This spring, text messages got a lot more private. In April, the world’s most popular messaging service, WhatsApp, announced it would use end-to-end encryption by default for all users, making it virtually impossible for anyone to intercept private WhatsApp conversations, even if they work at Facebook, which owns WhatsApp, or at the world’s most powerful electronic spying agency, the NSA. Then in May, tech giant Google announced a brand new messaging app called Allo that also supports end-to-end encryption.
Making the news even better from a privacy standpoint is that both WhatsApp and Allo use a widely respected secure-messaging protocol from Open Whisper Systems, the San Francisco-based maker of the messaging app Signal.
To recap, there are now at least three different instant-message services that implement robust encryption: WhatsApp, Signal, and Allo. How is someone who cares about their privacy and security to choose between them?
In this article, I’m going to compare WhatsApp, Signal, and Allo from a privacy perspective.
While all three apps use the same secure-messaging protocol, they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud — and therefore available, in theory at least, to government snoops and wily hackers.
In the end, I’m going to advocate you use Signal whenever you can — which actually may not end up being as often as you would like.
What’s up, WhatsApp?
With more than 1 billion users, WhatsApp is the world’s most popular messaging app. Which is why it was huge news among encryption advocates when the company a year and a half ago announced a partnership with Open Whisper Systems to integrate the Signal protocol into its product. The rollout was gradual, starting only on the Android version of WhatsApp and only for one-on-one text communication, but by this past April, WhatsApp was able to announce it was using the Signal protocol to encrypt all messages, including multimedia messages and group chats, for all users, including those on iOS, by default.
So if a government demands the content of WhatsApp messages, as in a recent case in Brazil, WhatsApp can’t hand it over — the messages are encrypted and WhatsApp does not have the key.
But it’s important to keep in mind that, even with the Signal protocol in place, WhatsApp’s servers can still see messages that users send through the service. They can’t see what’s inside the messages, but they can see who is sending a message to whom and when. And according to the WhatsApp privacy policy, the company reserves the right to record this information, otherwise known as message metadata, and give it to governments:
WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.
A WhatsApp spokesperson told the Committee to Protect Journalists, “WhatsApp does not maintain transaction logs in the normal course of providing its service.” However, the company makes no promises and could easily record and hand over metadata in response to a government request without violating its own policy.
When you first set up WhatsApp, you’re encouraged, but not required, to share your phone’s contact list with the app. This helps the WhatsApp service connect you with other users quickly and easily. A WhatsApp spokesperson confirmed to me that the company retains contact list data, which means that WhatsApp could also hand over your contact list in response to a government request.
Finally, online backups are a gaping hole in the security of WhatsApp messages. End-to-end encryption only refers to how messages are encrypted when they’re sent over the internet, not while they’re stored on your phone. Once messages are on your phone, they rely on your phone’s built-in encryption to keep them safe (which is why it’s important to use a strong passcode). If you choose to back up your phone to the cloud — such as to your Google account if you’re an Android user or your iCloud account if you’re an iPhone user — then you’re handing the content of your messages to your backup service provider.
By default, WhatsApp stores its messages in a way that allows them to be backed up to the cloud by iOS or Android. WhatsApp does let you remove your chats from these cloud backups if you go out of your way to do so, which I recommend you do, if you use WhatsApp to discuss anything sensitive.
Allo, World
Google's decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe. Avoid it for now.
— Edward Snowden (@Snowden) May 19, 2016
The first thing to understand about Google’s forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an “incognito mode” within the app, which will be secure but include fewer features.
It’s 2016. We should be moving toward a future where the conversations we have on our phones are private, but Allo’s lack of default encryption is clinging to the past. Google releasing a new messaging app without default end-to-end encryption is like Tesla announcing a brand new model that only lets you use the airbags when you’ve disabled the entertainment system. As NSA whistleblower Edward Snowden put it, Allo’s defaults are “dangerous” and “unsafe.”
On the other hand, Google is trying something brand new, applying so-called machine learning techniques directly to your conversations. Allo hooks into an artificial intelligence called Google Assistant, which will read all of your messages and offer suggested responses, in your own slang, that it thinks you would likely write yourself. It also brings Google search directly into your conversations — you and your friends could, for example, search for a restaurant, pick one out, and make a reservation without having to leave the app.
Allo’s machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson told me. The spokesperson also said Google isn’t ready, until Allo is released later this summer, to make any promises about where user data will be stored or for how long.
The technology behind Allo looks very cool, but it’s moving in the wrong direction with regard to privacy. If privacy is important to you, you should use a messaging app that encrypts messages by default instead.
Along with Allo, Google is also releasing a new video calling app called Duo. Unlike Allo, all video calls in Duo will be end-to-end encrypted by default. Google isn’t releasing details — how the encryption works, if it’s possible for users to independently verify that it’s secure, or if metadata of the calls will be retained on Google’s servers — until it’s publicly released.
Allo and Duo will both be covered under Google’s privacy policy. Unfortunately, this policy doesn’t break out details about specific Google products.
Signal in the Noise
The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app’s code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible.
Like WhatsApp, all messages sent over Signal are end-to-end encrypted, and Open Whisper Systems doesn’t have the keys to decrypt them. What about message metadata, your phone’s contact list, and cloud backups?
Signal’s privacy policy is short and concise. Unlike WhatsApp, Signal doesn’t store any message metadata. Cryptographer and Open Whisper Systems founder Moxie Marlinspike told me that the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second.
Signal users must share their contact list with the app in order to find other users — in WhatsApp, this is optional but recommended. But Signal doesn’t directly send your contact list to the server. Instead, it uses what’s known as a cryptographic hash function to obfuscate phone numbers before sending them to the server. (It also truncates the hashed phone numbers, if we’re being precise about things.) The server responds with the contacts that you have in common and then immediately discards the query, according to Marlinspike.
If you back up your phone to your Google or iCloud account, Signal doesn’t include any of your messages in this backup. WhatsApp’s gaping backup issue simply doesn’t exist with Signal, and there’s no risk of accidentally handing over your private messages to any third-party company.
Really happy with the Signal anti-forensics architecture: encrypted database excluded from backup, key in keychain. https://t.co/URipYdxnnI
— Frederic Jacobs (@FredericJacobs) February 24, 2016
Of course, this also means there’s no way to back up your Signal data to the cloud — a feature that some users find useful. If you lose your phone and restore a new one from backup, you simply lose all of your chat history. The Android version of Signal lets users locally export and import app data, for example if you’re switching to a new phone but still have your old one, but the iOS version of Signal does not support this.
In short, if a government demands that Open Whisper Systems hand over the content or metadata of a Signal message or a user’s contact list, it has nothing to hand over. And that government will have just as little luck requesting backups of Signal messages from Google or Apple.
From a user privacy perspective, Signal is the clear winner, but it’s not without its downsides.
Compared to WhatsApp’s 1 billion users, Signal’s user base is minuscule. Marlinspike said that they don’t publish statistics about how many users they have, but Android’s Google Play store reports that Signal has been downloaded between 1 and 5 million times. The iPhone App Store does not publish this data.
This means that if you install the Signal app, chances are you’ll have to convince your friends, family, and colleagues to install it as well before you can benefit from Signal’s top-grade privacy protection. If you install WhatsApp, chances are a lot of your contacts are already using it, and you can begin having encrypted conversations with minimal effort.
Signal also has fewer features and gets improved at a slower pace than its corporate competitors. For example, an early version of Signal Desktop has been available since the end of 2015, but it’s only available for Android users — iPhone support has not yet been developed, and it’s unclear when it will be finished. WhatsApp has a desktop version that works regardless of the type of phone you use.
Marlinspike told me that Open Whisper Systems has three full-time staff: two software developers and one person who handles user support and project management. With such incredibly limited resources, it’s surprising that they’ve accomplished as much as they have.
Thanks for the article. I’ve used Signal, Silent Phone, Wickr and What’s App regularly and obviously (until very recently) would not have even considered What’s app to be a private channel. That said, I do appreciate What’s App moving to implmemt Signals’s protocol whilst also giving users the option to NOT share their contact list with their servers. The vaunted Signal won’t let users use the app without giving it access to it. Despite their contact obfuscation, I believe users should always have the option to NOT grant access to their contact list (hash function or not). Signal also sometimes fails to push messages in a timely fashion and one has to open the app to be definitive no messages are pending (and no, that’s not just on WiFi). Another con is the limitation on what one can share via the app- Signal only allows pictures and videos to be transmitted (not even “Contacts” can be shared directly via the app). Further videos cannot be too large or they won’t transmit- I’ve received two videos recently but somehow the videos’ audio got lost in transmission! What’s App handles large videos and gives users the option to share various file types like PDFs which is very useful (also contacts can be shared). Wickr is a loser because they’re closed source and so are out of step with the security communities trend towards verification of the underlying source code. Users are basically trusting them in entirety on their promise of privacy without any open source verification. Aside from that, the app takes a while to open every time it’s launched but offers integration with third party file sharing services. It also offers a small but nifty editor for pictures before transmission (Ive found it handy more often than I thought I would). Silent Phone is open source but has moved towards the enterprise market, thereby forgoing their previous avatar focussed on individual privacy. For example- an option to make anonymous purchases of subscriptions has been replaced with a mandatory credit card on file with the company. Also, since it’s a paid service, only your more committed partners will install and maintain the service despite their sometimes poor support. Their “Silent World” facility is unique but has privacy implications users need better understand ( as its not fully encrypted the whole route of a call). All said and done, if you’re looking for the greatest accelerator to the best encryption easily available for adoption amongst your friends and family, Signal is more likely to get you there than Silent Phone or Wickr. What’s App still has the best features but users need to be wary of a company owned by Facebook, when it comes to their privacy in the long term. Use with caution.
Concur on all observations above but would emphasize on Signal App (iOS);
-whilst pretty dependable for ‘ plain vanilla’ message exchange, the channel frequently drops during voice calls.
-Lack of facility to exchange documents is an inhibitor to deploying for professional purposes or even making meaningful exchanges with family
– cannot delete individual messages in a thread and are often forced to needlessly wipe the entire conversation.
– Each message lacks an individual time stamp
– Forcing us to give up access to their phone book is not a big draw for people looking for privacy in all aspects of the app design, regardless of wether it’s hashed before transmission or not.
– It would be a more private model if Signal allowed the option to sign up and maintain an account without attaching mobile numbers to the system.
Though I read the brains behind Sigal has been dismissive of the following;
– A passcode to access the app would also be great
– As would an option to ‘destroy’ messages after delivery, despite the flaws in what that might imply for user privacy, it’s still useful.
Conclusion; Singal is a great product but needs a boost in some critical areas to push over more users into making it their default messaging app. It’s close and could easily be the one to tick all the boxes but for a few areas.
PS; Silent phone has gone off the reservation, as it were, shifting from a great privacy suite to an enterprise quagmire! Backsliding on their privacy pledges and offering terrible support to their individual (vs enterprise) paying clients.
My personal opinion is What’s App cannot be trusted to be truly private,. Facebook did not pay $17billion USD to offer WhatsApp users bulletproof privacy. I suspect Signal is more dependable in this regard and wish them the best of luck!!
Interesting article – a couple of things to note: Signal is funded by the US government via a “grant” (hmmm), all of these services send the messages (encrypted or not) to their servers, where they are stored and later picked up by the recipient (this has metadata), agree that just because encryption algorithm is new doesn’t mean it’s bad. An interesting option is rakem – uses self-mutating encryption at incredible encryption key lengths, does not use servers (device to device transmission) and has a ton of features – worth a look.
You have missed on pretty good app, Threema. Also you have failed to mention that facebook often suggests friends based upon my contact list, that whatsapp has provided to facebook.
So far, if you actually want privacy on the internet (nearly impossible) you basically need to create dummy accounts, maintain an empty contacts list, probably a separate phone (maybe even one without a SIM) and basically lie to every service you need that does not require payment. As soon as you require payment features you are lost.
So tinder requires facebook, which reads whatsapp contacts, and requires google play to download software. Throw in paying for something and the best you can achieve is ‘difficult to find’, but not anonymity. Then add in other apps like Uber, Airbnb, Paypal, LinkedIn, Personal banking applications etc.. And it seems that Android is deliberately designed to allow access to all personal information. After all Googles entire business model is predicated on access to personal information.
My next app needs to be some form of dummy phone book/contacts list, so whatsapp and others can read it, whilst I keep the rest of my contacts private.
both of these companies are located in the u.s. and thus open to court orders from the 3 letter agencies. why does signal want to see my calendar in the permissions? anyway, i avoid both of these apps and use the biocoded app.
btw, people bad mouth telegram too often. look into their secret chat function…just because mtproto encryption is new doesn’t mean it is bad.
Thanks for the interesting article/review. One thing though: using signal or whatsapp on android usually means to have google play services installed. Which adds another security and privacy implication. It would be more wise to get rid oft Google services completely. Theres a project in github called microgms which aims to replace the Google services. It works just fine with signal.
Great article, Mr. Micah Lee. Thanks!
Has anyone mentioned Telegram as a viable alternative?
It’s not e2e by default and they try to drag more users away from it by marketing bots all the time, but it’s “Secure Chat”s work overall reliably and they promised to make not only their client but also the server and Open Source.
Telegram is not a viable alternative.
It uses *proprietary* e2e encryption and is not open source.
I’ve got Signal installed since quite a while, but it still has some edges that make it not really usable as a messenger for me, as the notifications only work on wifi. That means that I actively need to start the app in order to check whether someone wrote to me… That’s ridiculous, of course.
Signal’s encrypted audio calls also don’t always work for me and my friends.
User associations set between the phone book and Signal’s list of users vanish sporadically.
Signal still has a LONG way to go to become usable!!!
Having said that, its predecessor ChatSecure was even worse but!
Yet, if one’s friends believe they’re safe with WhatsApp now – since it’s all e2e encrypted, thanks to Signal protocol usage – one will never succeed pulling them over to Signal. Awareness of the problems isn’t there, big time!
Perhaps the problems I keep running in are due to my old Samsung S2…
Soon I hope to test it on a CM’ed One+ … I hope for something better!
If Signal keeps having such fundamental issues it won’t grow a user base, no way. Sad, but logical!
Correction: Signal’s predecessor is of course TextSecure, not ChatSecure. But both caused similar trouble for me. Worse than Signal these days.
You probably don’t get the notifications because you’re phone kills the app in the background when you’re not in WiFi. I had that problem both on WiFi and mobile connection until I found an option in my phone’s battery settings to leave Signal alone. Works without a problem since. So it’s not an issue with Signal, but the way battery management works on Android.
There is a fourth option that uses Axolotl underneath. It’s called OMEMO: https://conversations.im/omemo/
It can do multi-device encryption, so that you can shift between your laptop and phone and keep the conversation going, in principle. Unfortunately, so far it’s experimental and Conversations, which invented it, is the only client that can really use it, so you probably won’t ever have two devices available; Gajim is alright but not something I would seriously recommend to anyone.
It also *runs on standard XMPP*: https://xmpp.org/extensions/inbox/omemo.html (unfortunately this XEP is useless tight now: it specs “and then you call into Moxie’s library” which is hardly a spec).
OTRv4 is going to adopt Axolotl as well (https://lists.cypherpunks.ca/pipermail/otr-dev/2016-March/002447.html). informally unfortunately it might be too late, brandwise, for OTR. If you think getting people to install *Signal* is hard, try getting them onto XMPP; the point at which they have to choose a server to use is where 70% of people check out, and you lose the rest when OTR keeps glitching out on them. OTRv4 should finally fix that, but it’ll be too late by then :(
Great artical I look forward to switching from what’s app to signal
Chatsecure http://chatsecure.org/ does not require any data from your contact list.
Any thoughts on Wire vs Signal? Do you think the upcoming EFF comparison will include Wire?
https://wire.com/?hl=en
Remember to change the settings so your message content isn’t transmitted via push messages without end-to-end encryption!
One large oversight that is missing in this article is push messages.
Both WhatsApp and Signal send the push messages that contain the sender and the message text by default. They are not end-to-end encrypted.
So if a government agency wants to get your instant messaging data they can simply ask Apple or Google for it even if you are using WhatsApp or Signal.
You have to go to the settings of the app to prevent this! If you turn it off you will still get push messages but all they tell you is “a message has arrived”.
This isn’t true. In Signal, the push notification message doesn’t contain any message content or metadata. It just wakes up the Signal app and has it connect to the server asking for new messages: https://twitter.com/whispersystems/status/745744856509612032
I haven’t verified that WhatsApp works the same way, but I assume it does because they worked with Open Whisper Systems to implement their crypto. And there’s no way that the push notification includes the plaintext message body, that would be completely absurd.
The settings option you’re referring to isn’t about push notifications, it’s about what gets displayed on your lock screen.
Is this true for Signal running on iOS as well?
Micah thank you for the article!
I wanted to ask you, after two years Google started to implement PGP in Gmail (https:// security.googleblog. com/2014/06/making-end-to-end-encryption-easier-to.html) we hear no news since then.
Could you ask if there are any news and keep us informed, please? :) Thank you so much
Micah after two years Google started working on how implement PGP in Gmail (https://security.googleblog.com/2014/06/making-end-to-end-encryption-easier-to.html) we heard no news after that day.
Would it be possible for you to ask for any update (if it exists) and keep us informed with an article, please? Thx :)
Thanks for this article!
I’d like to know how encryption works when the desktop version of Whatsapp is used. Is it as safe as using the mobile app?
Great article Micah. Been using iMessage forever, but have been convincing my Android friends (all were just using SMS) to start using Signal recently and it works great. I’ve been considering moving the family to it instead of iMessage and this may be the push I needed.
Have to make a donation to Open Whisper Systems, their situation sounds better than GPG 2 years ago, but that’s not saying much.
Where can I download the source? ;^(
Would that be the iOS version? https://github.com/WhisperSystems/Signal-iOS
Or the Android version? https://github.com/WhisperSystems/Signal-Android
Thanks.
Of course, I’d prefer code that runs in an OS I have the source for, as well (and I have had that for years, as long as I stay away from commercial operating systems for serious work), but this is good to know about.
Doug, can you recommend a good alternative to windows? Is Ubuntu the most user friendly linux based OS?
encrypted texting
Windows, Linux, Mac OS: Pidgin http://pidgin.im/
Android, Iphone, Blackberry: Chatsecure http://chatsecure.org
encrypted video calls
Windows, linux, MacOS – Jitsi (encrypted texting too) http://jitsi.org + SIP account http://www.ostel.co
Android, Iphone, Blackberry: Linphone http://www.linphone.org/
It is more secure than Signal…
Linux Mint (linuxmint.com) is an Ubuntu derivative, and the developers of the Cinnamon desktop UI (https://en.wikipedia.org/wiki/Cinnamon_(software)) , which you should find similar enough to the classic Windows UI to get started with. I moved to that some time back and have been quite happy with it.
Have you ever heard of the Android Open Source Project?
Could it be found at http://source.android.com/ ?
Any reason why Wickr wouldn’t be in this versus Signal?
Its preferred in the hack community.
Ii doesn’t require sms, or email and uses AES256 along with ECDH521 to secure its messages, and then again for each key, and is encapsulated in TLS.
It’s by far the most ambitious encryption protocol out there.
“Preferred in the hack community”? I never even heard of Wickr.
It doesn’t appear to be open source and its crypto is hand-wavy (“state of the art”, “patent protected”) – does it even provide PFS? I can’t tell after looking at their website.
Yep PFS and all. I met them at defcon, if you go , ask around. Interesting stuff :)
I have cracked whatsapp encryption and post it on forensicfocus the code.
Signal is a zero security product, i could intercept it easily using ss7 or by remote exploit.
Both are ZERO security products, FOR KIDS
Get lost, kid..
There is a weak link in the chain.
The identity of the person at the other end can be spoofed. So while the Muslim jihadist in Virginia thinks he is chatting with his Wahaabi handler in Riyadh, he may be actually in an animated chat with someone in nearby Langley, and this through a nicely encrypted channel.
ah…… the ol’ man in the middle hijacked entrapment scheme.
no complaints here.
i would take this any day over back door business data thievery.
Actually, both WhatsApp and Signal allow users to detect man-in-the-middle attacks by comparing cryptographic fingerprints. If you’re using Signal and suddenly you get an “Identity key changed” warning when texting a friend, this either means 1) your friend got a new phone, or 2) there’s an attack. You can contact your friend out-of-band (like meet in person or call them on the normal-phone) and compare Signal/WhatsApp fingerprints to confirm that an attack isn’t taking place.
That is indeed good news. Terrorists change their identity several times a day, so they will take this message as a genuine attempt by the contact to follow the terror manual. Only those who are not islamic terrorists will be appropriately alerted to the mischief.
Whatapp doesn’t have this functionality turned on by default (a strange choice). If you want to know if someone’s fingerprint has changed, you need to enable the setting first.
Micah, this is where Threema has absolutely nailed it. In order to fully validate someone’s identification, you need to scan a QR of their Threema ID. If their identify was only matched from their phone number/email address, then their identity isn’t fully validated (and you get a visual 2/3 dots that shows this; after you scan someone’s Theema ID via a QR, you get 3/3.
That initial connection *could* be MITM’d if you’re binding a cryptographic fingerprint to something that’s matched by a third party, or the third party could maliciously match you with someone else. If you’re seriously validating someone’s ID, the weak point is the third party — in this case, Signal’s/Whatsapp’s/Threema’s servers doing the matching of email addresses/phone numbers to a fingerprint. By matching something on each device that represents the fingerprint — a QR code, in this instance — you’re avoiding the need to trust a third party… at least for the identity part.
As a side note, I still would take Signal over Threema for everything else since Threema’s code is not open.
What about iMessage? Don’t they also offer end to end encryption? What’s the difference between Allo and iMessage from a privacy standpoint?
It’s hard to compare anything with Allo because the app isn’t released yet and Google isn’t making firm promises about how it will work yet.
But a few quick things about iMessage:
* The encryption only supports Apple products, which means if you text Android users, those messages aren’t encrypted
* The iMessage protocol doesn’t support Perfect Forward Secrecy, while the Signal protocol does
* iMessage doesn’t expose any UI to verify that the encryption is working (comparing fingerprints), while both Signal and WhatsApp do (unclear about Allo though)
* iMessage has the same gaping backups security problem that WhatsApp has
sounds to me like you know what the hay you are talking about.
For business communications, i have expressed concerns about business data being hijacked by big wallstreet competitors with connections.
I would really appreciate your input and expertise (opinion is fine) on how businesses can keep their communications and data safe.
thank you cery much in advance.
See my above post. To add to what Micah wrote:
1) iMessage is not open source. We have no idea about what goes on behind the scenes. This is probably fine for asking your mum what time suits for brunch on Sunday, but if you’re Snowden, you wouldn’t touch it.
2) Your metadata is not protected with iMessage.
3) You know that nifty feature that enables iMessage to work across devices? Guess what? Apple can use that to make it work on any device that they choose (one that doesn’t belong to you).
4) Apple could also MITM you. You have no way of knowing if the cryptographic fingerprint has changed (which could mean that your friend has bought a new phone, reinstalled their phone, or that your friendly 3-letter government agency is reading everything that you’re sending).
If you’re serious about privacy — like me! can you tell? — then you should avoid both iMessage and Allo. Signal is the way to go, as Micah said.
However, I use iMessage as a fallback… I figure that it’s better than the telecos being able to see what I write. And in many countries, the governments are tapping directly into their servers and hence your messages. At least with iMessage, it’s apparently (!) impossible for Apple to hand your messages over if you’re not storing them in iCloud and the government can’t break into your device.
It all depends on your threat model!
What to make of reports that conversations had securely in WhatsApp correlated to ads on similar topics appearing shortly thereafter? I read of an example where someone who had never seen Game of Thrones or talked about it before tested a conversation on WhatsApp where they mention Game of Thrones and Game of Thrones characters and were quickly bombarded by Game of Thrones related ads.
Also, any thoughts regarding data leaking from soft keyboards or voice to text in Android or on iOS? I know someone who uses signal for privacy but pointed out that maybe talking into their phone isn’t the most secure idea since that’s all being sent up to the cloud.
“WhatsApp’s servers can still see messages that users send through the service. They can’t see what’s inside the messages, but they can see who is sending a message to whom and when.”
Advertiser build profiles. The APP only protects the message, not the sender’s identity.
To the case you mentioned about GOT, my cell phones contact list was backed up by Verizon. Within 48 hours, I got a request from LinkedIN regarding an individual on my cell phone list whom I had NO other affiliations with. Never sent this person an email or communicated via internet.
So, how did LinkedIn know that I knew this person? They received the information from Verizon. Verizon SHARES your cell phone contacts list with other service providers.
It’s called 3rd Party data sharing. I also subscribe to the concept that this is the legal justification the NSA uses for data collection. The Govt makes itself a 3rd party to marketing agreements whereby company give them information.
I understand how a third party might leak your info. But that doesn’t quite explain the GOT issue I rasied– I’m talking about a situation where you have two parties, both using WhatsApp w/e2e encryption. In the blog I read (it was on Hacker News a month or so ago) they did a test– they started discussing GOT– something neither party had discussed before– and shortly thereafter GOT-related ads started appearing. This is a conversation that should have been completely opaque to outside parties including What’sApp. So how did the advertisers know about it?
This is not a case where there was any third party that should have had access to the content of the conversation– not even WhatsApp has keys to decrypt the conversation. So what was the deal?
Finally, regarding the NSA as a 3rd party. The government doesn’t need to actually be the 3rd party– it can end around the law by simply CONTRACTING with a third party and then accessing the data that way.
Got it. Sounds a lot like my experience with cell phone contact list.
Either
1. It was coincidence based on previous knowledge of the sender. Ie..they already knew he/she like GOT. Knew they were speaking to another party and sent GOT information
2. Encryption was defeated in some way….not setup properly or doesn’t work or was disabled during installation by outside party. See my earlier post on this thread related to MOBL.
I don’t believe in coincidence any more.
I don’t trust ANYTHING Android. I’ve got my reasons.
I’m curious why you did not include Telegram Messenger in your comparison.
There are many other messaging apps that sell themselves as being secure or encrypted, including Telegram, Threema, and many others. EFF did a thorough comparison of them (now out-of-date, though they’re working on a new version), and I didn’t want to re-do their work. I chose Signal, WhatsApp, and Allo because they all rely on the Signal protocol for end-to-end encryption.
But in regards to Telegram specifically, I would recommend against using it: https://cpj.org/blog/2016/05/why-telegrams-security-flaws-may-put-irans-journal.php
A major advantage of Threema is the fact that it can be used anonymously, i.e., the user doesn’t need to provide any personal information (such as the phone number or e-mail address). Given that Signal is backed by the US government, I don’t like the idea of tying my phone number to my account (because that’s an immediate loss of anonymity).
Whatsapp is not ‘secure’. It is proprietary software, so we do not know how the encryption works. I think that there is the distinct possibility of backdoors. In fact, given it is made by Facebook, it is almost a given.
Signal is ‘better’, but has problems too. For instance, they do not offer any way of installing the app except from Google Play. If you are worried about privacy and security, and have installed Cyanogenmod or Replicant without the Google Apps, then you can’t use it. You can’t build the source code either because Signal uses the proprietary Google libraries, so doesn’t work.
Open Whisper Systems is completely opposed to other Signal derivatives. They don’t like people building from source and installing it from anywhere but Google Play in general, going as far as demanding that F-Droid, the largest repository of FOSS Android applications on the planet (it is seriously good, by the way, and is a more-than-adequate replacement for Google Play), remove their rebuild of the Signal client, despite the fact that you are within your rights to do this under the GNU GPL which Signal is licensed under.
They also hate federation. Federation of protocols is basically like email. You can communicate with other people on other servers using the same common protocol. It allows you to switch to another part of the network if you find out that the part you are using is malicious. This is a solution to mass surveillance and censorship. There was a rebuild of Signal called LibreSignal which did not require the Google applications and libraries (they come in a giant blob, you can’t have one without the other) but because they couldn’t fund their own server they wanted to use Open Whisper Systems’ server, and agreed to put a text string up identifying them. However, OWS was opposed to this.
Moxie Marlinspike who runs OWS recently wrote an article on the OWS blog saying why they are opposed to federation: https://whispersystems.org/blog/the-ecosystem-is-moving/. Basically they want to have control over the direction of the development. They want “open source” development but not the implications that go with it.
I’ll just say this: if you want a real secure messenger, use ChatSecure, from the Guardian Project, which allows you to send XMPP messages safely. Another great app is Silence, which does not go through servers, it just sends SMS and you exchange keys in person or over the internet. Both of these can be downloaded from F-Droid as they are just free (as in freedom) software, with the source code completely available and not dependent on the proprietary Google libraries or apps.
On what grounds did they demand F-Droid remove their builds? Moxie explicitly denies this:
https://github.com/WhisperSystems/Signal-Android/issues/282#issuecomment-21763403
Also, you said that you can’t build from source because Signal is using the Google libraries– but if you can’t build from source, how was F-Droid doing it? Or were they using LibreSignal? And if so, and if that would benefit from official support via Open Whisper’s server, then that’s a completely different issue than not wanting the implications that go with open source. Those implications don’t include providing server support along with its associated costs.
Moxie made a big deal about not using the Signal servers, which he also refused to make totally open source. He didnt want it on FDroid and had a big problem with LibreSignal. Reproducible builds (one of the best reasons to use FDroid). Anyway, ChatSecure is totally open source, well-audited, has reproducible builds available on FDroid, doesn’t pull contacts or do pushes and among other things doesn’t make you use a centralized server or physically locateable identifier. There are also questions about Whisper’s funding from what I understand. I’m not opposed to Whisper, per se, but from an open source and privacy perspective I’d say it has its flaws and I’m not inclined to trust it, myself. I wouldn’t trust anything someone doesn’t want me to compile and go through myself even if it IS good code (see also the seminal paper ‘Trusting Trust’).
I think Moxie Marlinspike just asked them to take it down for personal reasons and they did it out of sympathy. Not that any sympathy was deserved, considering GPLv3 allows and encourages sharing.
Whatever, just use ChatSecure or Silence. They respect our freedom.
and besides, the burger meister has a reputation of a thief. With a take take here, and a take take there… he’s a digital klepto in the virtual world.
Eval Signal vs WUP vs Allo. Also read interesting comments.
Dad.
whatsapp is handled by a thief – i wouldnt trust this app if he swore on a stack of bibles.
allo, nah. google is competent but lives on knowledge – so there is a catch somewhere and i would bet it has a back door.
SIGNAL. yes. however if this is rsa style key driven, eventually it will be cracked – just takes more horsepower and the industry is adding horse all the time.
OTHER. did you ever try to reassemble a shredded crosscut fax? (hehe)
Everything with a server in the middle, particularly one with a telephone number as an identifier, is probably handled by a bunch of thieves (NSA, GCHQ, et al).
“WhatsApp does not have the key”
And therein lies the weakness of this system. The KEY is most likely on your phone. Big Mistake.
“Once messages are on your phone, they rely on your phone’s built-in encryption to keep them safe”
Read about MOBL (mobileiron**com) then contemplate the following: Their biggest customer is AT&T, but also do business with Verizon. And they have In-Q-Tel as an investor and customer. Also, their product, can take over ALL functions of your device INCLUDING PASSWORDS.
See their Proxy at sec****gov/Archives/edgar/data/1470099/000155837016004942/mobl-20160623xdef14a.htm
Page 8, Michael Howard’s profile. He’s on the board and works on Lab41 for In-Q-Tel, a known CIA supplier.
Indeed the key is 100% on your phone… that is the entire point of it! If it were controlled by WhatsApp, then it’d only be secure over the wire against everybody else except WhatsApp. WhatsApp could read everything.
It’s not a mistake, as you wrote. It’s the only design option that makes sense if you want no third party to be able to read the messages.
Who knows.. since it’s not open source — and even then, we need proof that code = compiled binaries — maybe they’re reading everything anyway.
I can’t comment on the rest of what you wrote since I simply don’t know anything about it. However, I will say that the hardware on which the operating system runs needs to be secure. Who knows if chips’ random number generators are compromised? We know that the NSA has been active in weakening such protocols.
Wife and I have been using Signal as our main SMS client since back when it was known as “TextSecure.” Zero complaints, and it’s frankly a better SMS client than the default one on our android devices.
Us too. :-)
We used it for a long time (a year or so), but eventually switched back to Threema because there were often delays in message delivery.
Thank you for sharing this.
Thanks for this. The hard part is getting friends and family to use Signal, but I now include a recommendation for communicating by Signal in my auto-signature on every email I send.
Can you do a similar review for ProtonMail and TutaMail?
No surprise. She was a Goldwater-girl in the old days — you remember, the Goldwater who was pro-nuclear bombs to end Vietnam, etc. Hillary Clinton is a female copy of the old Goldwater doctrine.
https://www.youtube.com/watch?v=XNkjDuSVXiE