WhatsApp - and pretty soon Signal as well - are the prime example of an industry turning End-to-End Encryption into a hollow marketing phrase that doesn’t mean anything.
While Signal technically is free software it doesn't feel like free software.
You can change it, but then you're no longer welcome in the Signal ecosystem and can't send messages to other Signal users.
Federation and other problems will be tackled afterwards
But where to go?
One of the things I do is cryptography and infosec training for investigative journalists who have a need to keep either their sources and communications confidential so they can more safely do their work in the public interest. Often they work in places which are heavily surveilled, like Europe, or the United States. Ed Snowden’s documents explain a thing or two about how the US intelligence apparatus goes about its day-to-day business. They sometimes also work in places in the world where rubber hose cryptanalysis is more common than in say the U.S. or Europe. Which is why crypto tools alone are not the Alpha and the Omega of (personal) security. This requires careful consideration of what to use when, and in what situation. One of the things I have recommended in the past for various cases is the OpenWhisperSystems’ app called Signal, available for Android and iOS. In this article, I want to explain my reasons why I won’t be recommending Signal in the future.
To be clear: the reason for this is not security. To the best of my knowledge, the Signal protocol is cryptographically sound, and your communications should still be secure. The reason has much more to do with the way the project is run, the focus and certain dependencies of the official (Android) Signal app, as well as the future of the Internet, and what future we would like to build and live in. This post was mostly sparked by Signal’s Giphy experiment, which shows a direction for the project that I wouldn’t have taken. There are other, bigger issues which deserve our attention.
Earlier this year, the FBI served Open Whisper Systems, the creator of Signal, a popular end-to-end encrypted messaging application, with its first criminal grand jury subpoena. On Tuesday, Open Whisper Systems and its lawyers at the American Civil Liberties Union successfully challenged a gag order forbidding the company from speaking about that request.
It this case, Open Whisper Systems barely had any subscriber data to give to the FBI. They responded with two pieces of information for one of the phone numbers: the time that the Signal account was created and the most recent date that the user connected to the Signal server. The other phone number did not have a Signal account associated with it.
Other messaging services routinely store more information about their users, including the IP addresses they use to connect to the service, their contact lists, who they sent messages to and when, and often the content of the messages themselves. When those services receive similar government requests, they could be legally compelled to turn over that information. Open Whisper Systems designed Signal to log only the bare minimum information necessary to operate their service, specifically to avoid being put in that position.
Today, the new attempt is Keybase.io, which many users like for its convenience (linking PGP keys to social media accounts). But it fundamentally violates the end-to-end privacy principle of PGP by binding keys to privacy-invading services. Periodically, he said, proposals pop up to implement "validating" PGP keyservers—but none of them work in a decentralized fashion. He urged users to stand up against all attempts to centralize PGP.
Finally, he looked at federation in general. Mail servers have more and more difficulty interoperating, he said, and XMPP has "lost its track" and is being replaced by centralized systems like WhatsApp and Signal. He encouraged developers to make federation a priority and to design for it from the beginning.