Looking back at how Signal works, as the world moves forward

moxie0 on 05 Jun 2020

In the midst of world-wide protests against racism and police brutality, a lot of people are becoming more immediately aware and concerned about the security of their data and online communication. We’ve gotten a lot of questions at Signal over the past week, so we wanted to briefly recap how it is that we’ve designed Signal, and how we think about concepts like privacy, security, and trust.

What if the worst should happen, and some unauthorized party were to compromise Signal? We don’t have to speak hypothetically, because the US government already tried this, so we can examine what that looked like. In 2016, the US government obtained access to Signal user data through a grand jury subpoena from the Eastern District of Virginia. However, there wasn’t (and still isn’t) really anything to obtain. At the time, we worked with the ACLU to fight the gag order that was intended to prevent us from publishing this information, so you can see the full subpoena and response here.

The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use – not user messages, groups, contacts, profile information, or anything else.

A screenshot of the subpoena response, showing only the account creation time and connection date.

This is because we’ve designed Signal to keep your data in your hands rather than ours. Signal uses end-to-end encryption so that we never have access to the contents of the messages you send; they are only visible to you and the intended recipients. However, Signal also applies this design philosophy to the rest of your data as well.

Our approach

Unlike any other popular messaging apps, Signal also does not have access to your contacts, social graph, group data, group membership, profile name, profile avatar, location data, gif searches, etc. – and we don’t include trackers, ads, or analytics in our software at all.

Because we’ve built Signal to completely avoid storing any sensitive information, I can stand on stage in front of thousands of people and publish all of my account data publicly without revealing anything other than how long I’ve had Signal installed (it’s since I last replaced my phone) and the last date I had Signal installed (it’s today btw).

If you ask the CEO of any other major communication platform to publicly publish their account data from their platform, they won’t.

I don’t blame them – it’s a lot of data that they would probably be uncomfortable sharing with you – but it raises the question of whether we should be comfortable sharing the same data with them.

Sync different

This represents a fundamental difference in how we think about concepts like privacy, security, and trust. We do not believe that security and privacy are about “responsibly” managing your data under our control, but rather about keeping your data out of anyone else’s hands – including our own.

We believe this because, even after 30 years of trying, anything else has proven to be a losing strategy. Data breach after data breach, and the incentives that have emerged from the monetary value of data, have led to a dramatic loss of privacy online, especially for some of the most intimate conversations we have.

We don’t believe that trust is about trusting us with your data, but rather about trusting our engineering abilities and know-how to design software that keeps your data in your hands rather than ours or anyone else’s. In order to help build that trust, we’ve made all of our software open source so anyone can look at how we design and build things. There are no secrets in there, because we never have access to your secrets to begin with.

We also make this technology publicly available for free because Signal is a 501(c)(3) nonprofit. Our mission is to increase privacy online, so we publish our technology and share knowledge to encourage other companies to adopt it in their own products and services.

Moving forward with you

Every feature that we add to Signal is a new opportunity to make sure that your information is only accessible to you. This isn’t how most organizations handle user data, but it has always felt like the right approach to us. These are your contacts, your conversations, your photos, and your information – not ours – and it’s your powerful voices that are out there organizing and advocating for change.

Keep on sending a message, and we’ll keep making sure they get delivered securely.