Digital ID

No doubt, events demonstrate that Signal is the most secure messaging app

Why Signal is considered the most secure instant messaging app?
It stores only a few information about its users, and the events demonstrate it.

Despite many of the most popular apps are implementing end-to-end encryption, not all applications are equal. Security experts recommend Signal for secure communications, in the aftermath of the DNC hack the staffers were instructed in the use of the popular instant messaging Signal app, also called the “Snowden-approved” app.
Search for Signal on the Internet it is possible to read the Edward Snowden’ testimony is probably his most illustrious users and testimonial of the app.

“Use anything by Open Whisper Systems” Snowden says.

The Cryptographer and Professor at Johns Hopkins University Matt Green and the popular security expert Bruce Schneier are other two admirers of the Signal app.

Why is it considered so secure compared to other messaging apps?

Security experts and privacy defenders are aware that almost any messaging app store a huge quantity of metadata on users’ activity, including data related to calls and messages. The analysis of metadata along side with other information, for example, data provided by Internet Service Providers, could reveal users’ identity.

Most common metadata stored by messaging apps are dates and durations of communication, and of course, participants’ phone numbers.
Recently, documents obtained by The Intercept revealed that Apple iMessage logs contacts’ phone numbers and shares them, alongside with other metadata, with law enforcement.

The Intercept received the document, titled “iMessage FAQ for Law Enforcement,” as part of a cache originating from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team.

The log includes the date and time of the conversation and the user’s IP address, information that could allow identifying the user’s location.

Signal stores only a few information about its users and the events demonstrate it.

According to Open Whisper Systems who developed the Signal app, earlier this year an FBI subpoena and gag order demanded a wide range of information on two specific Signal users. Unfortunately for the FBI, the Bureau did not receive any precious information.

“In the “first half of 2016″ (the most specific we’re permitted to be), we received a subpoena from the Eastern District of Virginia. The subpoena required us to provide information about two Signal users for a federal grand jury investigation.” states a blog post published by Open Whisper Systems.

“We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.”

The FBI demanded the following data on the two suspects, seeking a subpoena:

  • Subscriber name
  • Payment information
  • Associated IP addresses
  • Email addresses
  • History logs
  • Browser cookie data
  • Other information associated with two phone numbers

But Open Whisper Systems provided only a few information that was not useful for the investigation, as you can see in the following image.

It is important to highlight that the OWS did not refuse to comply with the government’s subpoena, it simply had no data to share with the FBI.

“As the documents show, the government’s effort did not amount to much—not because OWS refused to comply with the government’s subpoena (it complied), but because the company simply does not keep the kinds of information about their customers that the government sought (and that too many technology companies continue to amass),” states a post published by ACLU. “All OWS was able to provide were the dates and times for when the account was created and when it last connected to Signal’s servers.”

At the time I was writing some information about the subpoena is still secret.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Signal , metadata )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

A cyber attack hit Japan Airlines delaying ticket sales for flights

A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing…

1 hour ago

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic…

11 hours ago

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao…

14 hours ago

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to…

23 hours ago

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC…

2 days ago

Apache Foundation fixed a severe Tomcat vulnerability

The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote…

2 days ago

This website uses cookies.