It's time to secure your DMs... in style
Don't freak out, I'm not sounding the alarm bells on anything in particular. Take this post as an outstretched hand, here to guide you into the world of truly secure & private communication. It won't be perfect, but there are fewer compromises involved than you might've been led to expect, including some options for personalization that are easily overlooked. I think the tradeoffs are more than worth it in today's world.
An app from the heavens
Let's not bury the lede any further: Signal is the primary focus of this post. Signal is an outstandingly user-friendly implementation of end-to-end encryption, requiring only a phone number and a short PIN to get started.
Some notes on those requirements:
- In the distant past, your phone number was your Signal handle, meaning you had to give it to people you wanted to talk to on Signal. This hasn't been the case for years: Signal now has usernames, with mandatory discriminators,ยน as well as robust & well-documented phone number privacy settings.
- As for PINs, Signal developed something called secure value recovery that โ to explain it briefly โ stores your PIN exclusively in encrypted memory on their servers, uses encrypted computation to check PIN entry attempts and enforce a limit on failed guesses, and mitigates platform-level attacks by distributing computation across multiple cloud providers. So, if you read "PIN" and thought "can't those be brute-forced?", they're way ahead of you. Really cool stuff!
What Signal gives you in return for these things is a truly end-to-end encryption solution. The only bits of information Signal can access (such as to respond to subpoenas) are your phone number and your account creation date. Seriously, that's it. Not only are 100% of messages encrypted, but all of the metadata โ who you're talking to, when you're talking to them, your Signal profile details, even what sticker packs you've uploaded & used โ all of it is encrypted.
The Signal protocol has been formally audited by researchers across the globe, who found "no major flaws in the design". Signal is the real deal; it sets the bar for other communication apps that make equivalent claims about privacy & security.
ยน Discriminators (numbers at the end of a username) are a very good thing! They drastically nerf the value of usernames, particularly those that are common names or words, unusually short, or otherwise sought-after. Having a (likely unofficial) marketplace of usernames would be a massive distraction from Signal's goals, and probably yours too.
The landscape beneath Signal
Now you know where the bar is set. I'll talk more about Signal later, but first, let's look at the other messaging apps out there that claim to be secure, private, or both.
WhatsApp claims to offer end-to-end encrypted messages. I say "claims to" because it's closed-source, meaning the veracity of this statement can't be verified externally.
Furthermore, all that metadata like "who you're talking to" is certainly not end-to-end encrypted.
Further-furthermore, WhatsApp is owned by Meta, a notoriously data-hungry and anti-privacy company. This alone means I'm never touching this app with a ten-foot pole. I recommend staying away from WhatsApp.
Telegram
Telegram claims to be both private and secure. I say "claims to" for a whole mess of reasons. Here are some of them:
- Chats are not end-to-end encrypted by default.
You have to go through a bizarrely complicated sequence of steps
to start a "Secure Chat" on each conversation you want to encrypt.
Not good!
- Instead, Telegram opts to encrypt the bulk of messages at rest using a key within their control, storing the encrypted messages and the key across geographically disparate data centers. This is good news for some narrow threat models, but Telegram themselves can still decrypt your non-Secure Chat messages, so this misses Signal's bar by a long shot.
- Secure Chats are not available for groups, only one-on-one conversations. Again, all Signal chats (including groups) are end-to-end encrypted by default. There's no excuse here.
- Telegram rolled their own encryption protocol called "MTProto", which is so poorly conceived that you might mistake some of its bugs for backdoors.
I begrudgingly use Telegram because many of my friends use it, but it offers shockingly little of value that Signal doesn't have by now. I recommend migrating off of Telegram.
Matrix
Matrix claims to offer secure, decentralized communication. I say "claims to" because their end-to-end encryption is optional for rooms (i.e. group chats).
Esteemed furry blogger & cryptographer Soatok has found & disclosed multiple vulnerabilities in Matrix's encryption routines after only a cursory glance at their codebases. The fact that these were discovered with so little effort should be alarming enough on its own, but Matrix's responses to these vulnerabilities (1, 2) ought to be regarded as equally alarming. Rather than fixing any of the vulnerabilities identified, they instead opted to discredit the findings as irrelevant.
I find this excerpt from Soatok's 2nd disclosure post to be prescient here:
Well-implemented, well-designed cryptography is supposed to be Boring. Boring cryptography is obviously secure.
Allowing a complete confidentiality break because one person sets their public key to zero is not Boring.
Regarding decentralization, most Matrix servers are federated through a centralized Matrix.org homeserver that manages account logins. For a server to be fully disconnected from the graph, it not only needs to provide its own homeserver, but also forego various niceties like sticker packs that go through another centralized server, vector.im.
Also, the UX is all over the place. I would certainly not describe Matrix as "foolproof" in the same way as Signal.
Despite all of the above issues, I am using a friend's private & defederated Matrix install to talk to a few folks. It's preferable to Discord on the security & privacy axes, but really only because I happen to have a friend with the time & technical expertise to get self-hosted Matrix running (it was apparently a painful month-long endeavor).ยฒ For that and all the above reasons, I don't recommend Matrix for most people.
Aforementioned blogger Soatok has written about Discord alternatives and Signal competitors. He came to the same conclusion in both of these posts: there are currently none that meet the bar. If you're willing to make compromises on the security & privacy of your communication apps, you'll need to seek out the opinions of people who aren't cryptographers.
Personally, I think that's a bad call to make. We've seen how companies throw around terms like "end-to-end encryption" and "privacy-first" while handwaving away the limitations from their copytext. Security needs to be rooted in solid application of cryptographic primitives, and privacy needs to be rooted in security. The sad truth is that meaningful encryption is extremely difficult to get right and notoriously hard to communicate to the public (even technically inclined users!). So, I urge you: listen to cryptographers. They represent an unwavering voice of truth in an increasingly user-hostile landscape.
ยฒ Federated Matrix servers are slow and have a huge spam problem. They're non-starters for me because none of my friends are going to put up with that.
Making the most of Signal
If I had to guess why so many of my friends haven't picked up Signal, I'd say it's because the app looks extremely dry at a glance. The interface is clean & free of distractions, but to a point where it feels sterile. There are no bubbly animations, no app-wide themes (aside from light/dark), not even any bundled wallpaper images. It's lacking the sauce.
But you can make Signal feel personal, and I'll show you how.
Set up your profile
After you've gone through your privacy settings, I recommend filling out your profile with a name and avatar.
Don't be off-put by the first & last name fields! You can set your first name to anything you want and leave the last name blank.
A lot of my friends who are on Signal don't have an avatar set. I respect this decision, but I don't think it offers much from a privacy standpoint. Even if you share your username online, random people can't see these profile details until you accept a message request from them.
Add some friends
Okay, this one's obvious, but you need to know other people who use Signal in order to... use Signal. Unless your only use case is sending secure notes to yourself.
Some friends have asked me to use Signal to talk to them, and I've asked the same of various friends of mine. Maybe you know some people who share their Signal username (hi, friends!). Maybe just take this step as an exercise in humility and become That Friend yourself. There are certainly worse kinds of friend you could be.
Customize your emoji hotbar
Do you have a favorite heart emoji? Are you a ๐ญ user but not much of a ๐ user?
I have good news for you: you can change the emoji hotbar! This feature is tricky to discover organically, but it's documented in Signal's help center, as most things are.
Pick a default chat background & color
Signal's built-in wallpapers are about as underwhelming as you could imagine. It's just a bunch of solid colors and basic gradients.
The best recommendation I have for phone wallpapers is Wallhaven,
which is ad-free and recently banned AI art.
It's heavily focused on anime & people โ
the two genders categories aside from "General" โ
but you can still find some decent images there.
Here's a search query for abstract portrait wallpapers
to get started.
Whatever you end up using, acquire your preferred wallpaper and set it as the default background in the app's settings. Things will instantly feel 500% more personal. You might also consider adjusting the color of the chat bubbles to match or complement the background.
Upload (or swipe) your favorite sticker packs
This one's optional for non-furries.
Sticker packs are Signal's Telegram-killer feature. As mentioned before, they're just as secure & private as everything else you can do in Signal. You can upload sticker packs from the Signal desktop app, or ask friends to send you stickers so you can yoink the packs for yourself.
To aid in migrating from Telegram, I registered my own personal bot with Telegram, then ran an open-source sticker downloader to download my most-used packs. Alternatively, you could use one of the many public sticker downloader bots out there. I can't vouch for any of them, so I won't be linking any of them here.
Now, I'm not going to lie: uploading a sticker pack to Signal is a tedious process. You have to manually assign each sticker an emoji, and if you have your heart set on uploading a large (100+ sticker) pack, you're going to become intimately familiar with the emoji picker over the next 15-30 minutes. There are no drafts for sticker packs, so you have to keep the sticker upload window open from start to finish. I uploaded my handful of sticker packs over the course of ~2 hours and I hope I won't have to do it again.
Assign chat-specific backgrounds & colors?
This one's your call. If you have a use case for per-chat backgrounds & chat bubble colors, Signal supports it. They only apply to you, not your recipient(s).
Personally, I use Signal to talk to friends & family. Family members get a special background & color so that it's immediately obvious to me when I'm in a family chat. A few other special folks in my life get their own chat bubble colors. I think of this feature as error correction for human mistakes. It enables me to be comfortable sending the weirdos in my life highly-targeted stickers using the same app I use to talk to my brother.
As of a few months ago, colors sync between desktop and your phone, which halves the setup cost to that feature. It's a small thing, but one that gives me confidence that the folks at Signal know what they're doing on the UX side, too.
Publish your first Story??
Signal has Stories. You know, like from Instagram or whatever.
I don't use this feature and I don't know anyone who does. You can disable the feature entirely, but I'm not opposed to seeing them in case any of my friends make one. Maybe you could be the first!
Miscellaneous grievances
"I don't like that Signal is hosted in the U.S."
I get the concern, but where Signal is hosted doesn't actually matter if you trust the encryption, which, again, has been scrutinized by researchers from all around the world and passed every time. Data sovereignty is second to & arguably obviated by proper cryptography.
As for ethical considerations, Signal is a 501c3 nonprofit and has no track record of poor leadership or communication, at least that I'm aware of.
"Wasn't there a Signal leak in the news last year??"
I'm sorry to be the one to tell you that this is a wild misinterpretation of events. In reality, a journalist was mistakenly invited to a Signal group chat and fulfilled his bare-minimum responsibility of telling people that that happened.
In technical terms, Bob can't do jack shit if Alice addresses her envelope to Mallory.
This could be indicative of a flaw in Signal's UI, say, if it's too easy for users to send an invite by mistake, or too hard to identify the correct recipient of an invitation. You can check out the UI yourself; it's a free app, after all. I looked at it and it seems pretty straightforward to me.
Is it all worth it?
The peace of mind offered by Signal's rock-solid security & privacy is incredibly important to me, for reasons both philosophical and pragmatic. I regard it as an oasis of trust in a sea of hyper-capitalist platforms with wildly stochastic risk profiles (among other problems).
Those are some big words to say: yes, it's absolutely worth it, at least in my opinion.
The only substantial value offered by less secure platforms, from my perspective, is simply their inertia. I use Telegram because my friends use Telegram, and because many of them do not use Signal. I would rather use Signal for everything. This post represents my best effort to generate whatever inertia I can scrounge up in favor of Signal.
Good encryption is boring, but a good encryption app doesn't have to be. Personalize your Signal install today and join me in the serenity of actually trusting an app on your phone!