While WhatsApp is reportedly planning ads for users, other messaging apps are beefing up security and encryption to keep user information safe. Signal, the messaging app with arguably the best end-to-end encryption around (no offence Telegram), is rolling out a new feature that will further protect the identities of message senders.
Since it began, Signal has not collected or kept any user data (something that Facebook cannot say), a feat that Signal is rightly proud of. Now a new feature will also hide a sender’s metadata inside the ‘envelope’ of an encrypted message, making it even more secure by keeping real-world personal data as safe as possible.
Here’s how that works — the app encrypts the message as normal with Signal Protocol, then places the sender’s information into an ‘envelope’ as a certificate containing the sender’s phone number, public identity and expiry time — so the sender can be validated. The envelope is also encrypted or ‘sealed’. We don’t want any spoofing, do we? Then the encrypted message, as well as the sealed envelope needed to validate that message is sent.
Authentication is taken care of on the other side of the line, without revealing the sender’s information. When the message is delivered, the app will pop open the envelope and validate the certificate, decrypting the message if everything is as it should be — all without exposing sender information to outside forces.
Although this sounds slightly dodgy — as though random people could send messages without the receiver knowing who it is — the system still links every message to a phone number which could identify a person outside of the app. This just means that Signal is an app for people who really value their privacy.
“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is,” Signal said in a blog post.
The new feature will be enabled by default in an upcoming update, but first beta testing (scheduled for “very soon”) will have to be taken care of.
Source: Signal Blog