Monday, 21 March 2016

Signal #IPBill

Signal is a simple app for your phone - and you should install it and use it?

Why? well, for one simple reason it allows both iPhones and Android to message each other using data and not SMS or MMS. It also allows calls via data.

But the real reason is privacy - what you send and receive or say using signal is private.

It is free and literally took a matter of seconds to install and start using. It ties in to your phone number and contacts and just works.

But wait a second! Encryption is difficult because of validating keys. People have "key signing parties" for things like PGP email. How can you tell the person you are talking to is the person you think they are?

Well, signal actually makes that easy too - you can easily, when you meet someone, point your phone at their screen and it reads a fingerprint of their key and checks it matches. If ever it changes later the phone will tell you that there is a problem.

They make privacy simple, and the Investigatory Powers Bill has nothing in it to allow snooping on your texts and calls in the network, when using Signal. It does not outlaw using Signal either (would be hard to without outlawing https for access to banks too). As worded now it could try to order this non UK company to put in a back door, and they are pretty guaranteed to tell them to sod off. The source code is available and inspectable so even if they were compelled to comply it would be obvious.

You can even secure the message archive in the phone independently to any encryption the phone offers.

So, download, install and use Signal - why not?

As used by members of the House of Lords to protect their privacy...

7 comments:

  1. I have it. At this point I don't know enough other people who use it though.

    Did the government not anticipate extra-jurisdictional encryption services within the IPBill then :-)

    Something sadly quixotic about such expensively educated and entitled people tilting at mathematical windmills in the hope that all of a sudden 2+2 !=4

    ReplyDelete
    Replies
    1. Extra-jurisdictional encryption services will be illegal, and therefore added to the national firewall. First they came for the pirates...

      Delete
    2. It will not help - such services simply have to be written/controlled outside UK, the actual operation can work without using specific service points. E.g. one could end-to-end encrypt and then use email or even SMS as a transport mechanism if done right. It is all about apps with ease of use.

      Delete
  2. It will be secure right up to the point the US courts force Apple to build a keylogger into iOS :(

    ReplyDelete
  3. I've tried using Signal on iPhone for about six months. I had to stop using it as its not totally reliable. The problem I had was I could send a message, it would indicate it was sent but the recipient never gets it, or it arrives days later. Really caused me problems with the wife, apparently I was ignoring her! Lol

    ReplyDelete
  4. Did you deliberately not mention whatsapp?

    ReplyDelete