![]() "You might as well use the thing that's become the standard," says Green. When WIRED asked Google about its choice of Signal, the company's messaging product lead, Drew Rowny, described it as an "open-sourced, transparent, and audited protocol." It’s been around for long enough-and its adoption in WhatsApp, Facebook Messenger, and the Signal app itself is so heavily scrutinized-that any serious bugs would have been spotted and fixed years ago. ![]() Signal's popularity stems not just from its perfect forward secrecy feature, but simply from its reputation as a well-designed, open-source protocol. Android messaging users, crucially, will have to manually delete any messages they want to protect to get the full benefits of the protocol's perfect forward secrecy. WhatsApp is rolling out an auto-delete feature, too, after going years without one. The Signal app offers disappearing messages that are automatically deleted after a certain time limit. If someone's phone is seized or stolen with all their messages still intact, they'll be just as visible to whoever has the phone in hand as they were to the original owner. ![]() Perfect forward secrecy is useless, it's important to note, if users don't delete their messages periodically. Even if you've deleted messages from your phone, the key can decrypt any encrypted messages that eavesdroppers have managed to record when they originally traveled across the network. If that private key is somehow compromised, however, like if someone hacks or seizes your phone, that potentially leaves all your messages vulnerable to decryption. So why have the tech giants of the world all chosen Signal as their go-to crypto protocol? Its standout feature, says Johns Hopkins computer science professor and cryptographer Matthew Green, is how it implements what's known as " perfect forward secrecy." With most encryption systems, when an app is installed on a phone, it creates a permanent key pair that is used to encrypt and decrypt messages: one "public" key that is sent to the messaging server and will be used to identify the user, and one "private" key that never leaves the user's phone. Google's decision to integrate the Signal protocol into Android's messaging app by default represents the biggest new collection of phones to adopt the standard in years, with hundreds of millions more devices. Facebook followed by adding it as an opt-in "Secret Conversations" feature in Facebook Messenger a few months later. Shortly thereafter, Google rolled out end-to-end encryption via the Signal protocol as an opt-in feature for its now-defunct Allo messenger and in its Duo video chat service. WhatsApp first adopted the Signal protocol in 2014 to end-to-end encrypt all messages between Android phones, in what Marlinspike told WIRED was "the largest deployment of end-to-end encryption ever." WhatsApp switched it on by default for all billion-plus users two years later. ![]() Signal, the app, has an unparalleled reputation for security and privacy, with high-profile endorsements from NSA whistleblower Edward Snowden and WhatsApp founder Brian Acton, who left WhatsApp in 2018 to serve as the Signal Foundation's executive director.īut the underlying crypto system that Marlinspike designed and on which Signal is built, known as the Signal protocol, has spread far beyond its eponymous app. You might already know Signal thanks to the popular end-to-end encrypted text messaging app by the same name, created by cypherpunk Moxie Marlinspike and in recent years hosted by the nonprofit Signal Foundation. As this protocol becomes the de facto standard for encrypted messaging in most major services, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging. It's also a win for one particular encryption system: the Signal protocol, which is well on its way to accounting for a majority of the world's real-time text conversations. The news isn't just a win for global privacy. That level of encryption, while limited to one-on-one conversations, is designed to prevent anyone else from eavesdropping-not phone carriers, not intelligence agencies, not a hacker who has taken over the local Wi-Fi router, not even Google itself will have the keys to decrypt and read those billions of messages. Last week, with little fanfare, Google announced a change that could soon make its 2 billion Android users worldwide far harder to surveil: The tech giant says it's rolling out a beta version of its Android messaging app that will now use end-to-end encryption by default.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |