Here is what I’ve come up with and why I think signal is the best encrypted voice and text messaging app to use.
In 2013, Moxie Marlinspike (real name Matthew Rosenfeld) founded Open Whisper Systems to develop the Signal app and protocol. In 2018, Marlinspike and Brian Acton founded Signal Messenger, LLC, to take over the development of both the Signal app and the Signal Protocol. Signal Messenger, LLC is funded by the Signal Technology Foundation (aka Signal Foundation), a 501(c)(3) non-profit organization. All products of the Signal Foundation are published as free and open-source software.
- Signal is generally considered the most secure messaging app in existence.
- 100% open source code. The code is available on GitHub.
- The Signal Messaging Protocol was independently audited in 2016.
- The service is fully GDPR compliant.
- Clients for Android, iOS, macOS, Windows, Linux
Where is your Signal data stored?
When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on. As Signal points out,
Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
All message contents are end-to-end encrypted, so we don’t have that information either.
This is great for your privacy, since no one can get any more information than that without physical access to your device or those of the people you communicate with.
Signal proved its trustworthiness in a 2016 case where the service was subpoenaed. Developer Open Whisper Systems responded to a grand jury subpoena saying it could only produce the time an account was created and the most recent date that a user’s Signal app connected to its servers. The court had asked for significantly more detail like user names, addresses, telephone numbers, and email addresses. Signal had retained none of it.
Third Party Security Audits
A formal security analysis of the Signal protocol was conducted in 2016. According to that analysis, conducted by researchers from Germany, Switzerland, the United States, and Canada, there were no major flaws in the design. It showed that the protocol was cryptographically sound. The analysis has been updated several times since, without changing the researcher’s conclusion that the protocol is sound. The last update was published in July, 2019.
Note: In September, 2019, a bug in the user interface of the Android version of the Signal app was discovered that could have allowed an attacker to eavesdrop on Signal users. According to Vice.com, the bug was fixed the same day it was reported. This incident shows both the responsiveness of the Signal team, and the importance of keeping your copy of the Signal app and desktop updated.
The European Commission has told its staff to switch to the encrypted Signal messaging app in a move that’s designed to increase the security of its communications. The Verge
Ditch All Those Other Messaging Apps: Here’s Why You Should Use Signal. Wired