Signal (software)

Signal is an encrypted instant messaging and voice call- collaborative Open Source project for the continued
ing application for Android and iOS. It uses the Internet development of TextSecure and RedPhone.[1][21]
to send one-to-one and group messages, which can include images and video messages, and make one-to-one
voice calls. Signal uses standard cellular mobile numbers 1.2 Open Whisper Systems (2013present)
as identiers and end-to-end encryption to secure all communications to other Signal users. The applications inSMSSecure
clude mechanisms by which users can independently verRedPhone
ify the identity of their messaging correspondents and the
TextSecure
Signal (Android)
integrity of the data channel. A Chrome app that can link
(c)
(b)
(a)
with a Signal client is also in development.
Signal (iOS)

Signal is developed by Open Whisper Systems. The

(d)
(e)
clients are published as free and open-source software
May
Jul
Mar
Feb
Nov
2010
2014
2015
2014
2015
under the GPLv3 license. The server code is partially published under the AGPLv3 license and partially
A timeline of the development of Signal. a) Addition of enproprietary.

1
1.1

crypted group chat and instant messaging capabilities to TextSecure. b) End of encrypted SMS/MMS messaging in TextSecure,
which prompted the creation of a fork. c) The Android version
of Signal was launched after RedPhone was merged into TextSecure. d) Signal for iOS was launched as a RedPhone counterpart
for iOS. e) Addition of encrypted group chat and instant messaging capabilities to the iOS version of Signal.

History
Background (20102013)

Signal is the successor of an encrypted voice calling

app called RedPhone and an encrypted texting program called TextSecure. The beta versions of RedPhone and TextSecure were rst launched in May 2010 by
Whisper Systems,[9] a startup company co-founded by security researcher Moxie Marlinspike and roboticist Stuart
Anderson.[10][11] Whisper Systems also produced a rewall and tools for encrypting other forms of data.[10][12]
All of these were proprietary enterprise mobile security
software and were only available for Android.

Open Whisper Systems website was launched in January

2013.[21]
In February 2014, Open Whisper Systems introduced the
second version of their TextSecure Protocol (now Signal
Protocol), which added end-to-end encrypted group chat
and instant messaging capabilities to TextSecure.[22] Toward the end of July 2014, Open Whisper Systems announced plans to unify its RedPhone and TextSecure
applications as Signal.[23] This announcement coincided
with the initial release of Signal as a RedPhone counterpart for iOS. The developers said that their next steps
would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client.[23] Signal
was the rst iOS app to enable easy, strongly encrypted
voice calls for free.[1][24] TextSecure compatibility was
added to the iOS application in March 2015.[25][26]

In November 2011, Whisper Systems announced that it

had been acquired by Twitter. The nancial terms of the
deal were not disclosed by either company.[13] The acquisition was done primarily so that Mr. Marlinspike could
help the then-startup improve its security.[14] Shortly after the acquisition, Whisper Systems RedPhone service
was made unavailable.[15] Some criticized the removal,
arguing that the software was specically targeted [to
help] people under repressive regimes and that it left
people like the Egyptians in a dangerous position during the events of the 2011 Egyptian revolution.[16]

From its launch in May 2010[9] until March 2015, the Android version of Signal (then called TextSecure) included
support for encrypted SMS/MMS messaging.[27] From
version 2.7.0 onward, the Android application only supported sending and receiving encrypted messages via the
data channel.[28] Reasons for this included security aws
of SMS/MMS and problems with the key exchange.[28]
Open Whisper Systems abandonment of SMS/MMS encryption prompted some users to create a fork named

Twitter released TextSecure as free and open-source

software under the GPLv3 license in December
2011.[10][17][18][19] RedPhone was also released under
the same license in July 2012.[20] Marlinspike later
left Twitter and founded Open Whisper Systems as a
1

LIMITATIONS

Silence (initially called SMSSecure[29] ) that is meant also opt into allowing Signal to fall back to unencrypted
solely for the exchange of encrypted SMS and MMS SMS/MMS when communicating with contacts who do
messages.[30][31]
not have Signal.[22]
In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for
Android.[32] A month later, Open Whisper Systems announced Signal Desktop, a Chrome app that can link with
a Signal client.[33] At launch, the app could only be linked
with the Android version of Signal.[34] On September
26, 2016, Open Whisper Systems announced that Signal Desktop could now be linked with the iOS version of
Signal as well.[35]

The Android version of Signal allows the user to set a

passphrase that encrypts the local message database and
the users encryption keys.[42] This does not encrypt the
users contact database or message timestamps.[42] The
user can dene a time period after which the application
forgets the passphrase, providing an additional protection mechanism in case the phone is lost or stolen.[41] On
iOS, the local message database is encrypted by the operating system if the user has a passphrase on their lock
On October 4, 2016, the American Civil Liberties Union screen.
(ACLU) and Open Whisper Systems published a series of Signal also allows users to set timers to messages.[43] Afdocuments revealing that OWS had received a subpoena ter a specied time interval, the messages will be deleted
requiring them to provide information associated with from both the senders and the receivers devices.[43] The
two phone numbers for a federal grand jury investiga- time interval can be between ve seconds and one week
tion in the rst half of 2016.[36][37][38] Only one of the long,[43] and the timer begins for each recipient once they
two phone numbers was registered on Signal, and be- have read their copy of the message.[44] The developers
cause of how the service is designed, OWS was only able have stressed that this is meant to be a collaborative feato provide the time the users account had been created ture for conversations where all participants want to auand the last time it had connected to the service.[37][36] tomate minimalist data hygiene, not for situations where
Along with the subpoena, OWS received a gag order re- your contact is your adversary.[43][44]
quiring OWS not to tell anyone about the subpoena for
one year.[36] OWS approached the ACLU, and they were
able to lift part of the gag order after challenging it in
court.[36] OWS said it was the rst time they had received
a subpoena, and that they were committed to treat any 3 Limitations
future requests the same way.[38]
Signal requires that the user has a phone number for
verication.[45] The number does not have to be the same
as on the devices SIM card; it can also be a VoIP
2 Features
number[45] or a landline as long as the user can receive
the verication code and have a separate device to set up
Signal allows users to call other Signal users on iOS and
the software. A number can only be registered to one
Android. All calls are made over a Wi-Fi or data connecdevice at a time.[45]
tion and with the exception of data fees are free of charge,
including long distance and international.[24] Signal also Signal also requires that the primary device is an Anallows users to send group, text, picture, and video mes- droid or iOS based smartphone with an Internet connecsages over a Wi-Fi or data connection to other Signal tion. A Chrome app that can link with a Signal client is
in development.[34]
users on iOS and on Android.
All communications to other Signal users are automatically end-to-end encrypted. The keys that are used to encrypt the users communications are generated and stored
at the endpoints (i.e. by users, not by servers).[39] Signal
also has built-in mechanisms for verifying that no manin-the-middle attack has occurred. For calls, Signal displays two words on the screen. If the words match on
both ends of the call, the call is secure.[24][40] For messages, Signal users can compare key ngerprints (or scan
QR codes) out-of-band.[41] The app employs a trust on
rst use mechanism in order to notify the user if a correspondents key changes.[41]
On Android, users can opt into making Signal the default
SMS/MMS application, allowing them to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages.[22] Users can

3.1 Android specic

Signals ocial Android client requires the proprietary
Google Play Services because the app is dependent on
Googles GCM push messaging framework.[46] As of
March 2015, Signals message delivery has been done by
Open Whisper Systems themselves and the client relies
on GCM only for a wakeup event.[47]
In May 2016, Signals lead developer Moxie Marlinspike
requested that LibreSignal, a fork that had removed the
GCM dependency, not use the Signal servers or the Signal name.[48] As a result, on 24 May 2016 the project
README stated the project was abandoned.[49]

5.2

Servers

Usability

In July 2016, the Internet Society published a user study

that assessed the ability of Signal users to detect and deter man-in-the-middle attacks.[50] The study concluded
that 21 out of 28 participants failed to correctly compare public key ngerprints in order to verify the identity of other Signal users, and that the majority of these
users still believed they had succeeded while in reality
they failed.[50]

5.2 Servers
Signal relies on centralized servers that are maintained
by Open Whisper Systems. In addition to routing Signals messages and calls, the servers also facilitate the discovery of contacts who are also registered Signal users
and the automatic exchange of users public keys. Open
Whisper Systems has set up dozens of servers to handle
the encrypted calls in more than 10 countries around the
world to minimize latency.[1]

5.2.1 Contact discovery

5
5.1

Architecture
Encryption protocols

Main articles: Signal Protocol and ZRTP

The servers store registered users phone numbers, public key material and push tokens which are necessary
for setting up calls and transmitting messages.[58] In order to determine which contacts are also Signal users,
cryptographic hashes of the users contact numbers are
periodically transmitted to the server.[59] The server then
checks to see if those match any of the SHA256 hashes
of registered users and tells the client if any matches are
found.[59] The hashed numbers are thereafter discarded
from the server.[58] Moxie Marlinspike has written that
it is easy to calculate a map of all possible hash inputs to
hash outputs and reverse the mapping because of the limited preimage space (the set of all possible hash inputs)
of phone numbers, and that practical privacy preserving
contact discovery remains an unsolved problem.[60][59]

Signal instant messages are encrypted with the Signal

Protocol (formerly known as the Axolotl protocol[51] ).
The protocol combines the Double Ratchet Algorithm,
prekeys, and a 3-DH handshake.[52] It uses Curve25519,
AES-256, and HMAC-SHA256 as primitives.[53]
The protocol provides condentiality, integrity,
authentication, participant consistency, destination
validation, forward secrecy, backward secrecy (aka
future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation,
and asynchronicity.[54] It does not provide anonymity
preservation, and requires servers for the relaying of 5.2.2 Metadata
messages and storing of public key material.[54]
The Signal Protocol also supports end-to-end encrypted All client-server communications are protected by
[57][61]
Once the server removes this layer of encrypgroup chats. The group chat protocol is a combina- TLS.
tion of a pairwise double ratchet and multicast encryp- tion, each message contains either the phone number of
[60]
This metadata
tion.[54] In addition to the properties provided by the one- the sender or the receiver in plaintext.
to-one protocol, the group chat protocol provides speaker could in theory allow the creation of a detailed overview
[60]
Sigconsistency, out-of-order resilience, dropped message on when and with whom users communicated.
resilience, computational equality, trust equality, sub- nals privacy policy states that these identiers are only
group messaging, as well as contractible and expandable kept on the servers as long as necessary in order to place
each call or transmit each message.[58] Open Whisper
membership.[54]
Systems have asserted that their servers do not keep logs
In October 2014, researchers from Ruhr University about who called whom and when.[62] In June 2016, MarBochum published an analysis of the Signal Protocol.[53] linspike told The Intercept that the closest piece of inforAmong other ndings, they presented an unknown key- mation to metadata that the Signal server stores is the last
share attack on the protocol, but in general, they found time each user connected to the server, and the precision
that it was secure.[55]
of this information is reduced to the day, rather than the
As of October 2016, the Signal Protocol has also been hour, minute, and second.[63]
implemented into WhatsApp, Facebook Messenger, and The group messaging mechanism is designed so that the
Google Allo, encrypting the conversations of more than servers do not have access to the membership list, group
a billion people worldwide.[56]
title, or group icon.[28] Instead, the creation, updating,
Signal voice calls are encrypted with SRTP and the ZRTP joining, and leaving of groups is done by the clients,
key-agreement protocol, which was developed by Phil which deliver pairwise messages to the participants in the
Zimmermann.[1][57]
same way that one-to-one messages are delivered.[64][65]

4
5.2.3

6 RECEPTION
Federation

Signals server architecture was federated between December 2013 and February 2016.
In December
2013, it was announced that the messaging protocol
that is used in Signal had successfully been integrated
into the Android-based open-source operating system
CyanogenMod.[66][67][68] Since CyanogenMod 11.0, the
client logic was contained in a system app called WhisperPush. According to Open Whisper Systems, the
Cyanogen team ran their own Signal messaging server for
WhisperPush clients, which federated with Open Whisper Systems Signal server, so that both clients could exchange messages with each-other.[68] The WhisperPush
source code was available under the GPLv3 license.[69]
In February 2016, the CyanogenMod team discontinued
WhisperPush and recommended that its users switch to
Signal.[70] In May 2016, Moxie Marlinspike wrote that
federation with the CyanogenMod servers degraded the
user experience and held back development, and that
Open Whisper Systems servers will probably not federate with other servers again.[48]

5.3

Licensing

The complete source code of the Signal clients for Android, iOS and Google Chrome are available on GitHub
under a free software license.[5][6][7] This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also
allows advanced users to compile their own copies of the
applications and compare them with the versions that are
distributed by Open Whisper Systems. In March 2016,
Moxie Marlinspike wrote that, apart from some shared
libraries that aren't compiled with the project build due
to a lack of Gradle NDK support, Signal for Android is
reproducible.[71]

forms. Signals predecessor (TextSecure) was briey included in the F-Droid software repository in 2012, but
was removed at the developers request because it was
an unveried build and exceptionally out of date. Open
Whisper Systems have subsequently said that they will
not support their applications being distributed through
F-Droid because it does not provide timely software updates, relies on a centralized trust model and necessitates
allowing the installation of apps from unknown sources
which harms Androids security for average users.[46] FDroid subverts the other distribution platforms decentralized trust model by often building and signing their own
packages, meaning F-Droid administrators or anyone else
with access could be compelled to push out malicious
updates to any application.[73] Additionally, the keys for
most applications in the main repository are stored on machines that are accessible from the Internet[76] (i.e. not
separated by an air gap), which Marlinspike asserts is an
unacceptable security risk.[77]

6 Reception
In October 2014, the Electronic Frontier Foundation
(EFF) included Signal in their updated surveillance
self-defense guide.[78] In November 2014, Signal received a perfect score on the EFFs secure messaging
scorecard;[39] it received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to
(end-to-end encryption), making it possible for users to
independently verify their correspondents identities, having past communications secure if the keys are stolen
(forward secrecy), having the code open to independent
review (open source), having the security designs welldocumented, and having a recent independent security
audit.[39] At the time, "ChatSecure + Orbot", Pidgin
(with OTR), Silent Phone, and Telegram's optional secret chats also received seven out of seven points on the
scorecard.[39]

The software that handles Signals message routing is

called TextSecure-Server and it is also open source.[8]
Open Whisper Systems does not ocially provide supOn December 28, 2014, Der Spiegel published slides
port for people to host their own servers.[72]
from an internal NSA presentation dating to June 2012 in
which the NSA deemed Signals encrypted voice calling
component (RedPhone) on its own as a major threat to
5.4 Distribution
its mission, and when used in conjunction with other priSignal is ocially distributed only through the Google vacy tools such as Cspace, Tor, Tails, and TrueCrypt was
Play store, Apples App Store, and the Chrome Web ranked as catastrophic, leading to a near-total loss/lack
Store. Applications distributed via Google Play are of insight to target communications, presence...[79][80]
signed by the developer of the application, and the Former NSA contractor Edward Snowden has endorsed
Android operating system checks that updates are signed Signal on multiple occasions.[33] In his keynote speech
with the same key, preventing others from distributing at SXSW in March 2014, he praised Signals predecesupdates that the developer themselves did not sign.[73][74] sors (TextSecure and RedPhone) for their ease-of-use.[81]
The same applies to iOS applications that are distributed During an interview with The New Yorker in October
via Apples App Store.[75]
2014, he recommended using anything from Moxie
Open Whisper Systems have declined requests to dis- Marlinspike and Open Whisper Systems.[82] During a
tribute the Android version of Signal as a separate APK remote appearance at an event hosted by Ryerson Unipackage binary or through third-party distribution plat- versity and Canadian Journalists for Free Expression in

5
March 2015, Snowden said that Signal is very good
and that he knew the security model.[83] Asked about encrypted messaging apps during a Reddit AMA in May
2015, he recommended Signal.[84][85] In November 2015,
Snowden tweeted that he used Signal every day.[32][86]
In September 2015, the American Civil Liberties Union
called on ocials at the U.S. Capitol to ensure that lawmakers and sta members have secure communications
technology.[87] One of the applications that the ACLU
recommended in their letter to the Senate Sergeant at
Arms and to the House Sergeant at Arms was Signal, writing:
One of the most widely respected encrypted communication apps, Signal, from
Open Whisper Systems, has received signicant nancial support from the U.S. government, has been audited by independent security
experts, and is now widely used by computer
security professionals, many of the top national
security journalists, and public interest advocates. Indeed, members of the ACLUs own
legal department regularly use Signal to make
encrypted telephone calls.[88]
Following the 2016 Democratic National Committee
email leak, Vanity Fair reported that Marc Elias, the general counsel for Hillary Clinton's presidential campaign,
had instructed DNC staers to exclusively use Signal
when saying anything remotely contentious or disparaging about Republican presidential nominee, Donald
Trump.[89][90]

Developers and funding

Main article: Open Whisper Systems

Signal is developed by a nonprot software group called
Open Whisper Systems.[91] The group is funded by a
combination of donations and grants, and all of its products are published as free and open-source software.

Comparison of VoIP software

Internet privacy
Secure communication

9 References
[1] Greenberg, Andy (29 July 2014). Your iPhone Can Finally Make Free, Encrypted Calls. Wired. Retrieved 18
January 2015.
[2] Open Whisper Systems (11 October 2016). Signal Private Messenger. Google Play. Google. Retrieved 11 October 2016.
[3] Open Whisper Systems (18 October 2016). Signal - Private Messenger. App Store. Apple. Retrieved 26 October 2016.
[4] Open Whisper Systems (21 October 2016). Signal Private Messenger. Chrome Web Store. Google. Retrieved
26 October 2016.
[5] Open Whisper Systems. Signal-iOS. GitHub. Retrieved 14 January 2015.
[6] Open Whisper Systems. Signal-Android. GitHub. Retrieved 5 November 2015.
[7] Open Whisper Systems. Signal-Desktop. GitHub. Retrieved 7 April 2016.
[8] Open Whisper Systems. TextSecure-Server. GitHub.
Retrieved 2 March 2014.
[9] Announcing the public beta. Whisper Systems. 25 May
2010. Archived from the original on 30 May 2010. Retrieved 22 January 2015.
[10] Garling, Caleb (20 December 2011). Twitter Open
Sources Its Android Moxie | Wired Enterprise. Wired.
Retrieved 21 December 2011.
[11] Company Overview of Whisper Systems Inc..
Bloomberg Businessweek. Retrieved 2014-03-04.
[12] Greenberg, Andy (2010-05-25). Android App Aims to
Allow Wiretap-Proof Cell Phone Calls. Forbes. Retrieved 2014-02-28.

As of October 2016, the project has received an unknown

amount of donations from individual sponsors via the [13] Cheredar, Tom (28 November 2011). Twitter acquires
Freedom of the Press Foundation.[92] Open Whisper SysAndroid security startup Whisper Systems. VentureBeat.
tems has received grants from the Knight Foundation,[93]
Retrieved 2011-12-21.
the Shuttleworth Foundation,[94] and the Open Technology Fund,[95] a U.S. government funded program that has [14] Yadron, Danny (9 July 2015). Moxie Marlinspike: The
Coder Who Encrypted Your Texts. The Wall Street Jouralso supported other privacy projects like the anonymity
nal. Retrieved 10 July 2015.
software Tor and the encrypted instant messaging app
Cryptocat.
[15] Greenberg, Andy (2011-11-28). Twitter Acquires
Moxie Marlinspikes Encryption Startup Whisper Systems. Forbes. Retrieved 2011-12-21.

See also
Comparison of instant messaging clients

[16] Garling, Caleb (28 November 2011). Twitter Buys Some

Middle East Moxie | Wired Enterprise. Wired. Retrieved 21 December 2011.

[17] Aniszczyk, Chris (20 December 2011). The Whispers Are True. The Twitter Developer Blog. Twitter.
Archived from the original on 24 October 2014. Retrieved 22 January 2015.
[18] TextSecure is now Open Source!". Whisper Systems. 20
December 2011. Archived from the original on 6 January
2012. Retrieved 22 January 2015.
[19] Pachal, Pete (2011-12-20). Twitter Takes TextSecure,
Texting App for Dissidents, Open Source. Mashable.
Retrieved 2014-03-01.
[20] RedPhone is now Open Source!". Whisper Systems. 18
July 2012. Archived from the original on 31 July 2012.
Retrieved 22 January 2015.
[21] A New Home. Open Whisper Systems. 2013-01-21.
Retrieved 2014-03-01.
[22] Donohue, Brian (24 February 2014). TextSecure Sheds
SMS in Latest Version. Threatpost. Retrieved 14 July
2016.
[23] Mimoso, Michael (29 July 2014). New Signal App
Brings Encrypted Calling to iPhone. Threatpost.
[24] Evans, Jon (29 July 2014). Talk Private To Me:
Free, Worldwide, Encrypted Voice Calls With Signal For
iPhone. TechCrunch. AOL.
[25] Lee, Micah (2015-03-02). You Should Really Consider Installing Signal, an Encrypted Messaging App for
iPhone. The Intercept. Retrieved 2015-03-03.
[26] Geuss, Megan (2015-03-03). Now you can easily send
(free!) encrypted messages between Android, iOS. Ars
Technica. Retrieved 2015-03-03.
[27] Open Whisper Systems (6 March 2015). Saying goodbye
to encrypted SMS/MMS. Retrieved 24 March 2016.
[28] Rottermanner et al. 2015, p. 3
[29] BastienLQ (20 April 2016). Change the name of
SMSSecure. GitHub (pull request). SilenceIM. Retrieved 27 August 2016.
[30] TextSecure-Fork bringt SMS-Verschlsselung zurck.
Heise (in German). 2 April 2015. Retrieved 29 July 2015.
[31] SMSSecure:
TextSecure-Abspaltung belebt SMSVerschlsselung wieder. Der Standard (in German). 3
April 2015. Retrieved 1 August 2015.
[32] Greenberg, Andy (2 November 2015). Signal, the
Snowden-Approved Crypto App, Comes to Android.
Wired. Cond Nast. Retrieved 19 March 2016.

REFERENCES

[35] Marlinspike, Moxie (26 September 2016). Desktop support comes to Signal for iPhone. Open Whisper Systems.
Retrieved 26 September 2016.
[36] Perlroth, Nicole; Benner, Katie (4 October 2016).
Subpoenas and Gag Orders Show Government Overreach, Tech Companies Argue. The New York Times.
The New York Times Company. Retrieved 4 October
2016.
[37] Kaufman, Brett Max (4 October 2016). New Documents Reveal Government Eort to Impose Secrecy on
Encryption Company (Blog post). American Civil Liberties Union. Retrieved 4 October 2016.
[38] Grand jury subpoena for Signal user data, Eastern District of Virginia. Open Whisper Systems. 4 October
2016. Retrieved 4 October 2016.
[39] Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014.
[40] Exactly how does Zfone and ZRTP protect against a manin-the-middle (MiTM) attack?". The Zfone Project. Retrieved 25 January 2015.
[41] Rottermanner et al. 2015, p. 5
[42] Rottermanner et al. 2015, p. 9
[43] Greenberg, Andy (11 October 2016). Signal, the
Cypherpunk App of Choice, Adds Disappearing Messages. Wired. Cond Nast. Retrieved 11 October 2016.
[44] Marlinspike, Moxie (11 October 2016). Disappearing
messages for Signal. Open Whisper Systems. Retrieved
11 October 2016.
[45] Kolenkina, Masha (20 November 2015). Will any phone
number work? How do I get a verication number?".
Open Whisper Systems. Retrieved 20 December 2015.
[46] Kolenkina, Masha (25 February 2016). Why do I need
Google Play installed to use Signal? How can I get Signal APK?". Open Whisper Systems. Archived from the
original on 2 April 2016. Retrieved 13 October 2016.
[47] Marlinspike, Moxie (6 March 2015). Saying goodbye
to encrypted SMS/MMS. Open Whisper Systems. Retrieved 20 December 2015.
[48] Edge, Jake (18 May 2016). The perils of federated protocols. LWN.net. Retrieved 5 July 2016.
[49] Le Bihan, Michel (24 May 2016). README.md.
GitHub. LibreSignal. Retrieved 27 August 2016.
[50] Schrder et al. 2016

[33] Franceschi-Bicchierai, Lorenzo (2 December 2015).

Snowdens Favorite Chat App Is Coming to Your Computer. Motherboard. Vice Media LLC. Retrieved 4 December 2015.

[51] Marlinspike, Moxie (30 March 2016). Signal on the outside, Signal on the inside. Open Whisper Systems. Retrieved 9 April 2016.

[34] Coldewey, Devin (7 April 2016). Nows your chance to

try Signals desktop Chrome app. TechCrunch. AOL Inc.
Retrieved 5 May 2016.

[53] Frosch et al. 2016

[52] Unger et al. 2015, p. 241

[54] Unger et al. 2015, p. 239

[55] Pauli, Darren. Auditors nd encrypted chat client

TextSecure is secure. The Register. Retrieved 4 November 2014.
[56] Moxie Marlinspike - 40 under 40. Fortune. Time Inc.
2016. Retrieved 6 October 2016.
[57] Marlinspike, Moxie (17 July 2012). Encryption Protocols. GitHub. Archived from the original on 5 September
2015. Retrieved 8 January 2016.
[58] Privacy Policy. Open Whisper Systems. n.d. Retrieved
6 September 2016.
[59] Moxie Marlinspike (3 January 2013). The Diculty Of
Private Contact Discovery. Open Whisper Systems. Retrieved 14 January 2016.
[60] Rottermanner et al. 2015, p. 4
[61] Frosch et al. 2016, p. 7

[74] Sign Your App. Android Studio. Google. Retrieved 13

October 2016.
[75] About Code Signing. Apple Developer. Apple. 13
September 2016. Retrieved 13 October 2016.
[76] Marlinspike, Moxie (16 October 2013). moxie0 commented Oct 16, 2013. GitHub. Retrieved 13 October
2016.
[77] Marlinspike, Moxie (21 October 2013). moxie0 commented Oct 21, 2013. GitHub. Retrieved 13 October
2016.
[78] Surveillance Self-Defense. Communicating with Others. Electronic Frontier Foundation. 2014-10-23.
[79] SPIEGEL Sta (28 December 2014). Prying Eyes: Inside the NSAs War on Internet Security. Der Spiegel.
Retrieved 23 January 2015.

[62] Brandom, Russell (29 July 2014). Signal brings painless

encrypted calling to iOS. The Verge. Retrieved 26 January 2015.

[80] Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can
be attacked and which not (PDF). Der Spiegel. 28 December 2014. Retrieved 23 January 2015.

[63] Lee, Micah (22 June 2016). Battle of the Secure Messaging Apps: How Signal Beats WhatsApp. The Intercept.
First Look Media. Retrieved 6 September 2016.

[81] Eddy, Max (11 March 2014). Snowden to SXSW: Heres

How To Keep The NSA Out Of Your Stu. PC Magazine: SecurityWatch. Retrieved 2014-03-16.

[64] Moxie Marlinspike (5 May 2014). Private Group Messaging. Open Whisper Systems. Retrieved 2014-07-09.

[82] The Virtual Interview: Edward Snowden - The New

Yorker Festival. YouTube. The New Yorker. 11 October
2014. Retrieved 24 May 2015.

[65] Moxie Marlinspike (24 February 2014). The New

TextSecure: Privacy Beyond SMS. Open Whisper Systems. Retrieved 26 February 2014.

[83] Cameron, Dell (6 March 2015). Edward Snowden tells

you what encrypted messaging apps you should use. The
Daily Dot. Retrieved 24 May 2015.

[66] Andy Greenberg (2013-12-09). Ten Million More Android Users Text Messages Will Soon Be Encrypted By
Default. Forbes. Retrieved 2014-02-28.

[84] Yuhas, Alan (21 May 2015). NSA surveillance powers

on the brink as pressure mounts on Senate bill as it happened. The Guardian. Retrieved 24 May 2015.

[67] Seth Schoen (2013-12-28). 2013 in Review: Encrypting the Web Takes A Huge Leap Forward. Electronic
Frontier Foundation. Retrieved 2014-03-01.

[85] Beauchamp, Zack (21 May 2015). The 9 best moments

from Edward Snowdens Reddit Q&A. Vox Media. Retrieved 24 May 2015.

[68] Moxie Marlinspike (2013-12-09). TextSecure, Now

With 10 Million More Users. Open Whisper Systems.
Retrieved 2014-02-28.

[86] Barrett, Brian (25 February 2016). Apple Hires Lead

Dev of Snowdens Favorite Messaging App. Wired.
Cond Nast. Retrieved 2 March 2016.

[69] CyanogenMod
(Jan
7,
2014).
android_external_whispersystems_WhisperPush.
GitHub. Retrieved Mar 26, 2015.

[87] Nakashima, Ellen (22 September 2015). ACLU calls for

encryption on Capitol Hill. The Washington Post. Nash
Holdings LLC. Retrieved 22 September 2015.

[70] Sinha, Robin (20 January 2016). CyanogenMod to

Shutter WhisperPush Messaging Service on February 1.
Gadgets360. NDTV. Retrieved 23 January 2016.

[88] Macleod-Ball, Michael W.; Rottman, Gabe; Soghoian,

Christopher (22 September 2015). The Civil Liberties
Implications of Insecure Congressional Communications
and the Need for Encryption (PDF). Washington, DC:
American Civil Liberties Union. pp. 56. Retrieved 22
September 2015.

[71] Marlinspike, Moxie (31 March 2016). Reproducible Signal builds for Android. Open Whisper Systems. Retrieved 31 March 2016.
[72] Kolenkina, Masha (22 November 2015). How can I host
my own server?". Open Whisper Systems. Retrieved 6
July 2016.
[73] Marlinspike, Moxie (12 February 2013). moxie0 commented Feb 12, 2013. GitHub. Retrieved 13 October
2016.

[89] Bilton, Nick (26 August 2016). How the Clinton Campaign Is Foiling the Kremlin. Vanity Fair. Cond Nast.
Retrieved 1 September 2016.
[90] Blake, Andrew (27 August 2016). Democrats warned
to use encryption weeks before email leaks. The Washington Times. The Washington Times, LLC. Retrieved 1
September 2016.

11

[91] Franceschi-Bicchierai, Lorenzo (18 November 2014).

WhatsApp messages now have Snowden-approved encryption on Android. Mashable. Retrieved 23 January
2015.
[92] Donate to Support Encryption Tools for Journalists.
Freedom of the Press Foundation. Retrieved 17 October
2016.
[93] TextSecure. Knight Foundation. Retrieved 5 January
2015.
[94] Moxie Marlinspike. Shuttleworth Foundation.
trieved 14 January 2015.

Re-

[95] Open Whisper Systems. Open Technology Fund. Retrieved 26 December 2015.

10

Literature

Frosch, Tilman; Mainka, Christian; Bader,

Christoph; Bergsma, Florian; Schwenk, Jrg; Holz,
Thorsten (March 2016). How Secure is TextSecure?.
2016 IEEE European Symposium on Security and
Privacy (EuroS&P). Saarbrcken, Germany: IEEE.
pp. 457472. doi:10.1109/EuroSP.2016.41. ISBN
978-1-5090-1752-2.
Retrieved 28 September
2016.
Rottermanner, Christoph; Kieseberg, Peter; Huber,
Markus; Schmiedecker, Martin; Schrittwieser, Sebastian (December 2015). Privacy and Data Protection in Smartphone Messengers (PDF). Proceedings of the 17th International Conference on Information Integration and Web-based Applications &
Services (iiWAS2015). ACM International Conference Proceedings Series. ISBN 978-1-4503-34914. Retrieved 18 March 2016.
Schrder, Svenja; Huber, Markus; Wind, David;
Rottermanner, Christoph (18 July 2016). When
Signal hits the Fan: On the Usability and Security
of State-of-the-Art Secure Mobile Messaging (PDF).
Proceedings of the 1st European Workshop on Usable Security (EuroUSEC 16). Darmstadt, Germany: Internet Society (ISOC). ISBN 1-89156245-2. Retrieved 29 August 2016.
Unger, Nik; Dechand, Sergej; Bonneau, Joseph;
Fahl, Sascha; Perl, Henning; Goldberg, Ian Avrum;
Smith, Matthew (2015). SoK: Secure Messaging
(PDF). Proceedings of the 2015 IEEE Symposium
on Security and Privacy. IEEE Computer Societys
Technical Committee on Security and Privacy. pp.
232249. doi:10.1109/SP.2015.22.

11

External links

Ocial website

EXTERNAL LINKS

How to: Use Signal for Android by the Electronic

Frontier Foundation
How to: Use Signal on iOS by the Electronic Frontier Foundation

12
12.1

Text and image sources, contributors, and licenses

Text

Signal (software) Source: https://en.wikipedia.org/wiki/Signal_(software)?oldid=746594738 Contributors: Chadlupkes, Rwalker, ViperSnake151, Vagary, A.sutton, NMaia, l, Beeblebrox, Niceguyedc, Yobot, AnomieBOT, Jim1138, Melmann, Dewritech, Kistano, Sbmeirow, Paride, BG19bot, Nodove, Fend4self, Dodi 8238, Dhruvalpatel1994, Spiderjerky, Orschiro, Tomasbortoli, Kjblwk, Deidgeej,
Mindamax and Anonymous: 29

12.2

Images

File:Commons-logo.svg Source: https://upload.wikimedia.org/wikipedia/en/4/4a/Commons-logo.svg License: CC-BY-SA-3.0 Contributors: ? Original artist: ?

File:Crypto_key.svg Source: https://upload.wikimedia.org/wikipedia/commons/6/65/Crypto_key.svg License: CC-BY-SA-3.0 Contributors: Own work based on image:Key-crypto-sideways.png by MisterMatt originally from English Wikipedia Original artist: MesserWoland
File:Folder_Hexagonal_Icon.svg Source: https://upload.wikimedia.org/wikipedia/en/4/48/Folder_Hexagonal_Icon.svg License: Cc-bysa-3.0 Contributors: ? Original artist: ?
File:Free_and_open-source_software_logo_(2009).svg Source: https://upload.wikimedia.org/wikipedia/commons/3/31/Free_and_
open-source_software_logo_%282009%29.svg License: Public domain Contributors: FOSS Logo.svg Original artist: Free Software Portal
Logo.svg (FOSS Logo.svg): ViperSnake151
File:Portal-puzzle.svg Source: https://upload.wikimedia.org/wikipedia/en/f/fd/Portal-puzzle.svg License: Public domain Contributors: ?
Original artist: ?
File:Sample_09-F9_protest_art,_Free_Speech_Flag_by_John_Marcotte.svg Source:
https://upload.wikimedia.org/wikipedia/
Public domain Contributors:
commons/f/fd/Sample_09-F9_protest_art%2C_Free_Speech_Flag_by_John_Marcotte.svg License:
Badmouth, (Archived link) Original artist: John Marcotte
File:Signal_Blue_Icon.png Source: https://upload.wikimedia.org/wikipedia/commons/4/4f/Signal_Blue_Icon.png License: Public domain Contributors: https://github.com/WhisperSystems/Signal-iOS/blob/master/Signal/iTunesArtwork%403x.png Original artist: Tyler
Reinhard
File:Signal_timeline.svg Source: https://upload.wikimedia.org/wikipedia/commons/b/bc/Signal_timeline.svg License: CC0 Contributors:
Own work Original artist: Dodi 8238
File:Telecom-icon.svg Source: https://upload.wikimedia.org/wikipedia/commons/4/4e/Telecom-icon.svg License: Public domain Contributors: Vectorized by User:Booyabazooka from original small PD raster image File:Telecom-icon.jpg Original artist: Vectorized by
User:Booyabazooka from original small PD raster image File:Telecom-icon.jpg
File:TextSecure_Blue_Icon.png Source: https://upload.wikimedia.org/wikipedia/commons/e/ec/TextSecure_Blue_Icon.png License:
Public domain Contributors: https://github.com/WhisperSystems/TextSecure/tree/master/artwork Original artist: Jake McGinty

12.3

Content license

Creative Commons Attribution-Share Alike 3.0