.theverge.com/2018/1/2/16841292/iran-telegram-block-encryption-protest-google-signal|website=The Verge|publisher=Vox Media|accessdate=23 March 2018|date=2 January 2018}}</ref>
| |
|
| |
| In early 2018, [[Google App Engine]] made an internal change to stop domain fronting for all countries. Due to this issue, Signal made a public change to use [[Amazon CloudFront]] for domain fronting. However, [[Amazon Web Services|AWS]] also announced that they would be making changes to their service to prevent domain fronting. As a result, Signal said that they would start investigating new methods/approaches.<ref>{{Cite web|last=Marlinspike|first=Moxie|title=A letter from Amazon|url=https://signal.org/blog/looking-back-on-the-front/|website=signal.org|publisher=Open Whisper Systems|date=1 May 2018|accessdate=10 January 2019}}</ref><ref>{{cite web |last1=Gallagher |first1=Sean |title=Amazon blocks domain fronting, threatens to shut down Signal's account |url=https://arstechnica.com/information-technology/2018/05/amazon-blocks-domain-fronting-threatens-to-shut-down-signals-account/ |website=Ars Technica |publisher=Condé Nast |accessdate=23 January 2019 |date=2 May 2018}}</ref> Signal switched from AWS back to Google in April 2019.<ref>{{cite web |last1=Parrelli |first1=Greyson |title=Attempt to resolve connectivity problems for some users. |url=https://github.com/signalapp/Signal-Android/commit/9aed2343c141b1b3809f7eaccce61c22e342fda7 |website=GitHub |publisher=Signal Messenger LLC |accessdate=2 May 2019 |date=4 April 2019}}</ref>
| |
|
| |
| ==Developers and funding==
| |
| {{Main|Signal Messenger|Signal Foundation}}
| |
| Signal is developed by Signal Messenger LLC, a software organization founded by [[Moxie Marlinspike]] and [[Brian Acton]] in 2018 to take over the role of the Open Whisper Systems project that Marlinspike founded in 2013. A non-profit entity called the [[Signal Foundation]] was also created in 2018 with an initial funding of $50 million from Acton, "to support, accelerate, and broaden Signal’s mission of making private communication accessible and ubiquitous."<ref name="signal-foundation" /><ref name="Greenberg-2018-02-21"/> Before the Signal Foundation was founded, Signal's development was funded by a combination of donations and [[Grant (money)|grants]].<ref name="ONeill-2017-01-03">{{cite web|last1=O'Neill|first1=Patrick|title=How Tor and Signal can maintain the fight for freedom in Trump's America|url=https://www.cyberscoop.com/tor-signal-funding-donald-trump-steve-bannon-encryption/|website=CyberScoop|publisher=Scoop News Group|accessdate=16 September 2017|date=3 January 2017}}</ref> Between 2013 and 2016, the project received grants from the [[Knight Foundation]],<ref name="knightfoundation" /> the [[Shuttleworth Foundation]],<ref name="shuttleworthfoundation" /> and the [[Open Technology Fund]].<ref name="opentechfund" /> The [[Freedom of the Press Foundation]] had previously acted as Signal's [[fiscal sponsorship|fiscal sponsor]] and agreed to continue accepting donations on their behalf while the Signal Foundation's non-profit status was pending.<ref name="signal-foundation" /><ref>{{cite web|last1=Timm|first1=Trevor|title=Freedom of the Press Foundation's new look, and our plans to protect press freedom for 2017|url=https://freedom.press/news/freedom-press-foundations-new-look-and-our-plans-protect-press-freedom-2017/|website=Freedom of the Press Foundation|accessdate=25 January 2017|date=8 December 2016}}</ref><ref name="pressfreedomfoundation" /> The Signal Foundation is officially tax-exempt as of February 2019.<ref name="propublica">{{cite web |title=Signal Technology Foundation |url=https://projects.propublica.org/nonprofits/organizations/824506840 |website=Nonprofit Explorer |publisher=Pro Publica Inc. |accessdate=7 June 2019}}</ref> All of the organization's products are published as [[free and open-source software]].
| |
|
| |
| == See also ==
| |
| {{Portal| Freedom of speech | Free and open-source software | Telecommunications}}
| |
| * [[Comparison of instant messaging clients]]
| |
| * [[Comparison of VoIP software]]
| |
| * [[Internet privacy]]
| |
| * [[List of video telecommunication services and product brands]]
| |
| * [[Secure communication]]
| |
| * [[Telegram (software)]]
| |
| {{Clear}}
| |
|
| |
| ==References==
| |
| {{reflist|refs=
| |
|
| |
| <!-- ref name="Franceschi-Bicchierai-2014-11-18">{{cite web|last1=Franceschi-Bicchierai|first1=Lorenzo|title=WhatsApp messages now have Snowden-approved encryption on Android|url=http://mashable.com/2014/11/18/whatsapp-encryption-textsecure/|publisher=Mashable|accessdate=23 January 2015|date=18 November 2014}}</ref -->
| |
|
| |
| <ref name="Pauli-2014-11-03">{{cite web|last1=Pauli|first1=Darren|title=Auditors find encrypted chat client TextSecure is secure|url=https://www.theregister.co.uk/2014/11/03/how_secure_is_textsecure_pretty_well_secure/|publisher= The Register |accessdate=4 November 2014}}</ref>
| |
|
| |
| <ref name="Lee-2015-03-02">{{cite news|first=Micah |last=Lee |url=https://firstlook.org/theintercept/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text/ |title=You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone |publisher=The Intercept |date=2015-03-02 |accessdate=2015-03-03}}</ref>
| |
|
| |
| <ref name="Greenberg-2010-05-25">{{cite news |first=Andy |last=Greenberg |url=https://www.forbes.com/sites/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/ |title=Android App Aims to Allow Wiretap-Proof Cell Phone Calls |work=Forbes |date=2010-05-25 |accessdate=2014-02-28}}</ref>
| |
|
| |
| <ref name="welcome">{{cite news |url=https://whispersystems.org/blog/welcome/ |title= A New Home |publisher=Open Whisper Systems |date=2013-01-21 |accessdate=2014-03-01}}</ref>
| |
|
| |
| <ref name="Geuss-2015-03-03">{{cite news |url=https://arstechnica.com/security/2015/03/now-you-can-easily-send-free-encrypted-messages-between-android-ios/ |title=Now you can easily send (free!) encrypted messages between Android, iOS |publisher=Ars Technica |first=Megan |last=Geuss |date= 2015-03-03 |accessdate=2015-03-03}}</ref>
| |
|
| |
| <ref name="spiegel-media-2014-12-28">{{cite web|title=Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not|url=http://www.spiegel.de/media/media-35535.pdf|publisher=Der Spiegel|accessdate=23 January 2015|date=28 December 2014}}</ref>
| |
|
| |
| <ref name="spiegel-staff-2014-12-28">{{cite news|author=SPIEGEL Staff|title=Prying Eyes: Inside the NSA's War on Internet Security|url=http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html|newspaper=Der Spiegel|accessdate=23 January 2015|date=28 December 2014}}</ref>
| |
|
| |
| <ref name="Cheredar-2011-11-28">{{cite web|date=28 November 2011 |first=Tom |last=Cheredar |url= https://venturebeat.com/2011/11/28/twitter-buys-whisper-systems/ |title=Twitter acquires Android security startup Whisper Systems |publisher=VentureBeat |accessdate=2011-12-21}}</ref>
| |
|
| |
| <ref name="Greenberg-2011-11-28">{{cite news|first=Andy |last=Greenberg |url=https://www.forbes.com/sites/andygreenberg/2011/11/28/twitter-acquires-moxie-marlinspikes-encryption-startup-whisper-systems/ |title=Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems |work=Forbes |date=2011-11-28 |accessdate=2011-12-21}}</ref>
| |
|
| |
| <ref name="Pachal-2011-12-20">{{cite news |url=http://mashable.com/2011/12/20/textsecure-open-source/ |first=Pete |last=Pachal |title=Twitter Takes TextSecure, Texting App for Dissidents, Open Source |publisher=Mashable |date= 2011-12-20 |accessdate=2014-03-01}}</ref>
| |
|
| |
| <ref name="Garling-2011-12-20">{{cite news|last=Garling |first=Caleb |url=https://www.wired.com/wiredenterprise/2011/12/twitter-open-sources-its-android-moxie/ |title=Twitter Open Sources Its Android Moxie | Wired Enterprise |publisher=Wired |date= 20 December 2011 |accessdate= 21 December 2011}}</ref>
| |
|
| |
| <ref name="Garling-2011-11-28">{{cite news|last=Garling |first=Caleb |url=https://www.wired.com/wiredenterprise/2011/11/twitter-buys-moxie/ |title=Twitter Buys Some Middle East Moxie | Wired Enterprise |publisher=Wired |date= 28 November 2011|accessdate=21 December 2011}}</ref>
| |
|
| |
| <ref name="Aniszczyk-2011-12-20">{{cite web |url=https://blog.twitter.com/2011/whispers-are-true |title= The Whispers Are True |archiveurl= https://web.archive.org/web/20141024130437/https://blog.twitter.com/2011/whispers-are-true |archivedate= 24 October 2014 |date= 20 December 2011 |website=The Twitter Developer Blog |first=Chris |last=Aniszczyk |publisher=Twitter |accessdate=22 January 2015}}</ref>
| |
|
| |
| <ref name="eff-2014-10-23">{{cite web | url = https://ssd.eff.org/en/module/communicating-others | publisher = Electronic Frontier Foundation | title = Surveillance Self-Defense. Communicating with Others | date = 2014-10-23}}</ref>
| |
|
| |
| <ref name="eff-2014-11-04">{{cite web | url = https://www.eff.org/node/82654 | publisher = Electronic Frontier Foundation | title = Secure Messaging Scorecard. Which apps and tools actually keep your messages safe? | date = 4 November 2014}}</ref>
| |
|
| |
| <ref name="signal-ios-github">{{cite web |url=https://github.com/WhisperSystems/Signal-iOS |title=Signal-iOS |author= Open Whisper Systems |website= GitHub |accessdate=14 January 2015}}</ref>
| |
|
| |
| <ref name="signal-android-github">{{cite web |url=https://github.com/WhisperSystems/Signal-Android |title=Signal-Android |author= Open Whisper Systems |website= GitHub |accessdate=5 November 2015}}</ref>
| |
|
| |
| <ref name="signal-desktop-github">{{cite web |url=https://github.com/WhisperSystems/Signal-Desktop |title=Signal-Desktop |author= Open Whisper Systems |website= GitHub |accessdate=7 April 2016}}</ref>
| |
|
| |
| <ref name="Signal-Server">{{cite web |url=https://github.com/whispersystems/Signal-Server/ |title=Signal-Server |author= Open Whisper Systems |website= GitHub |accessdate=21 November 2016}}</ref>
| |
|
| |
| <ref name="Greenberg-2014-07-29">{{cite journal| url=https://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/ |title=Your iPhone Can Finally Make Free, Encrypted Calls |journal=Wired |first=Andy |last=Greenberg |date= 29 July 2014 |accessdate= 18 January 2015}}</ref>
| |
|
| |
| <ref name="Evans-2014-07-29">{{cite web|url=https://techcrunch.com/2014/07/29/talk-private-to-me-free-worldwide-encrypted-voice-calls-with-signal/|title=Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone|publisher=AOL|work=TechCrunch|first=Jon |last=Evans|date=29 July 2014}}</ref>
| |
|
| |
| <ref name="Mimoso-2014-07-29">{{cite web|url=http://threatpost.com/new-signal-app-brings-encrypted-calling-to-iphone/107491|title=New Signal App Brings Encrypted Calling to iPhone|publisher=Threatpost |first=Michael |last=Mimoso |date=29 July 2014}}</ref>
| |
|
| |
| <ref name="pressfreedomfoundation">{{cite web|url=https://freedom.press/crowdfunding/signal/ |title= Signal |publisher= Freedom of the Press Foundation |accessdate=31 January 2018}}</ref>
| |
|
| |
| <ref name="knightfoundation">{{cite web|title=TextSecure|url=http://www.knightfoundation.org/grants/201499909/|publisher=Knight Foundation|accessdate=5 January 2015}}</ref>
| |
|
| |
| <ref name="shuttleworthfoundation">{{cite web|title=Moxie Marlinspike|url=https://www.shuttleworthfoundation.org/alumni/moxie-marlinspike|publisher=Shuttleworth Foundation|accessdate=14 January 2015|url-status=dead|archiveurl=https://archive.is/20161115142945/https://www.shuttleworthfoundation.org/alumni/moxie-marlinspike|archivedate=15 November 2016}}</ref>
| |
|
| |
| <ref name="opentechfund">{{cite web|title=Open Whisper Systems|url=https://www.opentech.fund/results/supported-projects/open-whisper-systems/|publisher=Open Technology Fund|accessdate=1 March 2019}}</ref>
| |
|
| |
| <ref name="Brandom-2014-07-29">{{cite web|last1=Brandom|first1=Russell|title=Signal brings painless encrypted calling to iOS|url=https://www.theverge.com/2014/7/29/5945547/signal-brings-painless-encrypted-calling-whisper-systems-moxie-marlinspike|publisher=The Verge|accessdate=26 January 2015|date=29 July 2014}}</ref>
| |
|
| |
| <ref name="Eddy-2014-03-11">{{cite web|date=11 March 2014 |first=Max |last=Eddy |url=http://securitywatch.pcmag.com/security/321511-snowden-to-sxsw-here-s-how-to-keep-the-nsa-out-of-your-stuff |title=Snowden to SXSW: Here's How To Keep The NSA Out Of Your Stuff |publisher=PC Magazine: SecurityWatch |accessdate=2014-03-16}}</ref>
| |
|
| |
| <ref name="thenewyorker-2014-10-11">{{cite web |url=https://www.youtube.com/watch?v=fidq3jow8bc |title=The Virtual Interview: Edward Snowden - The New Yorker Festival |publisher=The New Yorker |website=YouTube |date=11 October 2014 |accessdate=24 May 2015}}</ref>
| |
|
| |
| <ref name="Cameron-2015-03-06">{{cite web|title= Edward Snowden tells you what encrypted messaging apps you should use |url=http://www.dailydot.com/politics/edward-snowden-signal-encryption-privacy-messaging/|first= Dell |last=Cameron |publisher=The Daily Dot |date=6 March 2015 |accessdate=24 May 2015}}</ref>
| |
|
| |
| <ref name="Yuhas-2015-05-21">{{cite web|title= NSA surveillance powers on the brink as pressure mounts on Senate bill – as it happened |url=https://www.theguardian.com/us-news/live/2015/may/21/nsa-surveillance-rand-paul-senate-live |publisher=The Guardian |first= Alan |last=Yuhas |date= 21 May 2015 |accessdate=24 May 2015}}</ref>
| |
|
| |
| <ref name="Beauchamp-2015-05-21">{{cite web|title= The 9 best moments from Edward Snowden's Reddit Q&A |url=https://www.vox.com/2015/5/21/8638251/snowden-reddit |publisher=Vox Media |first= Zack |last=Beauchamp |date= 21 May 2015 |accessdate=24 May 2015}}</ref>
| |
|
| |
| }}
| |
|
| |
| ==Bibliography==
| |
| {{Refbegin|30em}}
| |
| * {{cite journal|last1=Cohn-Gordon|first1=Katriel|last2=Cremers|first2=Cas|last3=Dowling|first3=Benjamin|last4=Garratt|first4=Luke|last5=Stebila|first5=Douglas|title=A Formal Security Analysis of the Signal Messaging Protocol |url=https://eprint.iacr.org/2016/1013.pdf |website=Cryptology ePrint Archive |publisher=International Association for Cryptologic Research (IACR) |date=25 October 2016 |ref={{harvid|Cohn-Gordon|Cremers|Dowling|Garratt|2016}} }}
| |
| * {{Cite conference|last1=Frosch |first1=Tilman |last2=Mainka |first2=Christian |last3=Bader |first3=Christoph |last4=Bergsma |first4=Florian |last5=Schwenk |first5=Jörg |last6=Holz |first6=Thorsten |title=How Secure is TextSecure? |conference=2016 IEEE European Symposium on Security and Privacy (EuroS&P) |publisher= IEEE |url=https://ieeexplore.ieee.org/document/7467371/ |format= |location=Saarbrücken, Germany |date=March 2016 |pages=457–472 |doi= 10.1109/EuroSP.2016.41 |isbn= 978-1-5090-1752-2 |ref={{harvid|Frosch|Mainka|Bader|Bergsma|2016}} |accessdate=28 September 2016 }}
| |
| * {{Cite conference|last1=Rottermanner|first1=Christoph|last2=Kieseberg|first2=Peter|last3=Huber|first3=Markus|last4=Schmiedecker|first4=Martin|last5=Schrittwieser|first5=Sebastian|title=Privacy and Data Protection in Smartphone Messengers|url=https://www.sba-research.org/wp-content/uploads/publications/paper_drafthp.pdf|conference=Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (iiWAS2015)|publisher=ACM International Conference Proceedings Series|isbn=978-1-4503-3491-4|date=December 2015 |ref={{harvid|Rottermanner|Kieseberg|Huber|Schmiedecker|2015}} |accessdate=18 March 2016}}
| |
| * {{cite conference|last1=Schröder|first1=Svenja|last2=Huber|first2=Markus|last3=Wind|first3=David|last4=Rottermanner|first4=Christoph|title=When Signal hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging|date=18 July 2016|url=https://www.internetsociety.org/sites/default/files/09%20when-signal-hits-the-fan-on-the-usability-and-security-of-state-of-the-art-secure-mobile-messaging.pdf|publisher=Internet Society (ISOC)|conference=Proceedings of the 1st European Workshop on Usable Security (EuroUSEC ’16)|location=Darmstadt, Germany|isbn=978-1-891562-45-7|ref={{harvid|Schröder|Huber|Wind|Rottermanner|2016}}|accessdate=29 August 2016|url-status=dead|archiveurl=https://web.archive.org/web/20160828135326/https://www.internetsociety.org/sites/default/files/09%20when-signal-hits-the-fan-on-the-usability-and-security-of-state-of-the-art-secure-mobile-messaging.pdf|archivedate=28 August 2016}}
| |
| * {{cite conference |first1 = Nik |last1=Unger |first2=Sergej |last2=Dechand |first3=Joseph |last3=Bonneau |first4=Sascha |last4=Fahl |first5= Henning |last5=Perl |first6=Ian Avrum |last6=Goldberg |first7= Matthew |last7= Smith |title = SoK: Secure Messaging |publisher = IEEE Computer Society's Technical Committee on Security and Privacy |conference = Proceedings of the 2015 IEEE Symposium on Security and Privacy |year = 2015 |pages = 232–249 |isbn = |doi=10.1109/SP.2015.22 |url = http://ieee-security.org/TC/SP2015/papers-archived/6949a232.pdf|ref={{harvid|Unger|Dechand|Bonneau|Fahl|2015}} }}
| |
| {{Refend}}
| |
|
| |
| ==External links==
| |
| {{Commons category|Signal Messenger}}
| |
| * {{Official}}
| |
| * [https://ssd.eff.org/en/module/how-use-signal-android How to: Use Signal for Android] by the Electronic Frontier Foundation
| |
| * [https://ssd.eff.org/en/module/how-use-signal-ios/ How to: Use Signal on iOS] by the Electronic Frontier Foundation
| |
|
| |
| {{Cryptographic software}}
| |
| {{Instant messaging}}
| |
|
| |
| [[Category:Cross-platform software]]
| |
| [[Category:Cryptographic software]]
| |
| [[Category:Free and open-source Android software]]
| |
| [[Category:Free instant messaging clients]]
| |
| [[Category:Instant messaging clients]]
| |
| [[Category:Free security software]]
| |
| [[Category:Free software programmed in Java (programming language)]]
| |
| [[Category:Free VoIP software]]
| |
| [[Category:Instant messaging clients programmed in Java]]
| |
| [[Category:Internet privacy software]]
| |
| [[Category:IOS software]]
| |
| [[Category:Secure communication]]
| |
