How Signal does security right.

Off the Beat: Bruce Byfield's Blog

Dec 21, 2016 GMT
Bruce Byfield

A couple of weeks ago, I was writing about Echo Whisper Systems' Signal, which encrypts voice and text messages for Android and iOS phones. Signal is an essential privacy tool, and has become a standard part of my installations. However, as I started using it, I quickly realized that Signal not only offers some useful functions, but is also a rare example of security added so that average users will actually use it.

In these days of anxiety, new security and privacy apps are popping up every few days. Most of them, however, do little to integrate into the desktop. All too typically, especially with distributions, they install a bunch of utilities, then leave users to figure them out for themselves. Many even offer several tools for the same purpose, with no hint about which is most appropriate for which circumstances. These apps may be suitable for expert users, but they fail to encourage new users to take precautions because they are too obscure and inconvenient.

Signal, by contrast, isn't like that. Unlike most of its rivals, Signal does just about everything to make itself no more complicated to use that a productivity app. For example:

1. Seamless integration: Signal is a drop-in replacement for your phone's existing apps. The phone may give scary warnings about the danger when you make the switch, but in my experience the replacement is seamless. The import of contacts takes a single step, and a single icon indicates when a conversation is encrypted. Similarly, although all parties must have Signal installed for an encrypted exchange, you can still use Signal to hold an unencrypted conversation.

2. Invisible operation: Many security and privacy applications require extra steps to use. Signal, though, hides the exchange of keys from users, making encrypted messages no more difficult than a regular one. This seems a necessary and much-needed feature to encourage users to practice security and privacy.

3. Signal Desktop: The desktop is optional, and in its current beta form, less complete than the phone interface. All the same, if you are using your phone near a laptop or a workstation, it offers the benefit of a larger screen and a full-sized keyboard. If, like me, you are often frustrated at how slow and error-prone texting from a phone can be, the desktop will come as much longed-for relief.

4. A lack of jargon: For example, instead of talking about encryption fingerprints, whose meaning is obscure and misleading for non-experts, Signal talks about safety numbers. Although such language is a break from security tradition, it goes a long way to demystifying security issues.

5. Clear, concise documentation for installation and basic use, including screen shots: Information could be added about less routine tasks, such as setting an expiry date on a message, but, once average users are up and running, they should be able to figure out the rest with a little experimentation.

6. Use of QR codes for verification: To most people, QR codes are a fancy way to link to a company web site that lurks in the bottom corner of apps. Signal, though, has actually made them usefl. It uses QR codes as a quick and simple way to verify links between users or a phone and Signal Desktop. As a bonus, QR codes are unreadable to humans, adding another level of encryption.

7. An improvement over existing apps: Even without encryption, Signal is better than the existing Android apps it replaces. Improvements include color coding of contacts, audio, and graphic attachments with a search function). In addition, Signal also does a better job of identifying where you are in the interface and what you are doing.

Here and there, these features could use enhancement. And perhaps not all of them are suitable for every security and privacy app. Still, Signal's designers have has grasped what many designers have not: The fact of security and privacy are not enough by themselves to encourage the use of an application, no matter how powerful.

As I have said many times, in a choice between convenience and security, convenience wins almost every time, no matter what the long-term consequences. What Echo Whisper Systems has realized is that for an encryption app to have any hope of being used, it must be at least as easy as an encryption-less equivalent.

Personally, I would like to see a bit more documentation built in, and the option for more advanced users to view what Signal is doing. But such minor points aside, Echo Whisper Systems is definitely heading in the right direction -- not just functionally, but in design as well. If only other developers take the time to learn from it, then one day security and privacy might be practiced as often as they are talked about.

comments powered by Disqus

Issue 35: 101 Cool Linux Hacks/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News