Signal

Signal Logo

Signal

Security

Signal has the best security out of all of the apps compared here. Chats are always end-to-end encrypted and you can enable disappearing messages. Furthermore, Signal is actually open-source. This means that anybody can look at Signal's source code and verify that it is secure.

Signal has been designed with security in mind, not bolted on afterwards, so the defaults are more likely to be good

Signal PIN is a useful application lock - though that isn't set up on the computer version.

Signal encrypts local information on your computer or phone - so its only visible through the app or computer programme.

Can be compromised if malware is installed on the phone or computer, or other people have access to that device if they use your login. Or if you have infiltrators - no app protects against those.

Accessibility

People aren’t normally familiar with Signal before joining XR so may be a barrier to newcomers or less technical users.

Has complicated features like Signal PIN which can be a barrier to use.

It is available on computer - though its still tied to your phone number.

Features

Signal has many of the same features as WhatsApp and Telegram. Whilst this makes it easy to learn how to use, it also means that:

It is hard to write longer messages in the small message box
It is difficult to keep track of multiple conversations happening at once
Once you have sent a message it can't be edited
Can be used on smartphone and computer versions.

Discoverability

Just like WhatsApp, you can share links to Signal group chats allowing people to quickly join the group. This is great for signing people up but it is hard for rebels to find this link and join the group.

Drawbacks

It can be hard to know who is on a Signal chat - as names can be changed, and phone numbers hidden. Like all chat apps - be careful who you are talking to if that's important.

Signal can also be problematic for rebels who have limited storage on their phones because the messages are stored locally instead of in the cloud, and this can take up a lot of space.

The "metadata" about who's using the app and where they appear to be may be available to the authorities if they can track the connections to the central computer server, or get access to that server.

Appendix

Why does security matter?

~~Given the types of actions XR does,~~ ~~it is essential that the authorities do not get access~~ ~~to rebels' personal information and private messages~~~~. This is for a number of reasons including:~~

~~It could compromise the legal defences of arrestees~~

~~It could affect the right of rebels to stay in the UK~~

~~When discussing security in the context of messaging apps, there are two main things to think about:~~

~~Can my messages get intercepted?~~

~~Where are the messages getting stored?~~

The first of these is straightforward - to make sure messages cannot be intercepted we need to make sure that the app uses secure encryption when sending messages. The second, however, is a little more complicated as it depends on terms like "end-to-end encryption".

End-to-end encryption is used by a number of messaging apps. What it means is that the messages are stored on the phones sending and receiving the messages, rather than on some server. This is generally good from a security standpoint because the authorities would need to access one of the phones in order to see the messages; something much harder for them to do than approach the owners of the server with a warrant.

~~Another important things to consider when choosing a messaging app is whether or not you want to have~~ ~~disappearing messages. These are messages that are automatically deleted after a certain time period, usually around a week or so. This can provide an additional layer of security on top of end-to-end encryption.~~

~~Lastly, one extremely important thing to bear in mind when discussing security is that~~ ~~by far the biggest weakness in XR's security is the people~~. It is very easy for an undercover police officer to pose as a protester and get themselves added to a 'secure' group chat. Once that happens, any security features of the messaging app become irrelevant since the authorities can see everything that is getting discussed.

Why does discoverability matter?

Discoverability - making your group easy to find and get in touch with - is a huge issue for XR. We are a decentralised organisation so each group has the freedom to decide how they want to organise and communicate. This is fantastic from the point of view of ~~mitigating for power~~, but it makes it difficult to share knowledge and skills across groups. To try and reduce this problem, it is important when choosing a messaging app to think about how other rebels and groups can find the group and get in touch with you.

Alternative messaging apps

~~There are many other messaging apps used by rebels in XR. We have just chosen to focus on the most commonly used ones here. Some other popular choices include:~~

~~Discord: An app with some great features but~~ ~~extremely poor security and privacy~~.

Useful links

~~Electronic Frontier Foundation: Thinking About What You Need In A Secure Messenger~~