When we can, let’s use Signal instead of WhatsApp.

(Post updated on August 25, 2016. See section at the end.)

Screenshot of Signal.
Signal, the open source messaging and voice calling app that does end-to-end encryption.

The whole world is using WhatsApp to message each other. I often do too, because I want to inter-operate with the rest of the world.

However, WhatsApp belongs to Facebook.

Although Facebook has promised otherwise, the temptation to link all of your WhatsApp messages with Facebook logins (a straight-forward process, as they have the mobile phone numbers of a great number of their users) must be quite tempting to the people at Facebook. Imagine how well they would then be able to target their advertising, based on their access to both your Facebook profile and your private WhatsApp messages!

Fortunately, we now have an open source app, called Signal (available on Android, IOS and the desktop), which performs end-to-end encryption on all messages and voice calls that go through it. This means that absolutely no-one is able to read your messages or eavesdrop on your voice calls, except the intended recipients.

My request is that you get your contacts to install and start using Signal instead of WhatsApp wherever possible. At the very least some of our messages will not be accessible to various large corporations and any other prying eyes. If the security argument is not enough for you, there is one more extremely important topic: Signal handles animated gifs better than WhatsApp, at least on Android. (Telegram supports them on both Android on IOS, but it is by default less secure than Signal). See here the results of my experiments:

Updates

On August 25, 2016, The Verge reported that WhatsApp will now officially begin sharing data with Facebook. They will indeed link up telephone numbers and social networks, meaning that both parties will get a tremendous boost in what they know about you. I don’t want to say I told you so, but I told you so. ;)

17 thoughts on “When we can, let’s use Signal instead of WhatsApp.”

    1. That just means you’re the most security conscious hipster in your network! :P You could try gently persuading the people you like to message with of the advantages of Signal over WhatsApp.

      I started with about half a screen of contacts, now at almost two screens.

  1. Your Signal app seems cool. But the problem with it that practically no one uses it. Social Media is all about users and as WhatsApp has such a large number of users base, it will be difficult to replace it.

  2. Signal also the advantage of being able to send a standard SMS where your contact does not have Signal installed. I must confess though that I have a slight discomfort with using these encrypted services for fear of who I am rubbing shoulders with (miscreants who might also be attracted to encrypted services for the wrong reasons).

    1. That’s yet another reason why we “normal” people have to use encryption whenever we can.

      Giving up something as important as privacy due to the few bad apples who also use it would be setting an incredibly bad precedent. Your privacy is one of the most important mechanisms protecting you against potentially bad actors the world over.

      1. Well said Charl: I started “private” messaging on What’s Up, moved to Telegram and after learning that Ed Snowden recommended Signal, made my final hopeful switch. Works very well and I’m slowly moving my friends to Signal. I get a lot of push-back with die hard WU users so I am waiting for another whistle blower at Facebook, Google or NSA to make the next jaw dropping announcement that all the non-Signal customers have been seriously hacked.

  3. The move to Signal from WhatsApp is complete. Whatsapp uninstalled. Those I left behind wondering why? Those on Signal clearly appreciate FB is a complete waste of internet resources for the most part. I will never give data to FB and supportv their personal data combine harvester machine. Time to say ‘no’ to Zuckerberg and his propaganda machine and protect our kids from his unpoliced unsocial network.

    1. Wow, well done!

      I still have too many groups of family and friends on WhatsApp where it’s important for me to participate and hard to get everyone over on Signal. I do keep on trying. :)

  4. I believe here in Europe some Data Protection Commissions have asked FB to hold off on the sharing ? On a side note isn’t it a bit ironic that WhatsApp and FB messenger are using the Signal protocol in their messaging apps ?

    1. I think it’s really great that more people (a billion+ WhatsApp users!!) are now using end-to-end encryption, with many of them not even aware of this.

      However, Signal is still to be preferred, purely because you can’t always be sure what the closed-source WhatsApp app might be doing to the E2E encryption. It could for example be using an extra key in some cases.

      At least with Signal, the code has been audited, and it is open source, so it gets slightly harder for this type of shenanigans to happen.

  5. Using Signal instead of WhatsApp is a good idea, certainly. But not he best one. Why? With migrating to Signal you move from one walled garden to annother. And besides this Signal is deeply woven into the Google ecosphere. You can’t use it without Google Play/Google Services Framework on your Android device – so I’m bound to proprietary spyware in order to communicate in privacy, sounds silly, doesn’t it?. The desktop version of Signal is just an extension of Google’s Chrome browser. And when I applied for the beta test of it, they even didn’t ask me for my e-mail address but for my Googlemail address.
    Don’t get me wrong, Signal uses sound crypto, but like this it comes with a fishy flavour. So let me move forward with my humble proposal: use XMPP (Jabber) plus it’s cryptographic extension OMEMO instead. There is no walled garden (and therefore no single point of failure of the underlying infrastructure), you can choose one of hundreds of XMPP-Servers worldwide, just like you can choose one of many SMTP servers when it comes to e-mail services. You are also free in the choice of your client. I would recommend Conversations for Android devices (conversations.im), and Gajim plus the OMEMO plugin for the desktop (https://gajim.org/?lang=en). The best choice für iPhone users will be Chatsecure (https://chatsecure.org/) which was published in beta just two weeks ago.
    XMPP with OMEMO encryption (which is a derivate of the Signal protocol) doesn’t only give you reliable e2e encryption for your communication but also the freedom of an open unrestricted ecosphere. Why not give it a try?

    1. I understand your concerns. However, we need something that will appeal to and work easily for a few billion smartphone users (Android + iOS), which means compromises are required.

      Even Signal, as a user-friendly transparent encryption app, is having trouble getting traction. Suggesting something that is significantly more complex has an even smaller chance of succeeding.

      1. Well, you are definitely right, we have to compromise. If we found the holy grail of private encryption and nobody would or could reach out for it, it wouldn’t help. On the other side there is a german proverb which says “The way to hell is paved with good intentions” and I’m afraid that Signal’s lead developer Moxie Marlinspike went this way almost to it’s end by now. When he helped WhatsApp implementing the Signal protocol he did it for the sake of popularizing e2e encryption. When he assisted Google in implementing it in their messenger Allo he probably did it for the same reason. But for me the first – embedding an encryption protocol under GPL license in proprietary software – is not acceptable. And the second – cooperating with Google on an messenger which sends messages unencrypted by default – is just sabotage against privacy.

        For some time I recommended Signal nevertheless because there was some sort of choice. You could install LibreSignal, a fork of the app which comes without the dependency on Google Software and Google’s services. But lately Moxie began to fight LibreSignal and made clear that he would exclude users of LibreSignal from the traffic of his server. So the developers of LibreSignal asked kindly for federation: they would set up their own server and just asked for permission to interchange messanges. Moxies answer: No way! He just wants to be the king of his castle.

        So now I go on using LibreSignal as long as it lasts and then I’m out. (But I never would condemn anybody for using Signal for sure, after all it’s better than WhatsApp.)

  6. I installed the signal app and created account. I at least want to start my family moving from Whatsapp to signal but how to persuade them as using Whatsapp is like they were born with that habit. Suggestions?

  7. I moved from Whatsapp to Signal 6 months ago for the same (security) reason. Non of my friends use it except me and my husband which is good enough for security and privacy reason. Then I re-installed Whatsapp on my old backup phone, removing my SIM card after registration. That way I can still keep Whatsapp for connections with my social friends while on WiFi. My signature line on Whatsapp is “Not using Whatsapp much…I use Signal”. So far so good.

Leave a Reply

Your email address will not be published. Required fields are marked *