“Users are often unaware of this flow of data and cannot prevent it if they want to use the services. We need to be rigorous in tackling the abuse of power that comes with data.” —German Justice Minister Katarina Barley
This quote comes not long after Facebook announced that it would be integrating Instagram, Messenger, and WhatsApp under a single messaging platform.
You would think that after the Cambridge Analytica scandal and the multiple hacks and leaks it has faced, Facebook would try to downplay the whole I’m-following-you-literally-everywhere-around-the-web-whether-you-know-it-or-not feel. Apparently, that’s not the case.
More recently, updates to its privacy policy caused even more commotion when it was announced that the privacy policy gave the service the right to read users’ messages and hand the information over to its parent company, Meta/Facebook.
WhatsApp has over 2 billion users. That’s over 100 million voice calls, 4.5 billion photos, and 2 billion minutes on calls per day. All of that going through Facebook’s servers—and yes, it can all be (and likely is) being read.
So if you’re ready to switch to a secure alternative, use Signal. It’s free, open source, and secure.
Here are the many reasons why you should run your communications (video, calls, texts) through Signal:
1. It's end-to-end-encrypted (E2EE)
I know, I know—I've seen those WhatsApp commercials too. The ones where it's all jittery and fun and they tell you that your calls and texts should be private, and that WhatsApp protects them with encryption.
But make no mistake about it: WhatsApp (and thus Facebook) can spy on your messages and calls. And they know everyone you're interacting with, and when, and for how long, and so many more things that go into the data profile they have on you.
They wouldn't have been interested in WhatsApp if they weren't able to extract all of this from you in the first place.
They know where they need to be, and it's where you're having your most intimate conversations.
WhatsApp being able to read your chats is done by design. This only changed post-Facebook's acquisition. Pre-Facebook, WhatsApp was also end-to-end-encrypted, with no one intercepting your messages.
[Brian Acton] said he pushed for a service model, possibly by charging WhatsApp users a small fee to use the app, as the company did in its early days, to counter Facebook’s traditional revenue driver: advertisements. Instead of sucking up user data to help advertisers target ads, Acton and Koum hoped a service model could align their interests with the users’ need for privacy and security.
Even though Facebook markets WhatsApp as encrypted (which it technically is), it's important to understand what encryption actually means and how it works.
This is because everyone has a pair of keys: a public key and a private key. Unless you—and only you—have your private key, your communications can be intercepted, stored, and read. That's exactly what happens with WhatsApp.
In short: If Facebook has your private keys, then they're able to decrypt your conversations—rendering your encryption useless.
So yes, while it's technically encrypted, you shouldn't interpret this as "Facebook can't store or read my conversations," since those private keys are held by Facebook.
With Signal, only you hold your private keys, which means only your intended recipient(s) can see your messages. The same is true for audio/video calls, and even stories.
This also happens with iMessage. When you back up your messages to iCloud, those keys are held by Apple.
Note: Apple has announced plans to introduce E2EE for iCloud, but, as of this writing, there are no plans to view the encryption in an open source manner, so we're still left to trust—instead of verify—that the E2EE actually works.
2. It's open source
Open source software is instrumental in cybersecurity. I mentioned the secrecy behind the iMessage protocol and the fact that we can only trust—not verify—how secure it is.
In a nutshell, open source is important because it allows anyone and everyone to inspect the code. This means that the company or individual behind the app cannot hide how the app functions (unlike iMessage, for example). Anyone can audit the app's source code to learn how it functions, communicates, and test if there are any vulnerabilities.
3. It's battle-tested in court
It's always difficult to answer when someone asks "How secure is it?" The most reasonable answer is usually, "What's your threat model?"
Regardless of your threat model, apps (especially US-based ones) aren't usually battle-tested. Government agencies regularly subpoena Big Tech, and companies are legally required to comply. This means that Apple, Google, Facebook, Twitter, etc. and all US-based companies are handing over your data regularly.
Signal publicly publishes all government requests and their communications in a page rightfully titled Big Brother.
In it, we can see all of the information that Signal has about its users, which is:
- Phone number (needed for registration)
- When you registered with Signal
- When you were last active on Signal
That's it. No messages, photos, videos, stories, or even contacts.
After all, you can't provide data that you don't collect in the first place.
4. It's an independent nonprofit, so it can't be sold
Unlike most communication platforms, Signal's mission is completely aligned with keeping your data safe from the ground up.
As an independent nonprofit, Signal is not tied to any major tech companies, and it can't be acquired by one, either. A for-profit company can't acquire a 501(c)(3) nonprofit or its assets (all of which are open source).
In Brian Acton's own words:
You can't really sell a nonprofit. The whole point is to build something that it is independent and sustainable that CAN'T be bought. The whole flaw in the WhatsApp model was that it was founded as for-profit endeavor. This meant that it followed the traditional model of a start up in Silicon Valley with employees and outside investors owning equity. They expect an exit and an outcome. A nonprofit does not have these challenges.
5. It's cross-platform for every device
Signal works on both iOS and Android, so your conversations stay consistent for everyone involved.
Apple has successfully managed to turn iMessage users into haters of the "green bubble," a now pejorative term for SMS* to diminish anyone who's not an iMessage user in a ploy to shame people into buying an Apple device and use the proprietary iMessage protocol (and thus keep you locked into the Apple ecosystem). It's a selfish practice that Apple engages in and should not be rewarded.
Nevertheless, Signal (and the Signal Protocol) keep chats consistent for everyone.
*To be fair, SMS is an insecure protocol that should be eliminated, but Apple refuses to adopt updated protocols like RCS, which provide a more secure, consistent, and higher-quality experience. Communication standards are broken because of these types of walled garden practices, but that's a conversation for another time.
6. It's well-funded
You can search for the details of the story yourself, but in a nutshell: WhatsApp co-founder Brian Acton took $50 million of his proceeds from the sale of WhatsApp to Facebook and gave it to Signal.
You might be thinking: Well why did he sell WhatsApp to Facebook in the first place, then?
To paraphrase Brian Acton, it was an ultimatum: Either sell to Facebook and make money to fund other ventures (like Signal) that retained WhatsApp's mission to provide private communication, or decline Facebook's offer and get steamrolled out of business by a company with unlimited resources.
Despite the sale, he's been vocal about his #DeleteFacebook sentiment:
Brian Acton is the CEO of Signal as of January 2022.
7. It's not just an app, it's a protocol
Signal is not just an app—it's a protocol. You don't have to be technical to understand what a protocol is, and you interact with them every day.Still sending SMS texts? SMS is a protocol. Do you write emails? You're using protocols. That HTTPS in your address bar? That's a protocol.In fact, if you have an iPhone, iPad, or Mac, and you're sending messages to other Apple devices using the default Messages app, you're using the iMessage protocol. Is it secure? Is it end-to-end encrypted (E2EE) in a way that allows no one—not even Apple—to view your messages? Who knows. Apple says it is, but do you trust Apple? That's up to you.You can "trust," but you can't verify.I won't go into the technical details here, but the fact that Signal itself is a protocol is important because it can be used in different projects, for different purposes.Ironically, WhatsApp adopted the Signal protocol in 2016. The Signal Protocol powers well over a billion active users, which means it's around for the long term.
8. It doesn't store, send, or see your contacts
Many—if not all—social media apps ask you for permission to access your contacts and store them in their servers (something you should never allow, out of respect for your contacts). Signal does too—except that Signal hashes your contacts in a way that prevents even Signal itself from seeing your contacts.Here are the technical details if you want to read them, but essentially, Signal can provide you with a social graph to view who else in your contacts is using Signal, without exposing your contacts to Signal itself.
9. React with every emoji in existence
Whereas iMessage only lets you react with five different sentiments, Signal allows you to react with any emoji in the world.
10. Write yourself reminders and messages with "Note to self"
I had a colleague who would email herself reminders, notes, and things she wanted to bookmark. Not only is that email unsecured, it's also far less convenient than popping open Signal and sending a message to yourself.
Plus, since you can react to your own messages, you can even use it as a makeshift to-do list/task manager.
Since Signal supports various formats, you can also send yourself images, videos, PDFs, links, or anything else.
11. It's a Snapchat alternative that truly disappears
Snapchat's whole shtick is supposed to be that your messages, pictures, and videos are temporary. That is, of course, until you dig into the details of their terms of service and privacy policy, and realize that they only disappear for you. Not from their servers.
Not only does Signal have disappearing messages, it has view-once media, too.
Send a picture or video that's view-once, and the recipient(s) will only see it once, and it's gone forever—not stored on servers forever.
12. Share anything to multiple people at once with stories
This was a controversial feature when it released. Many Signal users felt development efforts were not being used in the most effective way, and perhaps with good reason, since the most requested and longest-standing Signal feature is registration without a phone number.
Still, Signal stories are completely optional, and you can opt out of this feature if you don't like riding the social wave of stories.
Being a communication app, I assume the product team is focused largely on getting people to use Signal, and with everyone and their dog having stories nowadays, it made sense from an adoption standpoint.
If you are a fan of stories, all the better. It's a good way to share your day or anything else with a select group of people. Signal offers you granular control over who can and can't see your stories.
To quote Signal:
It’s not about building a following or amplifying content for engagement. Our focus is and has always been on facilitating private, intimate conversations between you and the people who matter to you.
As with anything else on Signal, stories are also end-to-end encrypted.
13. Easily create polls
Since you can react all sorts of ways, it's easy to poll when trying to organize events or get feedback on something.
14. Schedule messages for best delivery times
This is an underrated feature with multiple use cases. For example: You might remember that you need to get in contact with someone, but it's late at night, and you don't want to disturb them. You can schedule a message for sometime in the morning or midday.
I've also found myself scheduling messages when I know that someone needs a reminder, or simply letting them know something at a time when I know they'll be available.
15. Add security with biometric authentication
Ever wish iMessage had Face ID/Touch ID? This is another area where Signal shines. You have the option to set your own passcode and have Signal lock itself before opening your messages. If you’re texting back and forth, this might not be necessary or might even be deemed an inconvenience.
16. Add account security with a PIN and registration lock
Signal's PIN helps you restore your account and keep your information encrypted. It can be alphanumeric, which allows for greater entropy (and thus higher security).
Do you have a SIM card PIN? You should. Signal’s registration lock functions similarly to a SIM card lock. Signal's registration lock prevents someone else from registering with Signal using your phone number.
So if someone were to spoof your phone number, or if you changed numbers recently and are worried about your carrier handing it to someone else, they would still need the registration lock that you set in order to use Signal using your phone number.
17. Relay your calls for added privacy protection
Signal’s relay call feature is something that really impressed me when I first began using Signal. Although some might find it unnecessary, Signal allows you to call any other Signal user through the app through a relay service.
If you turn this option on, it means that all of your calls will be relayed through a Signal server, which avoids revealing your IP address to your contact.
Some might find this feature is outside of their threat model, but it’s a good option to have, particularly if you have confidential conversations with contacts through Signal. It’s also particularly good if you don’t have a VPN.
18. Stay lean with conversation-wide disappearing chats
Not only are disappearing chats good for everyone's privacy, but they also prevent your phone storage from filling up on messages.
Setting up a disappearing time of 4 weeks is a solid benchmark that tends to work well.
19. Toggle typing indicators and read receipts
Some people like typing indicators, others don’t. With Signal, you have the option to toggle them on and off as you please.
Just as with typing indicators, you can toggle read receipts on or off as you wish. This is a fairly common option in other messengers, so it's nice to retain that on Signal. Configure it as you wish—it’s extremely easy to toggle on/off.
20. Easily transfer your Signal account to a new device
- Download Signal on your new device
- Tap on Transfer or restore account
- Follow the prompts on the screen
- Keep devices nearby as Signal transfers from your old device to your new one
21. Add anonymity by registering with a VoIP number
I don't have statistics to prove this, but I assume that most people don't have secondary phone numbers (although it's good practice to have one). However, if you do, you can use it to register with Signal.
The only thing Signal needs is a phone number that can receive calls or texts.
This is a helpful privacy feature because many services force you to doxx yourself and give them your "real" carrier-based phone number. Not Signal.
With Signal, you can use a VoIP-based number, or simply buy a prepaid phone and use that phone number with Signal.
22. Easily change phone numbers if/when necessary
Whether you use your carrier-based phone number or choose a VoIP number, it's incredibly straightforward to swap them out. Just choose Change phone number and follow the prompts.
What'll happen is that Signal will send a text to your new phone number to verify the change of ownership. That's it.
23. Filter by unread chats
If you're like many, you'll often open up an unread message, read it, and then forget to respond to it.
If you're someone who does mark the message as unread so you can respond later, or if you simply don't open the message until you're ready to respond, Signal has this great feature where you can see all of your unread chats at a glance.
24. Never miss a message with a desktop app for every operating system
If you use iMessage and you have a Mac, you likely enjoy the convenience of being able to respond to messages on your computer.
Signal has a desktop app that allows you to do exactly that. Except with Signal, it's even better, not just because your communications are secure, but because it's cross-platform.
This means that you and your contacts can communicate securely regardless of whether you're on macOS, Windows, or Linux.
It's also really flexible, allowing you to drag-and-drop files into it. Images can also be copied from it without needing to download the image first, which I always look for in software. It's always more convenient to be able to copy an image rather than having to download it, so I enjoy this feature. Not having to download also means less clutter on your hard drive.
25. Share your screen to communicate more visually
Even though Signal is primarily geared towards individuals, many teams use it for secure communication internally.
Businesses often have strict data and legal compliance requirements, so Signal is a no-brainer when it comes to the classic, "Let me share my screen..."
26. Control your notifications with profiles
In a world of endless distractions where everyone is fighting for your attention as you're plugged in 24/7, this is a feature that shouldn't fly under the radar.
27. Choose from tons of stickers packs, and even create your own
Signal Stickers is an unofficial repository that spices up your conversations with stickers you may not even know exist. From classic memes to super niche stickers, there's a sticker pack for everyone.
And if there isn't, you're free to create your own.
Just like every other form of communication on Signal, stickers are also end-to-end encrypted.
28. Edward Snowden uses it
If nothing else from this article makes sense or fails to push you over the edge security-wise, this should be what does it.
Do you have a higher threat model than what the U.S. once deemed public enemy number one? Unlikely.
Regardless of your personal feelings towards Edward Snowden, there's no denying that this is the ultimate endorsement for Signal.
- Web: hiram.io
- Rising Tide (blog): hiram.io/blog
- LinkedIn: @hiramfromthechi
- Twitter/X: @hiramfromthechi
- Medium: @hiramfromthechi
- Mastodon: @hiramfromthechi@mastodon.social