Digital ID

No doubt, events demonstrate that Signal is the most secure messaging app

Why Signal is considered the most secure instant messaging app?
It stores only a few information about its users, and the events demonstrate it.

Despite many of the most popular apps are implementing end-to-end encryption, not all applications are equal. Security experts recommend Signal for secure communications, in the aftermath of the DNC hack the staffers were instructed in the use of the popular instant messaging Signal app, also called the “Snowden-approved” app.
Search for Signal on the Internet it is possible to read the Edward Snowden’ testimony is probably his most illustrious users and testimonial of the app.

“Use anything by Open Whisper Systems” Snowden says.

The Cryptographer and Professor at Johns Hopkins University Matt Green and the popular security expert Bruce Schneier are other two admirers of the Signal app.

Why is it considered so secure compared to other messaging apps?

Security experts and privacy defenders are aware that almost any messaging app store a huge quantity of metadata on users’ activity, including data related to calls and messages. The analysis of metadata along side with other information, for example, data provided by Internet Service Providers, could reveal users’ identity.

Most common metadata stored by messaging apps are dates and durations of communication, and of course, participants’ phone numbers.
Recently, documents obtained by The Intercept revealed that Apple iMessage logs contacts’ phone numbers and shares them, alongside with other metadata, with law enforcement.

The Intercept received the document, titled “iMessage FAQ for Law Enforcement,” as part of a cache originating from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team.

The log includes the date and time of the conversation and the user’s IP address, information that could allow identifying the user’s location.

Signal stores only a few information about its users and the events demonstrate it.

According to Open Whisper Systems who developed the Signal app, earlier this year an FBI subpoena and gag order demanded a wide range of information on two specific Signal users. Unfortunately for the FBI, the Bureau did not receive any precious information.

“In the “first half of 2016″ (the most specific we’re permitted to be), we received a subpoena from the Eastern District of Virginia. The subpoena required us to provide information about two Signal users for a federal grand jury investigation.” states a blog post published by Open Whisper Systems.

“We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.”

The FBI demanded the following data on the two suspects, seeking a subpoena:

  • Subscriber name
  • Payment information
  • Associated IP addresses
  • Email addresses
  • History logs
  • Browser cookie data
  • Other information associated with two phone numbers

But Open Whisper Systems provided only a few information that was not useful for the investigation, as you can see in the following image.

It is important to highlight that the OWS did not refuse to comply with the government’s subpoena, it simply had no data to share with the FBI.

“As the documents show, the government’s effort did not amount to much—not because OWS refused to comply with the government’s subpoena (it complied), but because the company simply does not keep the kinds of information about their customers that the government sought (and that too many technology companies continue to amass),” states a post published by ACLU. “All OWS was able to provide were the dates and times for when the account was created and when it last connected to Signal’s servers.”

At the time I was writing some information about the subpoena is still secret.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Signal , metadata )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

New Atrium Health data breach impacts 585,000 individuals

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS, potentially linked to…

3 hours ago

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog.…

11 hours ago

Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature…

23 hours ago

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks<gwmw style="display:none;"></gwmw>

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and…

1 day ago

Operation Destabilise dismantled Russian money laundering networks

Operation Destabilise: The U.K. National Crime Agency disrupted Russian money laundering networks tied to organized…

1 day ago

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6…

2 days ago

This website uses cookies.