Maximum PC - UK (2020-01)

(Antfer) #1

maximumpc.com JAN 2020 MAXIMUMPC 17


Alex Campbell


OPEN SOURCE


©^
SIG


NA


L


Signal to Move Away


from Phone Numbers


SIGNAL PRIVATE MESSENGER, the gold standard for


open-source private messaging, is to move away


from phone numbers as the primary user ID. This


is great news, and may help the app reach more


users. At the very least, it will be a boon to privacy.


You might not be comfortable
giving up your private number
to some individuals.

For as long as I’ve been writing about tech, I’ve
preferred services and software that help protect
privacy. I switched to using Signal as my default
mobile messaging app years ago. Since then, Signal
has gotten features such as Giphy integration and
video calls. But one thing has always irked me: The
use of a phone number as a user ID.
For all its accolades, Signal has been criticized
for tying a user to a phone number. For users
who might want a new number (to avoid calls
from a persistent ex, for example), keeping in
touch with Signal contacts meant setting up new
conversations, security numbers, and a lot of
headache. More importantly, talking to someone
over Signal required giving out your phone number.
For friends and family, this is clearly not that big
a deal. But what if you want to talk with someone
you meet at a conference or over Twitter? You
might not be comfortable giving up your private
number to such an individual. Some other means of
establishing identity would be clearly preferable.
The Signal developers have heard calls for
this type of feature, and will be releasing it in an
upcoming version of the Android client. The 4.
release gives each user a universally unique
identifier (UUID) that will act as the user ID.
While the consequences are largely (as Signal
puts it) “behind-the-scenes,” the implication is

that users may be able to offer up
their UUID online without worrying
about revealing phone numbers.
There are other enhancements,
too. The 4.50 release will offer up
insights to the user, showing what
percentage of recent messages
were encrypted versus served
over unsecured SMS. The analysis
will be computed by the device,
requiring no communication with
Signal servers. For users like me,
who use Signal as their primary
messaging app, this can be a
valuable tool to see how “secure”
their conversations are at a glance.
Such privacy auditing tools can
be useful for those with more
stringent privacy requirements.
Truth be told, the messaging
landscape is a mess. Apple users
have iMessage, which enables
encrypted communication, but
only with other Apple devices.
(Android users famously show
up in green chat bubbles.) SMS
and MMS are antiquated and
insecure. Other platforms, such as
Facebook Messenger, WhatsApp,
and others, compete with Signal
in the third-party messaging
space. (Note that WhatsApp uses
a version of the Signal protocol
under the hood.) The upcoming
Rich Communication Services
(RCS) standard is being developed

by carriers to modernize SMS and
MMS to create something more
like Google’s now defunct Allo.
Currently, Google’s Messages app
is RCS-capable, but the standard
isn’t end-to-end encrypted (E2EE)
like Signal and iMessage are
by default. And if Signal did add
support for RCS, it would serve as
an unencrypted fallback, much like
how Signal handles SMS and MMS.
The heterogeneity of messaging
standards makes secure chats
a pain. Either you use a system
everyone else does, even though
you don’t prefer it (such as
iMessage or WhatsApp), or you
have to convince your contacts to
use another (such as Signal). While
this barrier may persist for some
time, allowing people to use Signal
without relying on a phone number
could be a boon for those who wish
to use it on laptops or other devices
without the need to tie it to a phone.

Alex Campbell is a Linux geek
who enjoys learning about
computer security.

Signal is a secure open-source
messaging app.
Free download pdf