Signal Privacy Review

Signal can be used out-of-the-box with almost no impact to your privacy. Other users can discover whether or not you’re using Signal by inputting your phone number, but you’re presented with the option to turn this off during onboarding.

It might jump out at you that link previews are enabled by default, but Signal handles the issue of preview links exposing your IP elegantly. For popular websites such as Youtube and Instagram, Signal creates a proxy connection directly to the website that’s been linked to you. The rest of the connection is then handled by TLS between your device and the website.

Your IP isn’t exposed because Signal is proxying your request, but Signal can’t read the URL you’re accessing because it’s encrypted.

The only real issue we have is that the IP Relay for calls defaults to only protecting your IP against users who aren’t in your contact book. You can turn this on for all VoIP calls made to your device, but it will impact the quality of your call.

Signal asks for very little of your data by default – essentially, it’s just your phone number. Everything else, Signal doesn’t want to know about. If you’re not comfortable handing over your number, you should consider a different service. In the past, Signal has complied with US court orders by confirming whether a phone number is associated with a Signal user, and when that user last logged on.

To date, Signal hasn’t run into the same privacy controversies that have plagued other instant messaging services. It’s managed by the Signal Foundation, a non-profit based in the US which handles day-to-day development through a subsidiary, Signal Messenger LLC.

Signal’s funding comes through donations. These donors tend to remain anonymous, although we know that former WhatsApp co-founder Brian Action has loaned the Signal Foundation over $100 million dollars to fund Signal’s long term growth and development.

So far, so good. However, it’s worth clearing up some misconceptions regarding Signal after several chats between high-level national security advisors in the US were leaked to the press.

At no point was Signal’s actual security compromised. The story only came about after Mike Waltz accidentally invited Jeffrey Goldberg, editor-in-chief of The Atlantic, to a secure group chat used to discuss national security issues.

Yes, you’re reading that right. If you’ve ever been embarrassed by inviting someone you shouldn’t have to the group chat, don’t worry – Mike Waltz definitely has you beat. There’s an important lesson to take away from this though: you can be using the most secure privacy-first messaging app in the world, but if you can’t trust the people you’re texting it doesn’t really matter.

Although Signal has not been cleared for use by the Department of Defense, many of the concerns relating to its usage stem from proper adherence to long-term data archiving for FOIA requests. In fact, CIA Director John Ratcliffe testified that Signal is actively used by the CIA for day-to-day operations.

According to the Signal privacy policy, any data you provide to Signal other than your phone number is secured using end-to-end encryption. Although some data is temporarily stored by Signal’s servers until it can be delivered to your device, the nature of the encryption used means that Signal employees cannot view your message content or metadata.

While some data is provided to third party technology companies such as Google and Meta to access services these firms provide, such as sending the text you type in to find a .gif through GIPHY or requesting location services through Google Maps, Signal has taken steps to ensure that these requests expose the minimal amount of data necessary, including masking your IP.

However, Signal has begun selling a cloud backup service to facilitate transfers of large amounts of data between old and new devices. According to Signal, it uses the same technology stack used to temporarily hold messages on Signal’s servers before they can be delivered to a device.

Almost every aspect of the app uses end-to-end encryption. Signal doesn’t just encrypt your messages, it encrypts your contacts list, your attachments, even the profile picture you upload. It’s also fully open source at both the client and server level, so if you don’t trust the Signal foundation’s servers you can run your own.

In addition to encrypting the contents of a message, Signal also reduces the amount of metadata available to an adversary by obscuring who the message is from using a technology called “Sealed Sender”. When a Signal message is sent, only the delivery address is visible.

The biggest issue with Signal is that it requires a phone number to register an account, even if you’re just using the desktop version. Asking Signal to hand over the data it holds on you shows that the phone number you’re using is associated with each device you’ve used to log into Signal.

As a result, Signal must hand this information over when requested to by U.S. law enforcement. The scope of what an investigator could learn is limited, but at the bare minimum they would be able to confirm when you last connected to the service.

While most of Google’s analytics are turned off in the Signal app, it still uses the Google Maps API to handle location data. Calls to Google Maps turn over a bunch of metadata, including the IP you’re connecting from. For a project that’s so invested in privacy, it’s surprising that Signal doesn’t use an open source alternative such as Open Street Map.

There’s just a few tweaks you’ll need to make to Signal to keep your data safe.

First of all, if you’re using Signal to back up your settings between devices, you’ll be asked to input a pin to keep your data from falling into the wrong hands. Make sure you use a strong alphanumeric password here – Signal does some fancy stuff with secure enclaves to reduce the risk of brute forcing, but better safe than sorry.

You’ll also want to make sure you’ve enabled the authentication lock, which requires your pin code if another user tries to register a Signal account using your phone number on a new device.

For an extra layer of security, you can set up Signal to require your device authentication before the app will open.

Nuclear Option: You can delete your entire account by heading to the Signal mobile app. Tap your profile and head to > Settings > Account > Delete Account. Once there, enter your Signal number and hit Delete Account.

Please note: Deleting your Signal Desktop install will not remove your data from the Signal servers, as you need to use the app from a registered mobile device to complete the process.

Deleting your account does not remove the messages you’ve sent to other contacts. If it’s been more than 24 hours since you’ve sent a message, you cannot remove it.

You can register with a SIM that isn’t tied to your personal identity and using a trustworthy VPN or Tor adds a bit of extra anonymity into the mix. If you want to stay off Signal altogether, you can use a bridge from Matrix to communicate with Signal users without entering your phone number.

If you're looking for an alternative, you’re only going to get a side-grade in privacy depending on the threat model you’re worried about.

Don’t want your messages being sent over the internet at all? Briar supports true P2P sneaker-net style messaging for one-to-one chats and forums using local protocols to send posts back and forth. Essentially, when you get into bluetooth range, you’re synchronized with all the relevant Briar users you’ve accepted.

Uncomfortable with the amount of centralized trust required to use Signal? Matrix uses a decentralized model to send messages over a network of nodes that works similarly to Tor.

Both alternatives don’t require a phone number, either.