Signal Is Finally Bringing Its Secure Messaging To the Masses
An anonymous reader quotes a report from Wired: [Cryptographer and coder known as Moxie Marlinspike] has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for -- not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years -- thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream. That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton had grown disaffected with what he saw as Facebook's attempts to erode WhatsApp's privacy. Since then, Marlinspike's nonprofit has put Acton's millions -- and his experience building an app with billions of users -- to work. After years of scraping by with just three overworked full-time staffers, the Signal Foundation now has 20 employees. For years a bare-bones texting and calling app, Signal has increasingly become a fully featured, mainstream communications platform. With its new coding muscle, it has rolled out features at a breakneck speed: In just the last three months, Signal has added support for iPad, ephemeral images and video designed to disappear after a single viewing, downloadable customizable "stickers," and emoji reactions. More significantly, it announced plans to roll out a new system for group messaging, and an experimental method for storing encrypted contacts in the cloud. Many of those features might sound trivial. They certainly aren't the sort that appealed to Signal's earliest core users. Instead, they're what Acton calls "enrichment features." They're designed to attract normal people who want a messaging app as multifunctional as WhatsApp, iMessage, or Facebook Messenger but still value Signal's widely trusted security and the fact that it collects virtually no user data. Wired explains how adding simple-sounding enhancements can require significant feats of security engineering to fit within Signal's privacy constraints. Adding downloadable customizable stickers, for example, "required designing a system where every sticker 'pack' is encrypted with a 'pack key,'" reports Wired. "That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decrypted stickers or even identify the Signal user who created or sent them." For Signal's new group messaging, Signal partnered with Microsoft Research to invent a novel form of "anonymous credentials" that let a server gatekeep who belongs in a group, but without ever learning the members' identities.
Read more of this story at Slashdot.