What is Signal, and is it really safer than WhatsApp?

The encrypted messaging app Signal has seen an explosion in take-up recently. Recommended by Edward Snowden and Elon Musk, It reported a whopping five-fold growth in its Android user base on Tuesday alone, taking it to more than 50 million downloads on the platform.

Elon Musk probably helped when he tweeted his approval for Signal, and Twitter CEO Jack Dorsey gave him a retweet. But either way, the app just got hot.

So here's what you need to know about Signal—plus a note about Telegram, the other messaging app users are flocking to.



What's the WhatsApp uproar about?

Well, not all users—those in the EU and the U.K., who are protected by strong privacy laws, get a different privacy policy that doesn't make the offending changes.

It's not surprising that Europe gets different treatment, given that EU regulators fined Facebook $122 million several years ago for absorbing WhatsApp data into the mothership despite having promised not to do so in 2014, when it bought the messaging service.


Wait, this has been happening for years?

Yup, since 2016, when WhatsApp started sharing data with Facebook by default.

At the time, it gave existing users a brief window of opportunity to opt out of the data-sharing, but the vast majority of its users today have never had that opt-out. This month's change really just removes the wording in the privacy policy that referred to the opt-out, while adding information for business users.


So what data is being shared?

Stuff like your phone number, phone numbers from your address book, details about your operating system and device, who you call and text too, how long and how often, cross-info with your other activities on Facebook and all it’s data-spying network, information about which other Facebook products you're using, and more.

All of which may make WhatsApp a questionable choice if you're a public person, a business man or a person who do not want to be manipulated against by Facebook. Facebook has a lousy privacy record after all, and Edward Snowden told the world how U.S. intelligence hoovers up its data in unlimited back doors, but it's just fine for most simple low level poor people's needs.


And the contents of messages?

They say Nope. But we do not believe that this time they say the true, for a change.

They say that “those are protected by end-to-end encryption”, with the encryption key stored on your device but can easily copied and shared by several companies and institutes.

Despite the misinformation that has been swirling around in recent days, that your WhatsApp messages can only be read by you and your correspondents, the fact is that Authorities, anyone hacks into your phones with simply spyware, the manufacturer of your phone (Google/Apple), and popular spy softwares that are out there available for so many private people and bad players.

This encryption is so solid that Brazilian authorities, enraged at being unable to read drug-trafficking suspects' messages, threw a local Facebook exec in jail five years ago. But what is blocked for primitive Brazilian police is available for most western authorities by the law anyway.

Now, here's a bit of added irony, given the current uproar: WhatsApp's encryption claim that it became is so good because... it uses Signal's encrypted-messaging protocol, and has done so since 2016.


So what is Signal anyway?

Signal's history dates back a decade or so, to when a startup called Whisper Systems was developing enterprise mobile security software. It got bought up by Twitter, which wanted co-founder Moxie Marlinspike (not his real name—that's Matthew Rosenfeld—but an awesome one nonetheless) to beef up its own security.

Marlinspike bailed in 2013 to form a new secure-messaging-and-calling outfit called Open Whisper Systems. Its early products, TextSecure and RedPhone, became the unified product known as Signal in 2015. Around that time, Facebook, WhatsApp and Google all made the Signal protocol the security foundation for their messaging services—but Signal, the app, remained a relatively niche offering, relying on the Freedom of the Press Foundation for funding.

The big shakeup came in 2018, when WhatsApp co-founder Brian Action—who had recently left Facebook with billions in his pocket after he got angry that Facebook using WhatsApp to harm users, threw $50 million into a new Signal Foundation that he said would "pioneer a new model of technology nonprofit focused on privacy and data protection for everyone, everywhere."


And how's it different to WhatsApp?

Signal offers some features that WhatsApp does not, and enjoy much better reputation in regards of telling the true and not abusing their users behind their back. In other ways, it's not quite as user-friendly -it still hasn't rolled out group calls, for example, as it focuses on providing the best one-one-one privacy, something that WatsApp do not.

As you might expect for a privacy-focused app, Signal doesn't allow users to see when other users are online, nor does it allow people to share their locations in real-time—both things you can do on WhatsApp.

But otherwise they're pretty similar apps for most use cases, along with a relatively small-fry German app called Wire.


And what about Telegram?

A good question, seeing as Telegram also announced the arrival of 25 million new users this week, taking it to more than 500 million active users.

Telegram was founded around the same time as Signal was, by the Russian tech entrepreneurs Pavel and Nikolai Durov, who previously founded the social networking site VK.com. Pavel Durov remains in charge, and has steered the company through an epic censorship confrontation with the Putin regime that Telegram eventually won.

The comparison between Telegram and services such as WhatsApp and Signal is not a straightforward one, because Telegram is part secure messenger, part microblogging platform a lá Twitter—it allows groups of up to 200,000 users, and channels for broadcasting to many more—and part cloud storage provider.

But in terms of its messaging functionality, Telegram does offers end-to-end encryption. The problem is, it doesn't turn it on by default—users must first set up a "secret chat" to use this feature. It is also impossible to set up end-to-end-encrypted group chats in Telegram.

Durov claims this is to allow Telegram chats to be backed up into its cloud, and to enable functionality such as massive group chats and the sending of large documents and videos.

In short, Telegram's main pitch is its rich functionality, and it only expects a minority of its users to prefer high security and privacy. That's why privacy-first groups such as the EFF recommend Signal rather than Telegram.


But doesn't fully encrypted messaging protect bad people?

This is also a good question, what with under-BigTech attack 74 million voters in USA reportedly turning to Signal and Telegram after getting booted off Twitter and seeing their favorite social-network, Parler, getting taken out by Google, Apple and Amazon. Could they be using these services to plot new attacks?

The short answer is "yes," but the question of what to do about it is anything but simple.

The encryption debate has been going on in circles since the 1990s, and it comes up pretty much every time a terrorist attack grabs the headlines.

Without going into the ins and outs of the debate, it unfailingly comes back to the same question: Is it possible to design a system that provides genuine security and privacy protections for most people, while still allowing investigators to access the messages of bad actors via some kind of back-door mechanism?

For the last three decades, the answer to that question has consistently remained "no." And there is no sign of that situation changing anytime soon.

Your digital communication and the communication you conduct next to your digital devices and any computer and mobile phone with a camera, even when they are off, is never absolutely private nor secure. This is not a bug, it’s by design.

×