Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a midwestern-looking man in his 60s, asked for help. He couldn't figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.
Marlinspike launched Signal, widely considered the world's most secure end-to-end encrypted messaging app, nearly five years ago, and today heads the nonprofit Signal Foundation that maintains it. But the man on the plane didn't know any of that. He was not, in fact, trolling Marlinspike, who politely showed him how to enable airplane mode and handed the phone back.
"I try to remember moments like that in building Signal," Marlinspike told Wired in an interview over a Signal-enabled phone call the day after that flight. "The choices were making, the app we're trying to create, it needs to be for people who dont know how to enable airplane mode on their phone," Marlinspike says.
Marlinspike has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years—thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.
That new phase in Signal's evolution began two years ago this month. That's when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal's open-source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton had grown disaffected with what he saw as Facebook's attempts to erode WhatsApp's privacy.
Since then, Marlinspike's nonprofit has put Acton's millions—and his experience building an app with billions of users—to work. After years of scraping by with just three overworked full-time staffers, the Signal Foundation now has 20 employees. For years a bare-bones texting and calling app, Signal has increasingly become a fully featured, mainstream communications platform. With its new coding muscle, it has rolled out features at a breakneck speed: In just the last three months, Signal has added support for iPad, ephemeral images and video designed to disappear after a single viewing, downloadable customizable "stickers," and emoji reactions. More significantly, it announced plans to roll out a new system for group messaging, and an experimental method for storing encrypted contacts in the cloud.
"The major transition Signal has undergone is from a three-person small effort to something that is now a serious project with the capacity to do what is required to build software in the world today," Marlinspike says.
Many of those features might sound trivial. They certainly aren't the sort that appealed to Signal's earliest core users. Instead, they're what Acton calls "enrichment features." They're designed to attract normal people who want a messaging app as multifunctional as WhatsApp, iMessage, or Facebook Messenger but still value Signal's widely trusted security and the fact that it collects virtually no user data. "This is not just for hyperparanoid security researchers, but for the masses," says Acton. "This is something for everyone in the world."
Even before those crowd pleaser features, Signal was growing at a rate most startups would envy. When Wired profiled Marlinspike in 2016, he would confirm only that Signal had at least two million users. Today, he remains tightlipped about Signal's total user base, but it's had more than 10 million downloads on Android alone according to the Google Play Store's count. Acton adds that another 40 percent of the app's users are on iOS.
Its adoption has spread from Black Lives Matters and pro-choice activists in Latin Americato politicians and political aides—even noted technically incompetent ones like Rudy Giuliani—to NBA and NFL players. In 2017, it appeared in the hacker show Mr. Robot and political thriller House of Cards. Last year, in a sign of its changing audience, it showed up in the teen drama Euphoria.
Identifying the features mass audiences want isn't so hard. But building even simple-sounding enhancements within Signal's privacy constraints—including a lack of metadata that even WhatsApp doesn't promise–can require significant feats of security engineering, and in some cases actual new research in cryptography.
Take stickers, one of the simpler recent Signal upgrades. On a less secure platform, that sort of integration is fairly straightforward. For Signal, it required designing a system where every sticker "pack" is encrypted with a "pack key." That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decrypted stickers or even identify the Signal user who created or sent them.
Signal's new group messaging, which will allow administrators to add and remove people from groups without a Signal server ever being aware of that group's members, required going further still. Signal partnered with Microsoft Research to invent a novel form of "anonymous credentials" that let a server gatekeep who belongs in a group, but without ever learning the members' identities. "It required coming up with some innovations in the world of cryptography," Marlinspike says. "And in the end, its just invisible. Its just groups, and it works like we expect groups to work."
Signal is rethinking how it keeps track of its users' social graphs, too. Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal's servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that's meant to hide certain data even from the rest of the server's operating system.
That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. "Ill just say, this is something were thinkiRead More – Source