Signal
Signal
Security
Signal has the best security out of all of the apps compared here. Chats are always end-to-end encrypted and you can enable disappearing messages. Furthermore, Signal is actually open-source. This means that anybody can look at Signal's source code and verify that it is secure.
Signal has been designed with security in mind, not bolted on afterwards, so the defaults are more likely to be good
Signal PIN is a useful application lock - though that isn't set up on the computer version.
Signal encrypts local information on your computer or phone - so its only visible through the app or computer programme.
Can be compromised if malware is installed on the phone or computer, or other people have access to that device if they use your login. Or if you have infiltrators - no app protects against those.
Accessibility
People aren’t normally familiar with Signal before joining XR so may be a barrier to newcomers or less technical users.
Has complicated features like Signal PIN which can be a barrier to use.
It is available on computer - though its still tied to your phone number.
Features
Signal has many of the same features as WhatsApp and Telegram. Whilst this makes it easy to learn how to use, it also means that:
- It is hard to write longer messages in the small message box
- It is difficult to keep track of multiple conversations happening at once
- Once you have sent a message it can't be edited
- Can be used on smartphone and computer versions.
Discoverability
Just like WhatsApp, you can share links to Signal group chats allowing people to quickly join the group. This is great for signing people up but it is hard for rebels to find this link and join the group.
Drawbacks
It can be hard to know who is on a Signal chat - as names can be changed, and phone numbers hidden. Like all chat apps - be careful who you are talking to if that's important.
Signal can also be problematic for rebels who have limited storage on their phones because the messages are stored locally instead of in the cloud, and this can take up a lot of space.
The "metadata" about who's using the app and where they appear to be may be available to the authorities if they can track the connections to the central computer server, or get access to that server.
Appendix
Why does security matter?
Given the types of actions XR does, it is essential that the
authorities do not get access to rebels' personal information and
private messages. This is for a number of reasons including:
It could compromise the legal defences of arresteesIt could affect the right of rebels to stay in the UK
When discussing security in the context of messaging apps, there are two
main things to think about:
Can my messages get intercepted?Where are the messages getting stored?
The first of these is straightforward - to make sure messages cannot be
intercepted we need to make sure that the app uses secure encryption
when sending messages. The second, however, is a little more complicated
as it depends on terms like "end-to-end encryption".
End-to-end encryption is used by a number of messaging apps. What it
means is that the messages are stored on the phones sending and
receiving the messages, rather than on some server. This is generally
good from a security standpoint because the authorities would need to
access one of the phones in order to see the messages; something much
harder for them to do than approach the owners of the server with a
warrant.
Another important things to consider when choosing a messaging app is
whether or not you want to have disappearing
messages.
These are messages that are automatically deleted after a certain time
period, usually around a week or so. This can provide an additional
layer of security on top of end-to-end encryption.
Lastly, one extremely important thing to bear in mind when discussing
security is that by far the biggest weakness in XR's security is the
people. It is very easy for an undercover police officer to pose as a
protester and get themselves added to a 'secure' group chat. Once that
happens, any security features of the messaging app become irrelevant
since the authorities can see everything that is getting discussed.
Why does discoverability matter?
Discoverability - making your group easy to find and get in touch with -
is a huge issue for XR. We are a decentralised organisation so each
group has the freedom to decide how they want to organise and
communicate. This is fantastic from the point of view of mitigating for
power, but it makes
it difficult to share knowledge and skills across groups. To try and
reduce this problem, it is important when choosing a messaging app to
think about how other rebels and groups can find the group and get in
touch with you.
Alternative messaging apps
There are many other messaging apps used by rebels in XR. We have just
chosen to focus on the most commonly used ones here. Some other popular
choices include:
Discord: An app with some great features butextremely poor security and privacy.