Signal

From WikiCorporates
Revision as of 20:27, 30 November 2018 by GrayanOne (talk | contribs)
Jump to navigation Jump to search

Signal is an encrypted communications app for Android and iOS. A desktop version is also available for Linux, Windows, and macOS. It uses the Internet to send one-to-one and group messages, which can include files, voice notes, images and videos, and make one-to-one voice and video calls.
Signal uses standard cellular mobile numbers as identifiers, and uses end-to-end encryption to secure all communications to other Signal users. The applications include mechanisms by which users can independently verify the identity of their messaging correspondents and the integrity of the data channel. (WP)

Signal allows users to make voice and video[15] calls to other Signal users on iOS and Android. All calls are made over a Wi-Fi or data connection and (with the exception of data fees) are free of charge, including long distance and international.[34] Signal also allows users to send text messages, files,[14] voice notes, pictures, GIFs,[53] and video messages over a Wi-Fi or data connection to other Signal users on iOS, Android and a desktop app. The apps also support group messaging. All communications to other Signal users are automatically end-to-end encrypted. The keys that are used to encrypt the user's communications are generated and stored at the endpoints (i.e. by users, not by servers).[54]

Signal requires that the user provides a phone number for verification,[62] eliminating the need for user names or passwords and facilitating contact discovery (see below).[63] This mandatory connection to a phone number (a feature Signal shares with Whatsapp) has been criticized as a "major issue" for privacy-conscious users who are not comfortable with giving out their private phone number, and as creating security risks that arise from the possibility of an attacker taking over a phone number.[63] The option to register with an email address instead of a phone number is a widely requested feature, which as of early 2018 has not been implemented yet.[63][64] A workaround is to use a secondary phone number.[63] Also, the number does not have to be the same as on the device's SIM card; it can also be a VoIP number[62] or a landline as long as the user can receive the verification code and have a separate device to set up the software. Signal also requires that the primary device be an Android or iOS based smartphone with an Internet connection. A desktop app that can link with a Signal mobile client is also available.[8]

Signal is officially distributed through the Google Play store, Apple's App Store, and the official website. Applications distributed via Google Play are signed by the developer of the application, and the Android operating system checks that updates are signed with the same key, preventing others from distributing updates that the developer themselves did not sign.[105][106] The same applies to iOS applications that are distributed via Apple's App Store.[107] As of March 2017, Open Whisper Systems provides a way to download the Android version of Signal as a separate APK package binary from their website.[108]

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars.ref


Who xxx

Riddle Quiet Ventures, which also operates under the name Open Whisper Systems, is located in Mountain View, California. This organization primarily operates in the Computer Software Development business / industry within the Business Services sector. This organization has been operating for approximately 6 years. Riddle Quiet Ventures is estimated to generate $62,200 in annual revenues, and employs approximately 1 people at this single location. ref

Riddle Quiet Ventures LLC 650 Castro Street, Mountain View, California 94041-2055 USA. Tel: (415) 267-1806 http://www.hoovers.com/company-information/cs/company-profile.riddle_quiet_ventures_llc.28721de123bffa40.html listed as Seller on the apple app store. https://www.bizapedia.com/ca/quiet-riddle-ventures-llc.html https://www.corporationwiki.com/California/Mountain-View/quiet-riddle-ventures-llc/107529578.aspx

Quiet Riddle Ventures LLC, 650 Castro Street, Mountain View, California 94041-2055 USA. Tel: (415) 267-1806 Principal is Michael Benham from Mountain View CA. Registered Agent on file for this company is Tennille Christensen https://www.bizapedia.com/ca/quiet-riddle-ventures-llc.html

Signal Messenger LLC, https://www.crunchbase.com/organization/signal-messenger 650 CASTRO ST SUITE 120 - 479 MOUNTAIN VIEW, CA 94041 https://www.bizapedia.com/co/signal-messenger-llc.html, https://www.bizapedia.com/us/signal-messenger-llc.html https://www.corporationwiki.com/p/31jiai/signal-messenger-llc

Open Whisper Systems https://www.manta.com/c/mb4y2y1/open-whisper-systems 650 Castro Street, Mountain View, California 94041-2055 USA. Tel: (415) 267-1806 List as Developer on google + apple app stores, https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms https://itunes.apple.com/us/app/signal-private-messenger/id874139669

Signal Technology Foundation, https://www.linkedin.com/company/signal-technology-foundation/

Open Whisper Systems was a company focused on the development of mobile security software, which was acquired by Twitter in late 2011. Twitter very generously made some of the Whisper Systems software available under an Open Source license (GPLv3), which has since been under open development by the community. The software has seen a number of new releases based on that open development, and we’ve been calling the project for this continued work “Open Whisper Systems.” Welcome to the project’s new home.

This is where we will be promoting, distributing, and coordinating the continued development of mobile security and privacy software. In an environment of increasingly pervasive surveillance, we want to make it as easy as possible for anyone to be able to organize and communicate securely. We hope you’ll join us.

app publisher: Signal Messenger LLC app seller: Riddle Quiet Systems LLC


Signal

An instant messaging, voice calling and video calling[66] application for iOS and Android. It uses end-to-end encryption protocols to secure all communications to other Signal users.[25][62] Signal can be used to send end-to-end encrypted group messages, attachments and media messages to other Signal users. All calls are made over a Wi-Fi or data connection and are free of charge, including long distance and international.[23] Signal has a built-in mechanism for verifying that no man-in-the-middle attack has occurred. Open Whisper Systems has set up dozens of servers to handle the encrypted calls in more than 10 countries around the world to minimize latency.[19] The clients are published under the GPLv3 license.[67][68][69]

Signal Desktop A standalone desktop client for certain Windows, MacOS and Linux distributions that can link with a Signal mobile client.[40] Previously a Chrome app.[37] The software is published under the GPLv3 license.[69]

Signal Protocol A non-federated cryptographic protocol that combines the Double Ratchet Algorithm, prekeys, and a 3-DH handshake.[70] Open Whisper Systems maintains the following Signal Protocol libraries: libsignal-protocol-c: A library written in C and published under the GPLv3 license with additional permissions for Apple's App Store.[71] libsignal-protocol-java: A library written in Java and published under the GPLv3 license.[72] libsignal-protocol-javascript: A library written in JavaScript and published under the GPLv3 license.[73] Signal Server The software is published under the AGPLv3 license.[74] Contact Discovery Service A microservice that "allows clients to discover which of their contacts are registered users, but does not reveal their contacts to the service operator or any party that may have compromised the service."[75] The software is published under the AGPLv3 license.[75] As of 26 September 2017, the service is in beta.[76][77]

How Signal works: Wired has an excellent explanation here: link

Signal Foundation

The Signal Foundation is a non-profit organisation founded in Feb.2018 by Moxie Marlinspike and [[WhatsApp#Brian Acton|Brian Acton.ref Its mission is "to develop open source privacy technology that protects free expression and enables secure global communication."ref

The foundation was started with an initial $50m in funding from Acton, who had left WhatsApp's parent company Facebook in Sept.2017.ref The Freedom of the Press Foundation has served as Signal's fiscal sponsor and will continue to accept donations while the Signal Foundation's non-profit status is pending. Acton is serving as the Foundation's Executive Chairman, and Marlinspike continues as CEO.ref

Funding

Open Whisper Systems has received donations through the Freedom of the Press Foundation,[6][48] which has acted as Open Whisper Systems' fiscal sponsor since Dec.2016.[49][50] Dec.2013-Nov.2017: Open Whisper Systems used a system called BitHub to distribute small donations appropriately among contributors.[51] The system automatically paid a percentage of Bitcoin funds for every submission to one of Open Whisper Systems' GitHub repositories.[23][52] Feb.2018: Moxie Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the § Signal Foundation. Instead of taking the for-profit startup route, Open Whisper Systems will instead by funded by a combination of donations and government grants. Marlinspike says the project has received money from the free-software-focused Shuttleworth Foundation and the Open Technology Fund, a U.S. government program that has also funded other privacy projects like the anonymity software Tor and the encrypted instant messaging website Cryptocat.ref As I understand it, they licence the underlying crypto tech to other companies (including Google and Facebook for Allo and WhatsApp/Messenger respectively). This gives those companies some security/privacy cred, and gives Signal money to maintain their code and infrastructure for Signal. Even though Whatsapp is using Signals crypto, that doesn't mean it's privacy friendly or open source. ref


Donate to Signal development through the Freedom of the Press Foundation. Surveillance Self-Defense, EFF, https://ssd.eff.org/en/module/communicating-others Tell-all telephone, https://www.zeit.de/datenschutz/malte-spitz-data-retention How to: Use Signal on iOS, https://ssd.eff.org/en/module/how-use-signal-ios Tool Guides, https://ssd.eff.org/en/module-categories/tool-guides

Timeline

May.2018 Domain Fronting via Amazon: Amazon refused permission for Signal to use domain fronting on any domains it owns. Furthermore, Amazon instigated a set of changes designed to prevent domain fronting from working across the entirety of CloudFront.ref
Feb.2018 Signal Foundation: Moxie Marlinspike and Brian Acton announced the formation of the Signal Foundation.ref Brian Acton donated an initial $50m in funding.ref
Jan.2018 Skype: Microsoft introduced a "Private Conversations" feature in Skype, powered by the Signal Protocol.ref
Jan.2018Iran blocked Telegram and Instagram - but not WhatsApp. Signal was also blocked, due to its reliance on the Google App Engine to disguise its traffic through a process called "domain fronting". ref This does not work in Iran because Google has blocked Iranian access to Google App Engine in order to comply with US sanctions.ref
Oct.2017Signal for Desktop: OWS announced the release of a standalone desktop client for certain Windows, MacOS and Linux distributions.[1]ref. The Chrome app was deprecated, but users could export their data into the new app as part of the setup process.ref
Sept.2017 Brian Acton (of WhatsApp) left Facebook, also leaving ~$850m in stock by not staying for a few more months. Acton has played a major role in creating Signal. He is now executive chairman of the Signal Foundation.ref
Dec.2016Egypt blocked access to Signal.ref In response, Open Whisper Systems added domain fronting to their service.[2] This allows Signal users in a specific country to circumvent censorship by making it look like they are connecting to a different Internet-based service.ref
Oct.2016Gag Order: The US Govt subpoenad Open Whisper Systems earlier in the year, requiring them to provide information associated with two phone numbers for a federal grand jury investigation - plus a one-year gag order demanding complete silence on the matter. Because of how Signal is designed, OWS was only able to provide "the time the user’s account had been created and the last time it had connected to the service". OWS went to the American Civil Liberties UnionWikipedia-W.svg for help, and they were able to lift part of the gag order after challenging it in court.ref
Oct.2016 Facebook Messenger: Facebook deployed an optional mode called "secret conversations" in Messenger which provides end-to-end encryption using an implementation of the Signal Protocol.ref
Sept.2016Signal Desktop could now be linked with the iOS version of Signal as well.ref
Sept.2016 Allo was launched by Google, a messaging app with an optional "incognito mode" that uses the Signal Protocol for end-to-end encryption.refref
Apr.2016Open Whisper Systems and WhatsApp announced they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.ref
Dec.2015Signal Desktop was launched as a Chrome app that could link with an Android Signal client.ref
Nov.2015Signal: RedPhone was merged into TextSecure, to become Signal for Android.ref
Jul.2015David Cameron threatened to ban Whatsapp, based on its use of TextSecure. ref
Mar.2015TextSecure compatibility was added to the iOS application.ref
Nov.2014 WhatsApp: OWS announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform.ref They said the protocol had already been incorporated into the latest WhatsApp client for Android, and support for other clients, group/media messages, and key verification would be coming soon. WhatsApp was oddly shy; it confirmed the partnership to reporters, but there was no official announcement, and requests for comment were declined.ref
Oct.2014 The Electronic Frontier Foundation included Signal, TextSecure and RedPhone in their updated Surveillance Self-Defense (SSD) guide.ref Snapchat, Whatsapp, Facebook chat, Google Hangouts, Skype, and more, all failed EFF's simple security tests. Providers can read users' messages because the apps use the providers' encryption keys instead of user-created keys.ref
Sept.2014 Redphone returned as an open-source project, for Android.ref
Jul.2014 Signal was released as a RedPhone counterpart for iOS. The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client.ref,ref
Feb.2014TextSecure Protocol version 2 was released, which added end-to-end encrypted group chat and instant messaging capabilities.ref,ref
Jan.2013Open Whisper Systems: Marlinspike left Twitter,ref even though his contract stipulated a minimum stay of 4 years, otherwise he would forfeit over $1m in stock options. He quit anyway, and founded Open Whisper Systems with Brian Acton and Jan Koum, as a collaborative open source project for the continued development of TextSecure and RedPhone.ref
Jul.2012RedPhone was released under the GPL v3.ref
Jun.2012National Security Agency: Slides from an internal NSA presentation were published by Der Spiegel, in which the NSA deemed RedPhone on its own as a "major threat" to its mission and, when used in conjunction with other privacy tools such as Cspace, Tor, Tails, and TrueCrypt, was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."[1] ref
Dec.2011TextSecure was released by Twitter as free, open-source software under the Gnu General Public Licence v3Wikipedia-W.svg (GPLv3).ref
Nov.2011 Twitter acquired Whisper Systems,ref with Marlinspike becoming Twitter's director of product security. Shortly afterward, Whisper Systems' RedPhone service was made unavailable.ref
May.2010 RedPhone + TextSecure: The company's first two apps were released in beta; TextSecure for encrypted texting, and RedPhone for encrypted voice-calling.ref, ref
Apr.2010 Whisper Systems was co-founded by Moxie Marlinspike and Stuart Anderson.ref The company made proprietary closed-source security software for Android mobiles and tablets.ref

Articles

  • May.01.2018: Amazon threatens to suspend Signal's AWS account over censorship circumvention. Direct access to Signal has been censored in Egypt, Oman, Qatar, and UAE for the past 1.5 years. These countries attempt to block Signal by blocking connections to Signal servers from all ISPs. ...We responded by deploying domain fronting in those countries through Google App Engine. Direct access to Signal has also been blocked in Iran for the past 3+ years, but it was not possible to use the same domain fronting technique there. In an apparently unique interpretation of US sanction law, Google does not allow any requests from Iran to be processed by Google App Engine. In early 2018, a number of policy organisations increased pressure on Google to change their position on how they were interpreting US sanction law so that domain fronting would be possible from Iran. Sadly, these lobbying efforts seem to have had the opposite effect. When Google’s leadership became more aware of domain fronting, it generated internal conversations about whether they wanted to put themselves in the situation of providing cover for sites that entire countries wished to block. A month later, we received a 30-day advance notice from Google that they would be making internal changes to stop domain fronting from working entirely. With Google no longer an option, we decided to look for popular domains in censored regions that were on Amazon's CloudFront instead. There were a few sites that used CloudFront in the Alexa top 50 or 100. We're an open source project, so the commit switching from GAE to CloudFront was public. Someone saw the commit and submitted it to HN. That post became popular, and apparently people inside Amazon saw it too. That’s how we got to the above email. A few days ago Amazon also announced what they are calling Enhanced Domain Protections for CloudFront requests. It is a set of changes designed to prevent domain fronting from working entirely, across all of CloudFront. With Google Cloud and AWS out of the picture, it seems that domain fronting as a censorship circumvention technique is now largely non-viable in the countries where Signal had enabled this feature. The idea behind domain fronting was that to block a single site, you’d have to block the rest of the internet as well. In the end, the rest of the internet didn’t like that plan. We are considering ideas for a more robust system, and developing new techniques will take time. Moreover, if recent changes by large cloud providers indicate a commitment to providing network-level visibility into the final destination of encrypted traffic flows, then the range of potential solutions becomes severely limited. In the meantime, the censors in these countries will have (at least temporarily) achieved their goals. Sadly, they didn’t have to do anything but wait. Signal Foundation.
  • May.11.2017: Ditch All Those Other Messaging Apps: Here's Why You Should Use Signal. There are just too many messaging apps. It's time to pick one messaging app and get all of your friends on board. There's one messaging app we should all be using: Signal. It has strong encryption, it's free, it works on every mobile platform, and the developers are committed to keeping it simple and fast by not mucking up the experience with ads, web-tracking, stickers, or animated poop emoji. The thing that actually makes Signal superior is that it's easy to ensure that the contents of every chat remain private and unable to be read by anyone else. As long as both parties are using the app to message each other, every single message sent with Signal is encrypted. WhatsApp raises a few concerns that Signal doesn't. First, it's owned by Facebook Inc, a company whose primary interest is in collecting information about you to sell you ads. Even though the content of your WhatsApp messages are encrypted, Facebook can still extract metadata from your habits, like who you're talking to and how frequently. While we're talking about Facebook, it's worth noting that the company's Messenger app isn't the safest place to keep your conversations. The two biggest issues with Facebook Messenger are that you have to encrypt conversations individually by flipping on the "Secret Conversations" option (good luck remembering to do that), and that anyone with a Facebook profile can just search for your name and send you a message. iMessage may seem like a solid remedy to all of these woes, but it's tucked behind Apple's walled iOS garden, so you're bound to leave out your closest friends who use Android devices. And if you ever switch platforms, say bye-bye to your chat history. Let's all switch to Signal, keep our messages private, and finally put an end to the untenable multi-app shuffle that's gone on far too long. Jordan McMahon, Wired.

References

  1. ^ Inside the NSA's War on Internet Security. Spiegel Online International, Dec.28.2014.