Signal Is Using a Surprising Tool to Make Your Privacy More Bulletproof

Rhett Jones just a moment. 0 comments
Encrypted Messaging Signal App Security Sgx

If you want total privacy, Signal is the generally understood to be the best messaging app around. But that doesn’t mean it offers total privacy. Its developers are still working on improvements. And the latest tweak uses a controversial new feature in Intel processors to prove to that Signal isn’t storing your contact info.

The fact is, unless you’re an expert in information security, there’s going to be a level of trust involved with using any encrypted messaging app. Back in March, security researchers found multiple vulnerabilities in Confide, an app that was believed to be comparable to Signal and was reportedly the service of choice for White House aides avoiding a data trail. So far, Signal has tried to offer all the safeguards experts want, and (because Signal is open source and peer-reviewed) it’s constantly being checked and double-checked. But one major problem has nagged at Signal’s development of user trust: importing contacts.

Like other messaging apps, Signal asks you to import your contacts when you first launch the app. This just makes sense—it’s hard to get people to adopt if they have to re-enter all that info every time they try a new service. But Signal’s whole philosophy is about encrypting the data that goes through its servers to a degree that it’s virtually uncrackable. The less Signal knows about you, the less any bad actor in the future can decipher from Signal’s information. This is an increasingly pressing issue today, considering that private companies are routinely hacked, and no one wants the government knowing any more than it has to. At its most basic, encryption converts data into a string of characters that would take the computers that we have today too long to crack by simply running all the possibilities to match up with the code. But phone numbers are relatively easy to crack because they have a short, set length and only consist of numbers.

Enter Intel’s new Software Guard Extensions (SGX). This feature allocates a “secure enclave” in a processor that theoretically can’t be altered by the user. As Wired explains:

Any code running in that enclave is signed with a unique key that Intel, not the computer’s owner, controls. And a computer that connects to that machine running SGX can check its signature to make sure that the code in the enclave hasn’t changed, even if the rest of the computer is infected with malware, seized by the FBI, reprogrammed by its owners to sell out all its users’ data, or otherwise compromised.

Today, Signal outlined how it plans to use SGX as a sort of middleman between its servers and your phone’s contacts, taking it one step further from knowing anything about you. Your contacts will pass through this secure enclave for processing and will disappear afterward. And going forward, users will be able to double-check that Signal’s open-source code hasn’t been altered in a way that would instruct the servers to store contact data, and the contacts are only temporarily held in the SGX. If all the testing works out, Signal wouldn’t ever “see” your contacts, and the code in the SGX would be unalterable by Signal’s team.

There’s a bit of irony here in that SGX is both facilitating a principle (personal privacy) that people who advocate for internet freedoms love, while it has also come under fire for being a dangerous route to unbreakable DRM. The criticism, in a nutshell, is that a user should have the power to alter anything they want on their own machine. But Intel controls what the code says in the SGX. If all chips that were produced had some sort of SGX, it would be easy to create a form of digital rights management that makes it impossible for anyone to get around any sort of constrictions the processor’s manufacturer decides it wants to put in place.

In Signal’s case, it’s turning this problem into an asset. Well, it might be turning this problem into an asset. It’s still unclear if it’s realistically feasible for someone to break into their own server-side SGX. If the history of web security, encryption, and cryptography are any indication, it’s probably only a matter of time before SGX is cracked. It’s also only a matter of time before Signal’s system is obsolete. That’s why it’s constantly being improved through a transparent and open-source process. And right now, it’s the best option we’ve got.

[Wired]

HighResolutionMusic.com - Download Hi-Res Songs

1 BLACKPINK

Kiss And Make Up flac

BLACKPINK. 2018. Writer: Soke;Kny Factory;Billboard;Chelcee Grimes;Teddy Park;Marc Vincent;Dua Lipa.
2 Martin Garrix

Access flac

Martin Garrix. 2018. Writer: Martin Garrix.
3 Martin Garrix

Yottabyte flac

Martin Garrix. 2018. Writer: Martin Garrix.
4 Dyro

Latency flac

Dyro. 2018. Writer: Martin Garrix;Dyro.
5 Martin Garrix

Waiting For Tomorrow flac

Martin Garrix. 2018. Writer: Pierce Fulton;Mike Shinoda;Martijn Garritsen;Brad Delson.
6 Alan Walker

Diamond Heart flac

Alan Walker. 2018. Writer: Alan Walker;Sophia Somajo;Mood Melodies;James Njie;Thomas Troelsen;Kristoffer Haugan;Edvard Normann;Anders Froen;Gunnar Greve;Yann Bargain;Victor Verpillat;Fredrik Borch Olsen.
7 Bradley Cooper

Shallow flac

Bradley Cooper. 2018. Writer: Andrew Wyatt;Anthony Rossomando;Mark Ronson;Lady Gaga.
8 Cardi B

Taki Taki flac

Cardi B. 2018. Writer: Bava;Juan Vasquez;Vicente Saavedra;Jordan Thorpe;DJ Snake;Ozuna;Cardi B;Selena Gomez.
9 Halsey

Without Me flac

Halsey. 2018. Writer: Halsey;Delacey;Louis Bell;Amy Allen;Justin Timberlake;Timbaland;Scott Storch.
10 Sia

I'm Still Here flac

Sia. 2018. Writer: Sia.
11 Lady Gaga

I'll Never Love Again flac

Lady Gaga. 2018. Writer: Benjamin Rice;Lady Gaga.
12 Blinders

Breach (Walk Alone) flac

Blinders. 2018. Writer: Dewain Whitmore;Ilsey Juber;Blinders;Martin Garrix.
13 Dewain Whitmore

Burn Out flac

Dewain Whitmore. 2018. Writer: Dewain Whitmore;Ilsey Juber;Emilio Behr;Martijn Garritsen.
14 Bradley Cooper

Always Remember Us This Way flac

Bradley Cooper. 2018. Writer: Lady Gaga;Dave Cobb.
15 Avril Lavigne

Head Above Water flac

Avril Lavigne. 2018. Writer: Stephan Moccio;Travis Clark;Avril Lavigne.
16 Mako

Rise flac

Mako. 2018. Writer: Riot Music Team;Mako;Justin Tranter.
17 ZAYN

Fingers flac

ZAYN. 2018. Writer: Zayn Malik;Alex Oriet;David Phelan.
18 Billie Eilish

When The Party's Over flac

Billie Eilish. 2018. Writer: Billie Eilish;FINNEAS.
19 Kelsea Ballerini

This Feeling flac

Kelsea Ballerini. 2018. Writer: Andrew Taggart;Alex Pall;Emily Warren.
20 Zara Larsson

Ruin My Life flac

Zara Larsson. 2018. Writer: Delacey;Michael Pollack;Stefan Johnson;Jordan Johnson;Sermstyle;Jackson Foote.

Suggested posts

Other Rhett Jones's posts

Language