Instant Messaging

Secure, but not really private


No real Alternative

Actually also an alternative to questionable messengers from Meta (WA, FB Messenger) and other simply insecure solutions …
The Signal Foundation uses cloud services from Amazon and Google and I'm feeling bad about that (close cooperation between Amazon & CIA).
The phone number is also used for authentication. This means that using Signal is secure, but not private. The metadata (who, when, where, with whom) allows investigating authorities and secret services to see more than some would like, even without knowing the content of the call/chat.

Server Version is Open Source again

The source code of the server version was not updated on GitHub for almost a year. During this time, “MobileCoin” was developed and integrated as its own digital means of payment. This may arouse the covetousness of governments, who already have a thorn in their side when it comes to messengers with end-to-end encryption. Perhaps the Signal messenger will be banned in one country or another under the pretext of supporting money laundering. And the programme code is becoming more and more extensive, which increases the danger of new security holes.

Signal is not compliant with EU GDPR

Those who chose Signal instead of Threema because Signal's source code for apps and servers is open source should reconsider, especially since Threema is privacy compliant and Signal is not!

For families with children, it is important to know that only messengers without a phone number requirement (e.g. Session, SimpleX or Threema) are allowed for children under 16.

New Functions with Weaknesses

In recent months, Signal has introduced a number of new features to make their app more user-friendly. One of these features has recently caused controversy with users. This is a contact list backup feature, which is based on a new system called Secure Value Recovery (SVR). The SVR feature allows Signal to upload your contacts to Signal's servers without Signal itself being able to access them. In SVR and the RAM encryption used (Intel: SGX, AMD: SEV) of each processor generation, security researchers keep discovering security holes that need to be patched. Whether and when these security holes are patched cannot be checked by outsiders and so it is conceivable that the Signal Foundation has a GAG order that they are neither allowed to run security patches nor to talk about vulnerabilities. And the three-letter agencies would blithely copy all the data of the defenceless enclave. See list of references, where everyone can draw their own conclusions …

Signal's PIN do not protect local Data

Unfortunately, the “PIN” in the Signal app was initially introduced by force (you were coerced into setting it up) without proper explanation of what it really is. Later, the Signal developers made this PIN function, which was not properly explained, deselectable.

However, this PIN is not used to secure your local data on the device!
Signal wants to use this “PIN” to encrypt your profile data and contact list (surely later also chat histories and more) on its servers, but if the password is too short, your data are not secure! The technology used has weaknesses  – possibly deliberately with pressure from the authorities?

No insecure Data Backup at Signal's Servers without PIN

Perhaps users will soon be forced to set a PIN again, as they were when this SVR technology was introduced. Then it will no longer be possible to prevent contact data from being uploaded. That is a no-go.

Registration Lock requires PIN

But if you want to prevent someone from secretly gaining access via the multi-device functionality, you have to set the registration lock.
And that in turn requires this PIN, which I don't like because of the vulnerabilities (see above). If you do not believe that these vulnerabilities have long been used as backdoor, continue to use Signal but set a very long, very good password as PIN for security reasons. This must never be the device PIN!



Reference Signal Increases Their Reliance on SGX – And Why This Is a Problem!

Matthew Green: Why is Signal asking users to set a PIN, or “A few thoughts on Secure Value Recovery” Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information

Ars Technica: Intel SGX is vulnerable to a unfixable flaw that can steal crypto keys and more CIA awards multibillion C2E cloud contract to AWS, Microsoft, Google, Oracle, and IBM

Keyword list: Alternatives, Apps, Chat, End-to-end encryption, IT, Instant Messaging, Open Source, Privacy, RAM, References, Server, Service, Services, Signal, Threema, Upload, User, Who, why

Last edited: