Signal App - The Private Messenger
Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption.The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel.
Signal’s software is free and open source. Its clients are published under the GPLv3 while the server code is published under the AGPLv3 license.The Android app also includes third-party components which are closed-source.The non-profit organization Signal Foundation was launched in February 2018 with initial funding of $50 million from Brian Acton .Signal has more than 10 million downloads on Android.
History :
The end-to-end encrypted messaging service Signal was launched in 2014, and has become more widely used in 2019 and 2020. Signal’s growth has often spiked during “periods in which decisions are questioned or undone—to moments of social and political upheaval”.However, the roots of Signal go back to earlier encrypted voice and text apps of the early 2010s.
Features :
Signal allows users to make one-to-one and group voice and video calls to other Signal users on iOS, Android, and desktop.Group calls support up to 5 people with further plans to expand. All calls are made over a Wi-Fi or data connection and (with the exception of data fees) are free of charge, including long distance and international.Signal also allows users to send text messages, files,voice notes, pictures, GIFs, and video messages over a Wi-Fi or data connection to other Signal users on iOS, Android and a desktop app. The app also supports group messaging.
All communications between Signal users are automatically end-to-end encrypted. The keys that are used to encrypt the user’s communications are generated and stored at the endpoints (i.e. by users, not by servers).[To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) out-of-band.The app employs a trust-on-first-use mechanism in order to notify the user if a correspondent’s key changes.
On Android, users can opt into making Signal the default SMS/MMS application, allowing them to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages.Users can then use the same application to communicate with contacts who do not have Signal.Sending a message unencrypted is also available as an override between Signal users.
TextSecure allowed the user to set a passphrase that encrypted the local message database and the user’s encryption keys. This did not encrypt the user’s contact database or message timestamps.The Signal applications on Android and iOS can be locked with the phone’s pin, passphrase, or biometric authentication.The user can define a “screen lock timeout” interval, providing an additional protection mechanism in case the phone is lost or stolen.
Signal also allows users to set timers to messages. After a specified time interval, the messages will be deleted from both the sender’s and the receivers’ devices. The time interval can be between five seconds and one week long, and the timer begins for each recipient once they have read their copy of the message. The developers have stressed that this is meant to be “a collaborative feature for conversations where all participants want to automate minimalist data hygiene, not for situations where your contact is your adversary”.
Signal excludes users’ messages from non-encrypted cloud backups by default.
Signal has support for read receipts and typing indicators, both of which can be disabled.
Signal allows users to automatically blur faces of people in photos to protect their identities.
Limitations :
Signal requires that the user provides a phone number for verification,eliminating the need for user names or passwords and facilitating contact discovery (see below).The number does not have to be the same as on the device’s SIM card; it can also be a VoIP number or a landline as long as the user can receive the verification code and have a separate device to set up the software. A number can only be registered on one mobile device at a time.
This mandatory connection to a phone number (a feature Signal shares with WhatsApp, KakaoTalk, and others) has been criticized as a “major issue” for privacy-conscious users who are not comfortable with giving out their private phone number.A workaround is to use a secondary phone number.The option to choose a public, changeable username instead of sharing one’s phone number with everyone they message (or share a group with) is a widely requested feature, which as of June 2020 has not yet been implemented.Signal in 2019 announced plans to implement this feature, overcoming the challenges associated with storing users’ social graphs by using what they called Secure Value Recovery (SVR).This allows users to client-side encrypt their Signal contacts with an alphanumeric passphrase (which Signal calls a PIN) and uses Intel SGX to limit the number of passphrase guesses, alleviating the risk of server-side brute-force attempts.Cryptography expert Matthew D. Green described this method as “sophisticated work”,1but also expressed concerns that the data the system was protecting should not rely on the security of SGX, which has been repeatedly broken.
Using phone numbers as identifiers may also create security risks that arise from the possibility of an attacker taking over a phone number. This can be mitigated by enabling an optional Registration Lock PIN in Signal’s privacy settings.
Android-specific :
All official Signal Android clients include closed-source Google proprietary libraries Signal’s official Android client required the proprietary Google Play Services because the app was dependent on Google’s GCM push-messaging framework.In March 2015, Signal moved to a model of handling the app’s message delivery themselves and only using GCM for a wakeup event. In February 2017, Signal’s developers implemented WebSocket support into the client, making it possible for it to be used without Google Play Services.Signal for Android also utilises Google Maps and Google’s Machine Learning Vision for face detection.
Desktop-specific :
Setting up Signal’s desktop app requires that the user first install Signal on an Android or iOS based smartphone with an Internet connection.Once the desktop app has been linked to the user’s account, it will function as an independent client; the mobile app does not need to be present or online.Users can link up to 5 desktop apps to their accounts.
Usability :
In July 2016, the Internet Society published a user study that assessed the ability of Signal users to detect and deter man-in-the-middle attacks.The study concluded that 21 out of 28 participants failed to correctly compare public key fingerprints in order to verify the identity of other Signal users, and that the majority of these users still believed they had succeeded, while in reality they failed.Four months later, Signal’s user interface was updated to make verifying the identity of other Signal users simpler.
Before version 4.17 the Signal Android client could only make plain text-only backups of the message history, i.e. without media messages. On February 26, 2018, Signal added support for “full backup/restore to SD card”, and as of version 4.17, users are able to restore their entire message history when switching to a new Android phone. On June 09, 2020, the Signal iOS client added the ability to transfer all Signal information from an old iOS device to a new one. The transfer is done wirelessly over a local connection between the two devices and is end-to-end encrypted.
Most Information is shared in this article ,
Further Information available on:Wikipedia
WRITER’S NOTE: I’ve just read and shared this article from Wikipedia ,I don’t own any of the information ! All the information is used under
Creative Commons License :
https://creativecommons.org/licenses/by-sa/3.0/
Above information is the property of Wikipedia
Copyright © : Wikipedia
Good informative blog,a must read
ReplyDelete