A while back and even now, I recommend Signal as a secure messaging platform to use. I believe in its end-to-end encryption technology. I don’t, however, trust all the people that are using that technology.
When it comes to security, the technology is not the only component. Humans are part of it too. And when the humans aren’t smart, no matter how smart the technology is, there is a gap.
One of the features of Signal’s end-to-end encryption and why so many people use it is because even Signal cannot know what your messages are. That’s end-to-end encryption.
Even when countries and agencies have made requests for information, all Signal can give is the UNIX timestamp of when you created your account and the date you last connected to the signal service. That is all they can provide because that is all they have.
For transparency on their website at a clever URL, they even have a full list of every single time they have received a government request and how they responded.
In fact, I believe one of the reasons why Signal is an officially sanctioned app for the government, is because no one, neither Signal nor the government nor anyone else that could hold them accountable can have access to their communications.
If you have the most secure room in the world, but you give everyone a copy of the key, if you leave the door open, or leave the key in the lock, then it does not matter how secure that room is. There is that human element.
If you are using an end-to-end encrypted app and someone is looking over your shoulder, or you are underneath a surveillance camera while you’re looking at the app, if you invite random people into your secure chat room, if you leave your phone out and someone can get into it, then of course someone can read your messages.
That’s not the fault of the end-to-end encryption app. It’s the fault of the human.
And even so, because Signal knows that humans are the more fallible link here, they have provided so many additional security features. On top of standard end-to-end encryption, in Settings > Privacy, you can set Disappearing Messages so that your messages disappear after a time you set it for.
Also under Settings > Privacy, you can toggle the Screen Lock switch on, and then select how long it will take for a screen lock to activate. That way, if your phone is unlocked and someone gets to it, they still have to put a passcode in to get into your Signal app.
If you go to Settings > Account, you can simply share your QR code or a nickname that you create instead of sharing your phone number with someone.
Go through all the other settings too. Signal has done so much to make it a secure app.
After all of that, if you still make copies of the keys and hand them out to people, then there’s no one to blame about yourself.
Any app is hackable, but those hacks are often because a human left the door open.
Comments are closed.