Signal was one of the most successful second generation secure messengers. It had a lot going for it…ease of use, fairly solid security, a good team and lots of funding that made it possible for millions of people to become users. It worked smoothly across devices and was so good, open source and free that it was difficult for other secure messengers to compete with it. The large user base (est. 60m active) made it even more attractive as many of your friends and colleagues already had accounts. It was a snap to find your friends and start a chat or make a call.
In terms of features, Signal checked the boxes for the required minimum feature set of a secure messenger:
Good security with end-to-end encryption
Easy onboarding, installation and operation. Clean UI and reliable.
Works across all major platforms seamlessly (Android, iOS, WIN/MAC/LINUX)
Low latency for text chatting and reliable calling
Device verification (to notify others if your device was compromised)
Support for individual and group accounts.
The service is free (for Signal, completely free).
There were a few downsides to Signal:
A valid phone number was required (yes, you could use a burner, but….) Phone numbers are used for tracking and form the unique_ID for many data collection systems using phone numbers and IMEI (the unique ID for the handset used by carriers). A person who worked for a state security agency once told us “if a secure messenger uses a phone number, it’s compromised”. Most phones are attached to a govt issued ID and with voice print ID they know its you on any device in 15 seconds. Telegram uses a phone number, too. You have been warned.
Your phone number and other information was visible to other users. (this major weakness was recently remedied on Signal)
Servers were centralized and accessed over the open internet. It’s hard to know exactly what is monitored upstream/downstream from the Signal servers in AWS, Google and Microsoft facilities who are known to work with the CIA and other spying agencies. While the data is encrypted, metadata can be every bit as valuable as the data itself and these vendors have access to the metadata, if not the encrypted messages.
Third party companies provided notification services (text messages, etc.) and potentially can leak data. This is known from the world of VPN’s, where M247, which has been tied to GCHQ, is an infrastructure service provider for up to 65% of VPN’s.
Platform notifications included plain text snips of messages, which could be intercepted, if the user allowed it.
The signaling plane (the messages back and forth to enable calling) is on the open internet, allowing snoops to know who you are calling, even if the call is encrypted.
It turns out that startup funding for Signal was from a US Government tied entity. Some people won’t like that. Here’s an interesting article: Signal Facing Collapse After CIA Cuts Funding
When something is free to the user, the money to pay for the service must come from somewhere. Who are the donors? Signal costs a lot of money to operate. Who gave it the funds to operate?
There are three main problems with the network and business architecture of secure messengers like Signal, Telegram, etc.
Free is a business model only if data is resold, it won’t work for privacy. (or the service goes out of business). These messengers are all free to the user, therefore someone is paying to run the service and by definition they are not private.
Users rely on central storage of their data (the most convenient approach). privateLINE p2p will enable users to store their own data locally, with centralized signaling and back up storage, if the user opts to do it. This is the future.
There is no expectation of privacy on a public network. In the future we expect a separation between public and private networks. You will still use your regular phone and network as an “alibi”. Anything important will need to be conducted on a private network.
For these reasons and others we decided we had to build a new network, away from the internet and under the user’s direct control as much as possible. You should consider using privateLINE as a back up in case something happens to Signal.
[NOTE: we have been developing a new platform for secure and private communications that is air-gapped from the internet using private network technology. If you are interested in testing it (FREE for early accounts), go to this page to get Early Access LINK We use it ourselves for all our comms away from Big Tech spying. Once you are in PL Comms, connect with “chris”]
Why Would We Stop Using Signal?
We had a security breach of some root keys for a legacy chat server we were running and it got attacked and destroyed. It was too hard to restore after the attack and was abandoned. We tracked down the data leak to Signal, as the engineers had used Signal to send these keys between themselves. However, you can never be 100% sure and after the fact it’s impossible to prove with certainty that was the cause….but it made us wonder. That was a few years ago and we decided to stop putting anything sensitive on Signal and to build an alternative we could use for our projects. What about Telegram, What’s App and the rest of them? We’ve heard of similar issues and some are worse than Signal because they are not end-to-end encrypted — messages are converted to plain text once they hit the server, then re-encrypted when sent out — another data collection bonanza for the person running the servers. Let’s dig a bit deeper into Signal, how it was started and some publicly available information that made us ask some questions.
In the early days of instant messaging, encryption was light and security was lighter. The trade off is always security vs. convenience and design was optimized for maximum usability (convenience) and growth hacking. For this reason, privacy apps have always been a specialty niche and necessary service. Signal did a good job, but their model is too expensive to run and has too much centralization. privateLINE is taking a different approach that charges users for the services we provide (so our first obligation is to protect the user’s privacy). We will push as much of the data and bandwidth to the edge of the network (the users provide much of the hardware and bandwidth), which costs the users nothing they haven’t already spent and allows us to provide a sustainable service at an affordable price. We’ll avoid third party and Big Tech services.
Signal has a Financial Crisis
Investigative journalist Kit Klarenberg wrote in Signal facing collapse after CIA cuts funding:
On November 16th, Meredith Whittaker, president of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.
Signal is burning a lot of money on their infrastructure (from the Signal blog post of 16 November, 2023):
Storage: $1.3 million dollars per year.
Servers: $2.9 million dollars per year.
Registration Fees: $6 million dollars per year.
Total Bandwidth: $2.8 million dollars per year.
Additional Services: $700,000 dollars per year.Current Infrastructure Costs (as of November 2023): Approximately $14 million dollars per year.
It is unusual for a non-profit tech project to have so many highly paid people:
This is a lot of work, and we do it with a small and mighty team. In total, around 50 full-time employees currently work on Signal, a number that is shockingly small by industry standards.
To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
$19m / 50 = $380,000 per year per employee!!! That’s like a well funded AI company or high level contractors working for a security agency, not a non-profit. People at privateLINE and most startup tech companies could only dream of being paid like that, though to be fair, Signal employees and contractors will never get any stock compensation.
The infrastructure was not designed to minimize the cost of operations, it was designed for another purpose, data collection by third parties:
“Signal spends tens of millions of dollars every year. We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.”
Another red flag is the requirement to validate your account with a phone. Most phones require a government issued ID, which could match up your data with your phone number.
We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. This is a critical step in helping to prevent spam accounts from signing up for the service and rendering it completely unusable—a non-trivial problem for any popular messaging app.
The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.
$6m!!! Who does the phone company share that data with and what is their privacy policy? Telcos are like an arm of the local governments.
“the registration fees that cover the delivery of verification codes during the sign-up process to help verify phone numbers and prevent spam accounts”
[NOTE: we have been developing a new platform for secure and private communications that is air-gapped from the internet. If you are interested in testing it (FREE for early accounts), go to this page to get Early Access LINK We use it ourselves for all our comms away from Big Tech spying. Once you are in PL Comms, connect with “chris”]
Calling is routed through their servers, they are not p2p from person to person directly. This means all calls can be monitored and copied going in and out. Encryption for calling is weaker (because it’s real time), you need to keep this in mind. Metadata can be surmised over time mathematically if you watch a data stream long enough.
To take one example, Signal always routes end-to-end encrypted calls from people who aren’t in your contacts through a relay server that obscures IP address information.
There are more efficient approaches we will use with privateLINE that have the user help with paying for infrastructure costs and using their own hardware and bandwidth — the added benefit is the data is in their hands — we will run a network and provide services, but the user will always be able to DIY and keep complete control. The network will be created using software and terrestrial, cellular and satellite connections to a core secure enclave.
Signal has been widely promoted as secure:
Elon Musk also promotes Signal:
When you see this kind of promotion or in the other extreme disinformation about a service to defame it, it screams of an operation. Spies have lifetime contracts and many of them work for several agencies/countries.
Where can data leak?
A service might be 100% secure and protect your data, but what about the infrastructure providers? What kind of privacy policy do they maintain? Can they monitor your meta-data and resell it to a data broker or agency? What is their privacy policy? Everything is tied to your phone number, you should assume your metadata could be exposed to third party services, even if you are securely encrypted. In many cases, the metadata is just as valuable as the messages inside. There is no expectation of privacy on a public network and Signal and other messengers run over a public network.
From Signal’s blog:
We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. This is a critical step in helping to prevent spam accounts from signing up for the service and rendering it completely unusable—a non-trivial problem for any popular messaging app.
There is a better way to handle this and that’s to use invitations sent by users. You can only connect to someone who invites you. There is zero spam and no need to validate email or phones, since you send your invitation to the email or phone number you personally know. Accounts inside the enclave can be numbered and anonymous.
Signal uses Big Tech infrastructure:
Millions of people use Signal every day, and it takes a lot of bandwidth to provide a fast and reliable service. Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) and to enable voice and video calls.
Because everything in Signal is end-to-end encrypted, we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure, and others while ensuring that your messages and calls remain private and secure. We can’t access them, and neither can the companies that provide any of the infrastructure we rent.
This sounds like the VPN providers, who “don’t keep logs”, but their service providers who are owned by the spies don’t have any restriction from tracking data.
Privacy Policy
From Signal’s Privacy Policy:
Information we may share
Third Parties. We work with third parties to provide some of our Services. For example, our Third-Party Providers send a verification code to your phone number when you register for our Services. These providers are bound by their Privacy Policies to safeguard that information.
Those third parties are not disclosed, nor are the privacy policy and terms of service of those third parties mentioned anywhere in the Terms or Privacy Policy.
The last update on the Signal Privacy Policy was in 2018!!! Many things have changed in privacy laws in the past six years….this is not even legal in many jurisdictions.
Effective as of May 25, 2018
Updated May 25, 2018
Conclusion
Signal provides pretty good privacy. It’s easy to use. But there are funding problems on the horizon and some red flags that gave us pause. And it’s exposed to the public internet. To the point that we think you should consider an alternative secure communications network or two. The switching cost is of course moving your contacts over to the new system.
[NOTE: we have been developing a new platform for secure and private communications that is air-gapped from the internet. If you are interested in testing it (FREE for early accounts), go to this page to get Early Access LINK We use it ourselves for all our comms away from Big Tech spying. Once you are in PL Comms, connect with “chris”]