Skip to main content
banner image
venafi logo

What You Need to Know About the Signal E2EE Protocol

What You Need to Know About the Signal E2EE Protocol

learn-about-signal-end-to-end-encryption-protocol-for-messaging-apps
July 12, 2021 | Guest Blogger: Ambler Jackson

In March 2020, at the beginning of the COVID-19 pandemic, downloads of messaging apps increased significantly as users found themselves yearning to maintain some semblance of connection with family and friends around the world during a time of fear and uncertainty. There was plenty of online discussion and concern about which messaging app was the best choice for secure communication in real-time. The concern was certainly understandable given past reports of cybercriminals viewing and using their victim's personal data, surveillance and tracking, and society’s overall heightened awareness of data privacy and information security.

Choosing a messaging app requires consideration of the user’s risk tolerance for data privacy and security. The choice may ultimately boil down to personal preference. In light of the increased use of messaging apps, the general consensus appears to be that the communication tool is not a nice-to-have, but instead, a must-have. They keep us globally connected and offer many communication conveniences. To accomplish the goal of communicating privately and securely, however, messaging apps that use end-to-end encryption are the only choice.

What is end-to-end encryption

End-to-End Encryption (E2EE) is a type of public key cryptography, also known as asymmetric cryptography, that protects data by making it available to only the intended recipient. E2EE ensures that if a third party intercepts your text messages, the message will be unreadable to the third party. Third parties include the app owner, for example, in the case of WhatsApp, Facebook should be unable to view the content of text messages sent between two WhatsApp users. Third parties also include law enforcement and any other authority that may have an interest in reading your text messages. It’s worth noting that, obviously, if the third party has physical access to your device, they can read all the contents of your messages.

Messaging apps such as Apple’s iMessage, Facebook’s WhatsApp and Google’s Messages, Signal and Telegram all use E2EE. The leading messaging apps, based on downloads, are Signal, Telegram and WhatsApp, and while they all use E2EE for texts, voice and video calls, the apps differ from one another (as we will discuss below).

The Signal Protocol

The most promising development in the E2EE space is the development of the Signal Protocol. E2EE that uses the open-source Signal Protocol is unique because of Perfect Forward Secrecy, which essentially describes the idea that if data is encrypted and secret now, it should also be encrypted and secret in the future. The Signal Protocol is becoming the de facto standard for E2EE for messaging apps.

The Signal app, funded by the Signal Foundation, uses the Signal E2EE Protocol and is best known for its privacy features and secure messaging, as well as several high-profile endorsements from individuals like Jack Dorsey, CEO of Twitter, and Elon Musk, CEO of Tesla, Inc. In addition to winning over privacy advocates, information security experts, lawyers, cryptographers, and journalists, the popular app also leverages the following notable features offered by the underlying protocol:

  • Default security controls (e.g., disappearing messages)
  • Perfect Forward Secrecy
  • Open-source software
  • No ads or affiliation with Big Tech

Anyone has the option to audit the code and check the application’s security because it is free and open software. One reason Signal may be a messaging app favorite, compared to Apple’s iMessage, is because both Android and Apple users can download Signal, whereas only Apple users can use iMessage. When you send an iMessage to a user who is not using IMessage, the message is sent as a Short Message Service (SMS) message. SMS has its own security risks and sending financial or sensitive information using SMS is not recommended.

Another positive Signal app feature is that, unlike Telegram and WhatsApp, Signal does not store user data. Telegram requests your personal data (e.g., your name and phone number), while WhatsApp collects data that may identify you and may share some of your data with other Facebook companies

Encryption backdoor requests and implications

The primary argument against E2EE is messaging service providers should create an encryption backdoor to permit government access to encrypted data to address the potential consequences E2EE may have on law enforcement. The problem with the backdoor argument is that, while the backdoor would be open to law enforcement, it would allow authoritarian governments and cybercriminals to walk through the backdoor too.

In February 2016, Apple responded to the United States (U.S.) Federal Bureau of Investigation (FBI) request for data in their possession following the tragic San Bernardino shooting. Apple challenged the FBI’s demand and characterized it as an overreach by the U.S. government.

In March 2020, Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina), U.S. Senators Richard Blumenthal (D-Connecticut), Josh Hawley (R-Missouri) and Ranking Member Dianne Feinstein (D-California) introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act), bipartisan legislation to encourage the tech industry to take online child sexual exploitation seriously. Critics of the EARN IT Act held that the law would jeopardize privacy and free expression rights, without effectively tackling child sexual exploitation. Officials who propose bills like the EARN IT Act focus solely on tech companies to solve child exploitation online and ignore the need for multiple actors and solutions to contribute to an effective response to child online sexual exploitation. The provisions of the bill threaten privacy for those who may need it most (e.g., children learning online, journalists, marginalized communities and peaceful protesters).

Conclusion

Messaging app users desire data privacy and security. They expect to be able to speak freely with friends, family, community members, journalists, peaceful protesters and colleagues without their messages being intercepted and read by a third party, including the government. This is especially true during times of social unrest or political uncertainty.

Currently, the Signal Protocol is the leader in E2EE and by all accounts the Signal app provides the highest level of privacy and the most secure messaging for its users. It is also true that cybercriminals will exploit this level of advanced E2EE. The argument, however, that encryption backdoors are necessary to assist law enforcement bodies in their efforts to prevent criminal activity is overcome by the fact that weak encryption results in privacy and security risks to all law-abiding citizens, our civil liberties and democratic values.

This is yet another example of how machine identities, such as those used for E2EE, will continue to play a greater and more important role in our everyday business and personal lives.

Related Posts

Like this blog? We think you will love this.
image representing big data
Featured Blog

Le chiffrement homomorphe : Définition et utilisation

Qu'est-ce que le chiffrement homomorphe ? Le

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Ambler Jackson
Guest Blogger: Ambler Jackson
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more