Signal, by Open Whisper Systems, is the gold standard for secure instant messengers. It uses the well reviewed axolotl ratchet, an improved and modernized version of Off The Record, itself is a much studied protocol.
The axolotl ratchet is the absolute best crypto messaging protocol publicly available. Open Whisper Systems is a privacy centric company and not driven by the profit motive. The Signal messenger is open source and has been audited. Yet, despite all this, I would still not recommend relying on Signal as your primary protection if you are facing a nation state adversary.
ELI5: The Axolotl Ratchet
The essential idea of the axolotl ratchet is that each message exchange between parties includes a key exchange for the next message. In this way each message is encrypted with a unique key giving the protocol “forward secrecy” which makes it much more robust against attack. The details are a lot more complicated like that, but the core idea is that each message has a new ephemeral key. This is very secure because stealing a single key is not sufficient to compromise all messages, unlike with e.g. PGP.
tl;dr: the axolotl ratchet means that basically each message is encrypted with a unique ephemeral key.
The Address Book is the Social Network
Open Whisper Systems uses your contacts database for contact discovery. Initially they were using a private protocol discovery protocol based on bloom filters, but they were unable to scale up as their user base grew. To preserve privacy they now offer only the claim that they don’t store any information.
the only thing we can do is write the server such that it doesn’t store the transmitted contact information, inform the user, and give them the choice of opting out.
In theory Open Whisper Systems is entirely capable of storing the contacts database and using it to build a detailed social network graph. Their servers receive the entire address book and can store it, although they claim not to.
Yo’ Metadata So Fat It Uses Google Earth To Take A Selfie
There are major problems with using any mobile phone based secure messenger (including Signal). Using a phone is a security risk. Mobile phones are extremely loud metadata spewing fountains vomiting forth a trail of your life’s activities. This is a short list of all of the identifiers that mobile phones expose, most of them passively:
- Specific location (home, place of work, etc.)
- Mobility pattern (from home, via commuter route, to work) — very unique, just 4 locations is enough to identify 90% of people.
- Paired mobility pattern with a known device (known as “mirroring”, when two or more devices travel together; including car telemetry!)
- Numbers dialed (who you call)
- Calls received (who calls you)
- Calling pattern (numbers dialed, for how long, how frequently)
- IMEI (mobile phone device ID)
- IMSI (mobile phone telco subscriber ID)
- Identifiers, e.g. names, locations
- Voice fingerprinting
In addition to all that metadata, there is additional metadata that is created by the Signal app itself.
The Map is the Territory
Mobile messengers create huge volumes of metadata spread out across multiple companies. This metadata clearly shows who talks to whom, at what time, and how much was said. Even if there is secure end to end encryption, there is no way to hide these actions from the parties involved. These parties include the ISP, the mobile OS vendor (Apple, or Google), and the app vendor.
- Your ISP knows you sent and/or received data from the Signal server. They know when and they know how much.
- Google (and/or Apple) know that the Signal app on a specific device received a notification, and at what time.
- Open Whisper Systems knows which device sent and received messages, at which time, and to whom.
- Open Whisper Systems know which device is registered to which phone number.
Anyone who has access to this collective information is easily able to map out social graphs (including identifying information such as phone numbers) as well as determine who was talking to whom, when, and how much. Accessing this metadata is simple for many nation states, using court orders, national security letters (many apps’ servers are hosted on Amazon’s cloud), or hacking.
This is true for all mobile messenger apps, including Wickr, Silent Circle, WhatsApp, LINE, Telegram, etc. Mobile messengers do not provide anonymity, the best they can offer is protecting message content.
The Metadata is the Message
For every messaging app built on mobile operating systems the supporting infrastructure is able to see the message traffic flows. This metadata is sufficient to conduct traffic analysis and build social network graphs. Strong encryption, and Signal has the best encryption available, only provides confidentiality. Mobile messenger apps provide no anonymity. Worse, the apps’ accounts and associated devices are frequently very strongly connected to a real personal identity through phone numbers.
Even using the most secure privacy conscious mobile messaging app — Signal — there’s still plenty of data for SIGINT.