How Signal Grew From Privacy App to Tech Powerhouse

And how Signal became the top recommendation of @elonmusk as the better alternative to WhatsApp

The Story of @signalapp

Signal is an end-to-end encrypted messaging service, similar to WhatsApp or iMessage, but owned and operated by a non-profit foundation rather than a corporation, and with more wide-ranging security protections.

One of the first things you see when you visit its website is a 2015 quote from the NSA whistleblower and privacy advocate Edward Snowden: “I use Signal every day.”

Now, it’s clear that increasing numbers of ordinary people are using it too

“Any time there is some form of unrest or a contentious election, there seems to be an opportunity for us to build our audience,” says Brian Acton, the Signal Foundation’s co-founder and executive chairman.

“It’s a little bit bittersweet, because a lot of times our spikes come from bad events. It’s like, woohoo, we’re doing great — but the world’s on fire.”

As protests against systemic racism and police brutality intensified in 2020, downloads of Signal surged across the US. Downloads rose by 50% in the U.S. between March and August compared to the prior six months.

In Hong Kong they rose by 1,000% over the same period, coinciding with Beijing’s imposition of a controversial national security law.

(The Signal Foundation, the non-profit that runs the app, doesn’t share official download numbers for what it says are privacy reasons. The stats mentioned here are third party)

The company behind the secure messenger, Open Whisper Systems (OWS), has shared the encryption tech behind Signal with other messaging services, including those made by Facebook and Google, but many of them still don’t implement end-to-end encryption in all chat options.

The two messenger services that eventually became Signal were created by security researcher Moxie Marlinspike and roboticist Stuart Anderson.

Out of their mobile security software startup, Whisper Systems, which they cofounded in 2010, they released TextSecure for texting and RedPhone for voice calls, both of which provided end-to-end encrypted communication.

A year later, Twitter bought the company and Marlinspike became the platform’s head of cybersecurity.

They re-released their two encrypted communication services as open-source apps, and in 2013, Marlinspike left the social media platform to found the open-source project Open Whisper Systems.

OWS makes up for its small Signal staff by keeping the messenger’s software—and the Signal Protocol—almost totally open source, a move lauded by the cryptography community.

Every commit in its GitHub repositories is visible to the public.

In June, 2020, Signal took its most explicitly activist stance yet, rolling out a new feature allowing users to blur people’s faces in photos of crowds.

Days later, in a blog post titled “Encrypt your face,” the Signal Foundation announced it would begin distributing face masks to protesters, “to help support everyone self-organizing for change in the streets.”

Signal’s user base — somewhere in the tens of millions, according to app store data — is still a fraction of its main competitor WhatsApp’s, which has some 2 billion users and is owned by Facebook.

But it is increasingly clear that among protesters, dissidents and investigative journalists, Signal is the new gold standard because of how little data it keeps about its users.

At their core, both apps use cryptography to make sure that the messages, images and videos they carry can only be seen by the sender and the recipient — not governments, spies, nor even the designers of the app itself.

But on Signal, unlike on WhatsApp, your messages’ metadata are encrypted, meaning that even authorities with a warrant cannot obtain your address book, nor see who you’re talking to and when, nor see your messages.

WhatsApp states on its website that it does not store logs of who is messaging who, “in the ordinary course of providing our service”.

Yet it does have the technical capacity to do so.

In some cases including when they believe it’s necessary to keep users safe or comply with legal processes, they state, “we may collect, use, preserve, and share user information” including “information about how some users interact with others on our service.”

Signal, by contrast, cannot comply with law enforcement even if it wanted to.

(It’s not clear that it does: in early June, 2020, Signal’s founder and CEO Moxie Marlinspike tweeted “ACAB” — All Cops Are Bastards — in response to allegations that police had stockpiled personal protective equipment amid the pandemic.)

Signal’s value system aligns neatly with the belief, popular in Silicon Valley’s early days, that encryption is the sole key to individual liberty in a world where authorities will use technology to further their inevitably authoritarian goals.

Known as crypto-anarchism, this philosophy emerged in the late 1980s among libertarian computer scientists and influenced the thinking of many programmers.

After the merger gave birth to Signal in 2014, the app was kept afloat by nearly $3 million in funding from the Open Technology Fund, a Congress-funded nonprofit that finances projects aimed at countering censorship and surveillance.

In keeping with security best practices, the Signal Protocol is open source, meaning that it’s publicly available for analysts around the world to audit and suggest improvements.

(Signal’s other main competitor, Telegram, is not end-to-end encrypted by default, and security researchers have raised concerns about its encryption protocol, which unlike Signal’s is not open source.)

To get more content like this delivered directly to your inbox, join the @COMPRSD WhatsApp newsletter group:

Subscribe to @COMPRSD on Substack and Sublist: 
You can follow @athrvakhrbde.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:

By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.