Signal is a remarkable FOSS messaging app known for its strong focus on privacy, security, and data transparency. Unlike many other apps, Signal operates as a non-profit funded entirely by donations, rather than relying on ads or selling user data. This allows the app to prioritize user privacy without any commercial pressures.
Signal enforces end-to-end encryption (E2EE), ensuring that only the intended recipients can access messages, calls, and other communications such as files shared within the app. Even Signal itself can’t read this encrypted data, and there’s no way to turn off this encryption. The app also has a desktop version, providing a seamless and secure communication experience across multiple devices.
One of the most impressive features of Signal is that users can send and store gigabytes of data completely for free. This is particularly surprising given the high level of security and encryption that Signal provides, highlighting the app’s commitment to privacy at no cost to the user. From a economic standpoint, it is much more expensive to transmit and store data with this level of encryption than if it were unencrypted.
In contrast, Telegram, another popular messaging app, has different security measures. By default, Telegram’s messages are NOT encrypted, which means most users’ communications are not fully protected. This leaves most people communicating on Telegram completely exposed. While Telegram offers a “Secret Chat” feature with E2E encryption, it’s not enabled by default, unlike Signal where encryption is always enforced.
This comparison underscores Signal’s unique position as a completely free service focused on privacy and security without the need for a paid tier. It seems crazy that Signal is mostly supported by donations considering that at the end of 2023, it’s projected that in 2024 it will cost $50M to host. Signal also keeps minimal user data, only storing basic information like account creation time and last online activity, further emphasizing its dedication to user privacy and cybersecurity.
When encrypting SMS between popular mobile devices like iOS and Android, both parties must use the same platform for E2EE. Android devices use RCS messaging, while Apple devices use iMessage, and both support E2EE. The problem comes when Android and iPhone communicate with each other. In such cases, messages are sent via SMS/MMS, which do not support E2EE, leaving them vulnerable to interception and surveillance. This lack of a unified standard for encrypted messaging across platforms means that secure communication is only possible when both parties use compatible services, leading to potential privacy and cybersecurity concerns when messages cross between these ecosystems.
With Signal, you have the option of deleting messages for everyone in the chat, whereas you do not with SMS. This is a very important feature in the event sensitive information needs to be scrubbed. Signal provides additional privacy features like disappearing messages, where you can set messages to automatically delete after a certain period. Moreover, Signal’s open-source nature allows for continuous security audits, ensuring transparency and trustworthiness. Unlike SMS, which relies on carrier networks susceptible to vulnerabilities, Signal operates over data networks, offering enhanced security and privacy for users who prioritize the confidentiality of their communications. This makes Signal a preferred choice for those who need secure communication, even across different operating systems.
For more reading, check out my article comparing mobile operating systems here.