A few days back, American entrepreneur, cryptographer and founder of Signal private messenger Moxie Marlinspike was travelling when his co-passenger asked for help, the person who asked was in his sixties and he was not able to activate airplane mode on his old-fashioned Android phone. Marlinspike got shocked the moment when he saw the screen and found among a few installed apps there was Signal.
Signal is considered the world’s most secure end-to-end encrypted messaging service, was launched by Marlinspike nearly 5 years ago. Today, the app is maintained by Signal Foundation, a non-profit organization heads by Marlinspike. But the man who asked for help was not aware of these things. Marlinspike politely showed him how to activate airplane mode and returned his phone but the man had Signal app along with handful of other apps installed on his Android phone.
After that flight, Marlinspike told “I try to remember moments like that in building Signal,” in an interview given to WIRED. Marlinspike adds “The choices we’re making, the app we’re trying to create, it needs to be for people who don’t know how to enable airplane mode on their phone.”
From always, Moxie Marlinspike has talked about making encrypted communications easy and simple for everyone. Due to his efforts, today Signal is finally reaching to mass audience and is not only limited to activists, privacy diehards as well as cyber-security nerds.
Thanks to his efforts due to which app becomes more accessible as well as appealing to billions of netizens.
Signal was growing rapidly even when it was just a calling and messaging app. In 2016, Marlinspike had confirmed that over two million users are registered with Signal. However, in a recent interview with WIRED he hasn’t said anything about number of Signal users but according to Google Play Store count, Signal has been downloaded by more than 10 million times. On the other hand, 40% of the app’s users are on iOS. Its adoption has spread from Black Lives Matters and pro-choice activists in Latin America to politicians and political aides—even noted technically incompetent ones like Rudy Giuliani—to NBA and NFL players. In 2017, it appeared in the hacker show Mr. Robot and political thriller House of Cards. Last year, in a sign of its changing audience, it showed up in the teen drama Euphoria.
About 2 years ago, a new chapter in Signal’s evolution was added when WhatsApp co-founder Brian Acton invested $50 million into Signal foundation, a few months after leaving WhatsApp due to rising tension with Facebook top management (WhatsApp was acquired by Facebook in 2014). Acton Not only donated $50 million to Signal foundation, he also joined Signal Foundation as an executive chairman to help improve end-to-end encrypted messaging project.
Signal’s open source protocol was used by WhatsApp to encrypt all communications end-to-end by default but it does not seem effective to Acton when he saw Facebook is playing with privacy of WhatsApp’s users.
Marlinspike effectively plans to use Acton’s millions of dollars and his experience of building encrypted messaging app for billions of users. After working for a few years with just 3 full-time employees, now Signal is a team of 20 employees. From texting and calling app to a fully featured mainstream application, Signal has evolved itself a lot.
Thanks to Signal’s new coding muscle, in just the last 3 months, it has rolled several features such as support for iPad, emoji reactions, downloadable customizable “stickers”, ephemeral images and video designed to disappear after a single viewing. In addition to this, it has announced to introduce a new system for one-to-many (group) messaging and a method for storing encrypted contacts in the cloud.
Marlinspike told WIRED in an interview “The major transition Signal has undergone is from a three-person small effort to something that is now a serious project with the capacity to do what is required to build software in the world today.”
A few features of Signal seems trivial to its earliest core users and Acton calls them “enrichment features.” They are for people who want Signal as multifunctional as iMessage, WhatsApp or FB Messenger but value Signal’s security and the truth that it does not collect users data.
“This is not just for hyperparanoid security researchers, but for the masses” “This is something for everyone in the world” says Brian Acton.
Stickers are the latest Signal updates. Every sticker pack is encrypted with a ‘pack key’ so that Signal server can never see decrypted stickers or get to know about the Signal user who has created or sent them. With Signal’s new group messaging, administrators can add or remove people from groups without hinting a Signal server about that group member.
Signal also collaborated with Microsoft Research in order to invent a novel form of “anonymous credentials” that allow a server guard group users without knowing members’ identities. It is testing ‘Secure Value Recovery’ feature that lets users to create an address book having their contacts then store them on a Signal server. In this way, server-stored contact / address book will be preserved even if user switches to a new phone. Signal servers cannot see those contacts as they would be encrypted using a key stored in the SGX secure enclave. This key is meant to hide data from the rest of the Server’s OS.
For security reasons, a cryptographer at Johns Hopkins University Matthew Green says that a few of Signal’s new features should come with an on-off switch. He says that new features may add more chances for security vulnerabilities to slip into Signal’s engineering. But overall, he is impressed with the Signal code. He said “After reading the code, I literally discovered a line of drool running down my face. It’s really nice.”
Brian Acton’s ambition is to grow Signal like WhatsApp – sized service (even beyond). After all, he not only developed WhatsApp but also helped it achieve over 1.5 billion users. Acton thinks he can do the same again with Signal. He says, “I’d like for Signal to reach billions of users. I know what it takes to do that. I did that.” “I’d love to have it happen in the next five years or less.”
Marlinspike says, “This has always been the goal: to create something that people can use for everything.”
He adds, “I said we wanted to make private communication simple, and end-to-end encryption ubiquitous, and push the envelope of privacy-preserving technology. This is what I meant.”