Cloud Hosting

You might know that Signal is a popular messaging app that bills itself as being very secure, offering end-to-end encryption for a very high level of privacy.

It's not necessarily obvious, though, what all that means, and how Signal's technology affords any more protection than other messaging apps.

Signal offers end-to-end encryption, which essentially means that your messages are scrambled into an unintelligible collection of characters before leaving your device and are not decrypted back into meaningful content until reaching the Signal app on the recipient's device.

The Signal app boasts more privacy than its competitors. Signal

These encrypted messages can only be unlocked using a key that is shared between the two private conversations. No one else has access to the key or can decrypt the message not even the developers of the Signal app.

Because there is no "back door" to decrypting Signal messages, Signal can't decrypt messages for the government, for example, even under subpoena not because of policy, but because it's not technically possible.

Signal's encryption algorithm isn't proprietary or even unique. The encryption software used by Signal is open-source (and used by other messaging apps, including WhatsApp) and available for download on GitHub. This actually allows Signal to be more secure, because the open-source software is subject to public scrutiny by developers and security experts. It exposes bugs, flaws, and vulnerabilities sooner than if the software were closed and proprietary.

While the encryption software in Signal might not be unique, the app still has privacy advantages over other messaging apps. Signal records no data about its users or the conversations taking place within the app.

This is in contrast to other apps, like Apple iMessage and WhatsApp, to name two examples, which often store significant amounts of metadata, such as who you spoke to and detailed time logs of when those conversations occurred.

In a recent blog post, Signal creator Matthew Rosenfeld (known online as Moxie Marlinspike) explains that the Federal government used a subpoena in 2016 to access Signal's user data.

But as Rosenfeld writes, "there wasn't (and still isn't) really anything to obtain. The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use not user messages, groups, contacts, profile information, or anything else."

Continued here:
Is Signal secure? How the messaging app protects privacy - Business Insider - Business Insider