Ever worry that “they” might be listening to your calls? Need to send your spouse an important text message, but concerned about anyone being able to read it along the way? Well good news! Signal is here to help!
What’s there to be worried about?
To be fair, the sophistication level needed to “tap” a phone call or intercept a SMS message is really high. That’s no reason to let your guard down. With the checkered history of the U.S. Government’s wiretapping coupled with domestic and foreign use of so called stingray devices, it’s not paranoid to be concerned. (I’m not a lawyer) It’s important to understand that communications can be taken out of context and used against you, even if you are innocent. The old adage of “if your innocent, then you have nothing to hide” is a misnomer.
Modern digital cell phone technology does implement some level of encryption between the phone and the tower, however there are ways around that. Additionally once the call is on the wire, it’s susceptible to anyone listening.
The SMS protocol suffers from many of the same security issues of email. Every SMS message you send is equivocal to a postcard. Anyone along the way can read all the information contained in it.
Spoofing and SIM swapping
While the Signal app won’t necessarily help with these issues completely, its important to understand what these are. The issue here is that you can’t really be assured that a message you send is going to the right person, nor can you know that a message you receive is actually from who you think they are.
Spoofing uses a feature in the callerID system that allows a number to appear to be another. This was intended for businesses that want to have a single number show up when they call someone, no matter who at the business was calling. Very useful in a call center setting where an individual phone might not be manned by the same person or at all. So grandma might be getting a call from her dear grandson, but actually it’s a scammer trying to steal money.
Subscriber identification module (SIM) swapping is much more dangerous. It involves getting a phone service provider to activate a new SIM on someone’s account allowing them to take over their phone line. This is especially important to understand if you use a SMS text as part of your two-factor authentication for something like your bank. There are several well publicized examples of this attack.
Signal to the rescue
End-to-End Encryption (E2EE) is the only real solution to any of these issues. With E2EE you can be assured that not only are your messages private, but also are coming from the person (well device) you expect it to. There are several app and services out there like WhatsApp, Telegram, iMessenger, etc that support encryption at some level, but only Signal can really be trusted.
Trust via transparency
Signal competitors are all closed source applications run by for-profit corporations. So you just have to trust that the software is doing what it says. In comparison, Signal’s source code is available for anyone to audit and many trusted independent security experts have done so. Because of this even if a government or nefarious actor wanted to force the project to introduce some backdoor, they would be unable to do so without notice.
Trusted by the government
While it is a little counter logic to trust an app because the government you don’t trust uses it, it is still worth mentioning.
With the discovery of rogue stingray devices in the D.C. area, the security of Congress and its staff’s phone and text messages were in doubt. So Signal was adopted for use on non-classified devices to deter broad espionage efforts.
The Army has also picked up usage of Signal for personal and government phones. When the 82nd Airborne was deployed to the Middle East, the soldiers were instructed to use Signal for communications that would have been over regular phone call or sms message.
While not used for any classified or sensitive information, chit chat on unencrypted devices can still be very useful to an adversary. They can use the bits and pieces picked up to paint a clearer picture than they otherwise would have been able to.
Bonus: Signal Desktop
A rather new feature of Signal is their desktop app. This allows you to type messages up and keep converstions going no matter what device you are on. I’m a fan :)
Overall Signal is worth your time to try out. You’ll probably be suprised at how many of your contacts are already using it. Since its free, there really nothing to lose by giving it a shot.
I hope you found this post useful and interesting. If you did, please consider chipping in to help offset the cost of running this website. That way I can keep bringing you content without the need for ads.