Is Signal better, safer than WhatsApp?
DUBAI: We tried it. Signal is emerging as a smarter alternative to WhatsApp. First, ease of use. Just download, sign-up (using your phone number) and start connecting with friends, family, colleagues.
Here’s what we found: the audio and video signal in Signal is much clearer. So Signal (as well as Telegram) have emerged as two of the top replacements for WhatsApp. People are reportedly leaving WhatsApp because Facebook, its owner, has updated its terms of use and privacy policy, causing a global outrage among privacy-conscious users. Many have declared their intention to delete WhatsApp and switch over. This may not happen overnight — if at all — knowing there are 2 billion WhatsApp users, though. Here are our quick takes:
What is Signal?
Signal is a messenger app that has gained momentum following the outrage over WhatsApp’s updated privacy policy. Signal has a razor-sharp focus on privacy.
Is it a free app?
Yes.
Does Signal support video group chats?
Yes. It supports group chats and group video calls too.
Is Signal safe?
Famous hacker and whistleblower Edward Snowden uses — and endorses — Signal. He’s not the only one. CEOs like Elon Musk (who started as a coder himself) and Twitter boss Jack Dorsey also recommend Signal. And here’s one crazy bit. Signal is “open source”. That means its code is peer-reviewed, which means that its privacy and security is regularly checked by independent experts (more on this below).
Is Signal then better than WhatsApp?
In terms of privacy features, it is. However, if you care about app features and since the whole world is currently using WhatsApp, there’s no doubt WhatsApp is ahead. If only a few people use Signal, or any messenger app, no matter how good it is, what’s the point? It’s supposed to connect people. If your social circle is on WhatsApp, no whiz-bang features that Signal, or any other app, has would add value to your life.
How can I download Signal?
Go to AppStore and Google Play and search for the app. The Signal app is available on numerous platforms — including Android, iOS, Windows, Mac, and Linux. You can only sign up via Android or iPhone.
Can I use it on my iPad, tablet, and desktop?
Yes. Once you have set up an account, you can link Signal to your iPad or your computer, and use the app even if your phone is switched off.
How can I use Signal on desktop/laptop?
[1] Register your phone number by verifying it to take your account live. [2] Go to signal.org. You'll see the option of Signal for Desktop where you further have the option between Windows and Mac.
How much did Signal grow?
Signal does not share growth metrics. In late 2016, Signal’s creator Moxie Marlinspike claimed the number of daily downloads had grown by 400% per cent following the election of Donald Trump. In recent days, from January 6 to January 10, Signal saw 7.5 million installs globally (2.3 million installs in India) from App Store and Google Play — a 4,200% jump, according to Business Insider.
4,200%
What about Signal on desktop?
WhatsApp is still miles ahead in this area. With Signal, you have to actually download the app on your Mac or PC. With WhatsApp, it’s just a matter of typing web.whatsapp.com, scan the QR code from your phone and you’re good to go. If you know of a way to make Signal work the same way, give us a shout, and we’ll update this post.
Is it true that Signal, given its encryption system, is the preferred tool of anarchists, sex predators, rebels, non-conformists?
Not really. In 2015, Marlinspike spent worked closely with Brian Acton (WhatsApp co-founder) on implementing an encryption system called Signal Protocol in WhatsApp. So today, Signal’s encryption system is used by 2 billion people on WhatsApp. Does that make them all fall under these adjectives? Encrypted-communication tools have become increasingly valuable given the spate of personal and financial data theft, among others. If drug dealers and bad guys use also money or crypto-currencies, does that make money/cryptos the root of all evil?
How does Signal make money?
Via donations. Signal, as a nonprofit, is an outlier in the tech industry. It runs entirely on doles.
Why Marlinspike values privacy?
Marlinspike is a bit of an enigma. He shies away from talking about his personal life. These include basic biographical facts: age, home town, birth name. “He spent much of his youth immersed in anarchist literature and communities, and anarchism’s inherent critique of authority is still important to him,” Wired wrote in 2016.
What is open-source code?
It doesn’t means that the full code of Signal is open for everyone to see. But the code base is open-source — publicly available for anyone to download and comment on — and subject to peer review. Some people note that strong encryption could preclude content moderation, potentially allowing disinformation, hate speech, propaganda, harassment, and incitements of violence to flourish.
What is Marlinspike’s relationship with DuckDuckGo browser?
Marlinspike has been widely credited for creating a browser extension, called GoogleSharing, for Firefox (Chrome rival). Google ties users’ numerous metadata to their activity, usually by having users log in to their accounts before accessing services. GoogleSharing gathered users’ activity on Google services and “anonymised” personal information, by scrambling individual activity and assigning it to generic proxy identities. This stopped Google from building user profiles, and from collecting information from services that did not require a log-in. Marlinspike no longer maintains the software, reports Wired, but it is still available to download — for free — on GitHub (a hangout for 56 million developers). Its successor search engine, DuckDuckGo, strips queries of identifying data.
What’s the debate over encryption?
Advocates of end-to-end encryption argue that any backdoor into an otherwise secure system will immediately become a target for foreign adversaries, terrorists, and hackers. But critics claim that end-to-end encryption could shield terrorist plots, child sexual exploitation, and other criminal activities.
What does end-to-end encryption mean?
It’s a system whereby the content of every communication — a text message, a video chat, a voice call, an emoji reaction — is understandable only to the sender and the recipient. If an exchange is intercepted (say, by a hacker), only a nonsensical snarl of letters and numbers are seen.
In plain English...
Without pre-arranging anything, two people can straight away start talking to each other in a way that nobody can understand, even if they hear the entire conversation.
How does Signal’s end-to-end encryption system work?
Signal claims the following:
- Signal itself cannot read the messages that users send.
- The app does not collect user “metadata”.
- It keeps no call logs or data backups.
- Signal’s mission is to make end-to-end encryption as ubiquitous as possible, rather than a commercial success
Is it true that WhatsApp is also using Signal’s encryption?
Yes, it’s true. Signal’s end-to-end encryption is so trusted that WhatsApp also adopted it. You can also enable additional security features such as requiring a second password (other than the OTP) to log in to Signal on new devices, biometric authentication, etc.
A security researcher uncovered a flaw that effectively allowed would-be attackers to bypass the entire system. The Clipper initiative was abandoned three years later. The export controls by that point had relaxed. By the late nineties, encryption software was circulating in abundance.
What would it take to get rid of Signal, or cryptography itself?
Get rid of the internet. Unless that happens, it would be mathematically and practically impossible, given the reported migration to Signal by legions of WhatsApp users. If anything, this would only heighten competition for the best, safest messenger. Cryptography and the internet — a creature designed to withstand a nuclear war — are so tightly interwoven today, that virtual private networks (VPNs) and Bitcoin are just some of its uses. They’re growing in importance. Privacy is important, so any digital solution to protect everyone’s privacy would be valuable. “You can never get rid of cryptography,” Marlinspike once said. “Sets of equations are everywhere. There’s no way for everyone in the world to unsee that, or to unknow it.”
Signal has good user controls and encryption, says cybersecurity expert
Here’s a review from Akram Khazi, CEO of RAS Infotech Ltd, a Dubai-based cybersecurity company.
By default, Signal has more updated security features, for example with disappearing messages. Signal is open source (source code is published for anyone to use or improve on). With Signal, the saving data on the local phone is optional for the user. With Whatsapp, you have to to configure the settings right in order to secure personal privacy.
All Signal source code is published for anyone to check. This means you can see what goes on behind it. If I’m a code review company, or third-party security company, I can assess the source code, and know its vulnerabilities. This helps secure the app even more. Signal has been constantly updating as and when vulnerabilities are discovered. This means you rely on coding experts to see these holes and call them out to be fixed. Whereas, with a proprietary tech like WhatsApp and Telegram, you can’t do this.
Signal definitely has good user controls and good encryption. It has good user-driven back-up option (only when the user allows a local back-up, that this feature is enabled). Making sure the data is not lying in the device when user does not intend to keep them. There are purely user-defined options.
Every app, no matter how “secure”, is ultimately a human creation. There will be some security vulnerabilities, which may emerge later. When that weakness is discovered, a hacker may exploit it.
But every app, no matter how “secure”, is ultimately a human creation. There will be some security vulnerabilities, which may emerge later. When that weakness is discovered, a hacker may exploit it.
Any bugs found on Signal app?
Yes. More “vulnerabilities” may come to light as more people use it, says Akram. For example, in May 2020, a cross-scripting vulnerability was discovered in Signal Messenger (in which a determined hacker can know your location, by simply calling you, also scooping up your IP address. In October 2019, an “eavesdrop vulnerability” was discovered, in which a hacker could spy on a user without the user’s knowledge. Signal fixed both. Another bug was seen in October 2019, which led callers to auto connect calls. There may be others that are yet to be seen.
Nobody can say Signal is immune to any vulnerability, or from hacking attacks. In my opinion, whether it's WhatsApp or Signal, both have pros and cons, it’s purely up to the user to configure the app, and ensure privacy and security features.
There’s a lot of bad press against WhatsApp. But billions of people have used and tested WhatsApp for years, and I’ve only started using Signal a few months ago. Signal, as a product is good. I’m still evaluating. People should test it out. You can’t simply move over. But I agree that whether on a personal or enterprise level, privacy is important.