- Sep 5, 2017
The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.
Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a Midwestern-looking man in his sixties, asked for help. He couldn't figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.
Marlinspike launched Signal, widely considered the world's most secure end-to-end encrypted messaging app, nearly five years ago, and today heads the nonprofit Signal Foundation that maintains it. But the man on the plane didn't know any of that. He was not, in fact, trolling Marlinspike, who politely showed him how to enable airplane mode and handed the phone back.
"I try to remember moments like that in building Signal," Marlinspike told WIRED in an interview over a Signal-enabled phone call the day after that flight. "The choices we’re making, the app we're trying to create, it needs to be for people who don’t know how to enable airplane mode on their phone," Marlinspike says.
Marlinspike has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years—thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.
That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton had grown disaffected with what he saw as Facebook's attempts to erode WhatsApp's privacy.
Identifying the features mass audiences want isn't so hard. But building even simple-sounding enhancements within Signal's privacy constraints—including a lack of metadata that even WhatsApp doesn't promise–can require significant feats of security engineering, and in some cases actual new research in cryptography.
Take stickers, one of the simpler recent Signal upgrades. On a less secure platform, that sort of integration is fairly straightforward. For Signal, it required designing a system where every sticker "pack" is encrypted with a "pack key." That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decrypted stickers or even identify the Signal user who created or sent them.
Signal's new group messaging, which will allow administrators to add and remove people from groups without a Signal server ever being aware of that group's members, required going further still. Signal partnered with Microsoft Research to invent a novel form of "anonymous credentials" that let a server gatekeep who belongs in a group, but without ever learning the members' identities. "It required coming up with some innovations in the world of cryptography," Marlinspike says. "And in the end, it’s just invisible. It’s just groups, and it works like we expect groups to work."
Signal is rethinking how it keeps track of its users' social graphs, too. Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal's servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that's meant to hide certain data even from the rest of the server's operating system.
That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. "I’ll just say, this is something we’re thinking about," says Marlinspike. Secure value recovery, he says, "would be the first step in resolving that."
With new features comes additional complexity, which may add more chances for security vulnerabilities to slip into Signal's engineering, warns Matthew Green, a cryptographer at Johns Hopkins University. Depending on Intel's SGX feature, for instance, could let hackers steal secrets the next time security researchers expose a vulnerability in Intel hardware. For that reason, he says that some of Signal's new features should ideally come with an opt-out switch. "I hope this isn't all or nothing, that Moxie gives me the option to not use this," Green says.
But overall, Green says he's impressed with the engineering that Signal has put into its evolution. And making Signal friendlier to normal people only becomes more important as Silicon Valley companies come under increasing pressure from governments to create encryption backdoors for law enforcement, and as Facebook hints that its own ambitious end-to-end encryption plans are still years away from coming to fruition.
"Signal is thinking hard about how to give people the functionality they want without compromising privacy too much, and that's really important," Green adds. "If you see Signal as important for secure communication in the future—and possibly you don't see Facebook or WhatsApp as being reliable—then you definitely need Signal to be usable by a larger group of people. That means having these features."
Brian Acton doesn't hide his ambition that Signal could, in fact, grow into a WhatsApp-sized service. After all, Acton not only founded WhatsApp and helped it grow to billions of users, but before that joined Yahoo in its early, explosive growth days of the mid-1990s. He thinks he can do it again. "I’d like for Signal to reach billions of users. I know what it takes to do that. I did that," says Acton. "I’d love to have it happen in the next five years or less."
That wild ambition, to get Signal installed onto a significant fraction of all the phones on the planet, represents a shift—if not for Acton, then for Marlinspike. Just three years ago, Signal's creator mused in an interview with WIRED that he hoped Signal could someday "fade away," ideally after its encryption had been widely implemented in other billion-user networks like WhatsApp. Now, it seems, Signal hopes to not merely influence tech's behemoths, but to become one.
The whole article is here: Signal Is Finally Bringing Its Secure Messaging to the Masses