How Signal does security right.
![](/var/linux_magazin/storage/images/online/blogs/off-the-beat-bruce-byfield-s-blog/318120-13-eng-US/Off-the-Beat-Bruce-Byfield-s-Blog.png)
Off the Beat: Bruce Byfield's Blog
A couple of weeks ago, I was writing about Echo Whisper Systems' Signal, which encrypts voice and text messages for Android and iOS phones. Signal is an essential privacy tool, and has become a standard part of my installations. However, as I started using it, I quickly realized that Signal not only offers some useful functions, but is also a rare example of security added so that average users will actually use it.
In these days of anxiety, new security and privacy apps are popping up every few days. Most of them, however, do little to integrate into the desktop. All too typically, especially with distributions, they install a bunch of utilities, then leave users to figure them out for themselves. Many even offer several tools for the same purpose, with no hint about which is most appropriate for which circumstances. These apps may be suitable for expert users, but they fail to encourage new users to take precautions because they are too obscure and inconvenient.
Signal, by contrast, isn't like that. Unlike most of its rivals, Signal does just about everything to make itself no more complicated to use that a productivity app. For example:
1. Seamless integration: Signal is a drop-in replacement for your phone's existing apps. The phone may give scary warnings about the danger when you make the switch, but in my experience the replacement is seamless. The import of contacts takes a single step, and a single icon indicates when a conversation is encrypted. Similarly, although all parties must have Signal installed for an encrypted exchange, you can still use Signal to hold an unencrypted conversation.
2. Invisible operation: Many security and privacy applications require extra steps to use. Signal, though, hides the exchange of keys from users, making encrypted messages no more difficult than a regular one. This seems a necessary and much-needed feature to encourage users to practice security and privacy.
3. Signal Desktop: The desktop is optional, and in its current beta form, less complete than the phone interface. All the same, if you are using your phone near a laptop or a workstation, it offers the benefit of a larger screen and a full-sized keyboard. If, like me, you are often frustrated at how slow and error-prone texting from a phone can be, the desktop will come as much longed-for relief.
4. A lack of jargon: For example, instead of talking about encryption fingerprints, whose meaning is obscure and misleading for non-experts, Signal talks about safety numbers. Although such language is a break from security tradition, it goes a long way to demystifying security issues.
5. Clear, concise documentation for installation and basic use, including screen shots: Information could be added about less routine tasks, such as setting an expiry date on a message, but, once average users are up and running, they should be able to figure out the rest with a little experimentation.
6. Use of QR codes for verification: To most people, QR codes are a fancy way to link to a company web site that lurks in the bottom corner of apps. Signal, though, has actually made them usefl. It uses QR codes as a quick and simple way to verify links between users or a phone and Signal Desktop. As a bonus, QR codes are unreadable to humans, adding another level of encryption.
7. An improvement over existing apps: Even without encryption, Signal is better than the existing Android apps it replaces. Improvements include color coding of contacts, audio, and graphic attachments with a search function). In addition, Signal also does a better job of identifying where you are in the interface and what you are doing.
Here and there, these features could use enhancement. And perhaps not all of them are suitable for every security and privacy app. Still, Signal's designers have has grasped what many designers have not: The fact of security and privacy are not enough by themselves to encourage the use of an application, no matter how powerful.
As I have said many times, in a choice between convenience and security, convenience wins almost every time, no matter what the long-term consequences. What Echo Whisper Systems has realized is that for an encryption app to have any hope of being used, it must be at least as easy as an encryption-less equivalent.
Personally, I would like to see a bit more documentation built in, and the option for more advanced users to view what Signal is doing. But such minor points aside, Echo Whisper Systems is definitely heading in the right direction -- not just functionally, but in design as well. If only other developers take the time to learn from it, then one day security and privacy might be practiced as often as they are talked about.
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.