How Signal does security right.

Off the Beat: Bruce Byfield's Blog
A couple of weeks ago, I was writing about Echo Whisper Systems' Signal, which encrypts voice and text messages for Android and iOS phones. Signal is an essential privacy tool, and has become a standard part of my installations. However, as I started using it, I quickly realized that Signal not only offers some useful functions, but is also a rare example of security added so that average users will actually use it.
In these days of anxiety, new security and privacy apps are popping up every few days. Most of them, however, do little to integrate into the desktop. All too typically, especially with distributions, they install a bunch of utilities, then leave users to figure them out for themselves. Many even offer several tools for the same purpose, with no hint about which is most appropriate for which circumstances. These apps may be suitable for expert users, but they fail to encourage new users to take precautions because they are too obscure and inconvenient.
Signal, by contrast, isn't like that. Unlike most of its rivals, Signal does just about everything to make itself no more complicated to use that a productivity app. For example:
1. Seamless integration: Signal is a drop-in replacement for your phone's existing apps. The phone may give scary warnings about the danger when you make the switch, but in my experience the replacement is seamless. The import of contacts takes a single step, and a single icon indicates when a conversation is encrypted. Similarly, although all parties must have Signal installed for an encrypted exchange, you can still use Signal to hold an unencrypted conversation.
2. Invisible operation: Many security and privacy applications require extra steps to use. Signal, though, hides the exchange of keys from users, making encrypted messages no more difficult than a regular one. This seems a necessary and much-needed feature to encourage users to practice security and privacy.
3. Signal Desktop: The desktop is optional, and in its current beta form, less complete than the phone interface. All the same, if you are using your phone near a laptop or a workstation, it offers the benefit of a larger screen and a full-sized keyboard. If, like me, you are often frustrated at how slow and error-prone texting from a phone can be, the desktop will come as much longed-for relief.
4. A lack of jargon: For example, instead of talking about encryption fingerprints, whose meaning is obscure and misleading for non-experts, Signal talks about safety numbers. Although such language is a break from security tradition, it goes a long way to demystifying security issues.
5. Clear, concise documentation for installation and basic use, including screen shots: Information could be added about less routine tasks, such as setting an expiry date on a message, but, once average users are up and running, they should be able to figure out the rest with a little experimentation.
6. Use of QR codes for verification: To most people, QR codes are a fancy way to link to a company web site that lurks in the bottom corner of apps. Signal, though, has actually made them usefl. It uses QR codes as a quick and simple way to verify links between users or a phone and Signal Desktop. As a bonus, QR codes are unreadable to humans, adding another level of encryption.
7. An improvement over existing apps: Even without encryption, Signal is better than the existing Android apps it replaces. Improvements include color coding of contacts, audio, and graphic attachments with a search function). In addition, Signal also does a better job of identifying where you are in the interface and what you are doing.
Here and there, these features could use enhancement. And perhaps not all of them are suitable for every security and privacy app. Still, Signal's designers have has grasped what many designers have not: The fact of security and privacy are not enough by themselves to encourage the use of an application, no matter how powerful.
As I have said many times, in a choice between convenience and security, convenience wins almost every time, no matter what the long-term consequences. What Echo Whisper Systems has realized is that for an encryption app to have any hope of being used, it must be at least as easy as an encryption-less equivalent.
Personally, I would like to see a bit more documentation built in, and the option for more advanced users to view what Signal is doing. But such minor points aside, Echo Whisper Systems is definitely heading in the right direction -- not just functionally, but in design as well. If only other developers take the time to learn from it, then one day security and privacy might be practiced as often as they are talked about.
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News
-
LibreOffice 25.2 Has Arrived
If you've been hoping for a release that offers more UI customizations, you're in for a treat.
-
TuxCare Has a Big AlmaLinux 9 Announcement in Store
TuxCare announced it has successfully completed a Security Technical Implementation Guide for AlmaLinux OS 9.
-
First Release Candidate for Linux Kernel 6.14 Now Available
Linus Torvalds has officially released the first release candidate for kernel 6.14 and it includes over 500,000 lines of modified code, making for a small release.
-
System76 Refreshes Meerkat Mini PC
If you're looking for a small form factor PC powered by Linux, System76 has exactly what you need in the Meerkat mini PC.
-
Gnome 48 Alpha Ready for Testing
The latest Gnome desktop alpha is now available with plenty of new features and improvements.
-
Wine 10 Includes Plenty to Excite Users
With its latest release, Wine has the usual crop of bug fixes and improvements, along with some exciting new features.
-
Linux Kernel 6.13 Offers Improvements for AMD/Apple Users
The latest Linux kernel is now available, and it includes plenty of improvements, especially for those who use AMD or Apple-based systems.
-
Gnome 48 Debuts New Audio Player
To date, the audio player found within the Gnome desktop has been meh at best, but with the upcoming release that all changes.
-
Plasma 6.3 Ready for Public Beta Testing
Plasma 6.3 will ship with KDE Gear 24.12.1 and KDE Frameworks 6.10, along with some new and exciting features.
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.