Signal, a privacy-focused instant messaging platform on iOS and Android, is set to go mainstream and take on WhatsApp, thanks to the help of a WhatsApp co-founder.
According to Wired, which sat down with Signal creator Moxie Marlinspike, the app has put a $50 million USD cash injection from WhatsApp co-founder Brian Acton in 2018 to good use, raising the number of Signal Foundation employees from three to 20 and pushing out several new features since then. Acton also joined the Signal Foundation as executive chairman after leaving WhatsApp following Facebook’s acquisition.
However, those new features aren’t for the privacy enthusiasts and the paranoid security researchers that previously flocked to Signal. Instead, they’re for regular folks looking for a WhatsApp alternative. The features include iPad support, ephemeral images and videos in the vein of Snapchat, downloadable, customizable ‘stickers’ and emoji reactions.
But while those things seem like simple additions, for Signal, these messaging staples are more challenging. The Signal app is fundamentally end-to-end encrypted and doesn’t store conversation metadata on its servers — something not even WhatsApp promises, despite using Signal’s open-source protocol to end-to-end encrypt messages sent on its platform. Not storing metadata means Signal doesn’t know things like who messaged whom.
Signal’s encryption means finding new ways to do simple things
Ultimately, adding these features required engineering new security solutions and in some cases, new research in cryptography, according to Wired. In the case of stickers, for example, Signal needed to design a system where every sticker ‘pack’ is encrypted with a ‘pack key.’ That key is also encrypted and shared from one user to another when someone wants to install a new sticker pack. That way, Signal’s servers never see decrypted stickers or identify the Signal user who created or sent them.
Signal also has plans for a new group messaging system, which would allow group administrators to add and remove participants from a chat without Signal servers ever knowing the group’s members. The foundation partnered with Microsoft Research to invent a novel form of ‘anonymous credentials.’ These allow a server to gatekeep who belongs in a group without ever learning the members’ identities.
But for end-users, it’s just group messaging and it works. For Marlinspike, that’s an important factor. Part of the ability to get an app everywhere is its simplicity to use. If Signal is simple, it’ll make it easy for people to get on board, especially if they don’t know their way around a smartphone as well as others.
Signal is developing a way to securely store contacts on its servers
On top of that, the Signal Foundation is also working on a new feature called ‘secure valley recovery’ that would allow users to create and store an address book on a Signal server instead of syncing the app with the contacts on your phone. This would help keep everything synced when users switch phones, but it would also need to work without Signal’s servers seeing those contacts.
Further, that feature may eventually allow Signal to abandon cellphone numbers, which it currently uses to identify users and allow people to connect. It’s one of the few areas that privacy advocates have criticized. Using phone numbers forces Signal users to hand out their number if they want someone to contact them. Secure value recovery would be the first step in fixing that, Marlinespike told Wired.
All this has contributed to increased growth for Signal. In 2016, Marlinspike told Wired that Signal had two million users. Marlinspike wouldn’t give Wired an exact number in 2020, but on Android, the platform has had over 10 million downloads, according to the Google Play Store. Acton told Wired that another 40 percent of Signal’s users are on iOS.
But there’s still room to grow. Acton told Wired that Signal could grow into a WhatsApp-sized service.
“I’d like for Signal to reach billions of users. I know what it takes to do that. I did that,” Acton told Wired. “I’d love to have it happen in the next five years or less.”
Source: Wired Via: Android Police