PERMISSIONS:
You may link to my blog but if you want to copy my article to your own blog, please give the following credit: From "Ampers' Rants" at www.ampers.me.uk. Thank you.

APOLOGIES
I have been over zealous with political comment lately so have now accepted the offer to assemble and write for two blogs on the WatchingUK website. The "Good News" blog is for items where we have benefited from the Brexit referendum vote and the "Bad News" blog is where others have tried to damage our chances of leaving the EU.

SUBSCRIPTIONS:
If you like what you see, why not subscribe to the blog? You can follow Ampers' Rants by adding your email address in the box below (left) Notifications are also shown in my Twitter account: AmpersUK.

Friday, 23 June 2017

Signal Private Messenger is the safest text messaging system in the world


Whisper Systems developed Signal Private Messenger.

Most commercial undertakings are slowly moving their mobile communications to Signal. This article will help explain why.

Both WhatsApp and Signal have encrypted messaging but then the differences start.


---------------------------------------------------------------
Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate

---------------------------------------------------------------

WhatsApp allows you to download your messages so stores them on the cloud. Signal does not store any messages so is safer from government eyes. Both the NSA and GCHQ are suspected of not only searching for spies and terrorists, but looking for commercial secrets.

With whatsApp, you both have to be using the WhatsApp app. but with Signal you only both have to if you want encryption. So Signal also doubles up as a SMS program, reducing the need for two communications programs.

WhatsApp allow free calls and texts. As with WhatsApp, Signal allows secure messaging. The difference is, with WhatsApp, if you want to send text to someone not on WhatsApp, you have to use a texting app. However, with Signal, if both people have Signal installed, it has encrypted messaging. But if the other person hasn't Signal installed, you can still message others with unencrypted texts as you do with a standard texting app.

One major difference is, unlike WhatsApp which may store your messages on the cloud, Signal never stores messages and therefore doesn't offer a cloud service. This keeps your messages away from spying eyes.

---------------------------------------------------------------------------------------------------------------
After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University

---------------------------------------------------------------------------------------------------------------

Now for the crunch, WhatsApp is a propriety app, whereas anyone can download the Signal code (it's in the public domain) and a friendly programmer can examine the code for government trap doors, then compile it for company use. So users of the former don't know whether NSA have added a trap door, whereas users of the latter know there isn't a trap door or technical people would have spread this information all over the Internet.

The following has been taken from Wikipedia which is of interest:
Reception

In October 2014, the Electronic Frontier Foundation (EFF) included Signal in their updated surveillance self-defense guide.[84] In November 2014, Signal received a perfect score on the EFF's secure messaging scorecard;[42] it received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (end-to-end encryption), making it possible for users to independently verify their correspondents' identities, having past communications secure if the keys are stolen (forward secrecy), having the code open to independent review (open source), having the security designs well-documented, and having a recent independent security audit.[42] At the time, "ChatSecure + Orbot", Pidgin (with OTR), Silent Phone, and Telegram's optional "secret chats" also received seven out of seven points on the scorecard.[42]

On December 28, 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Signal's encrypted voice calling component (RedPhone) on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, Tor, Tails, and TrueCrypt was ranked as "catastrophic", leading to a "near-total loss/lack of insight to target communications, presence..."[85][86]

Former NSA contractor Edward Snowden has endorsed Signal on multiple occasions.[34] In his keynote speech at SXSW in March 2014, he praised Signal's predecessors (TextSecure and RedPhone) for their ease-of-use.[87] During an interview with The New Yorker in October 2014, he recommended using "anything from Moxie Marlinspike and Open Whisper Systems".[88] During a remote appearance at an event hosted by Ryerson University and Canadian Journalists for Free Expression in March 2015, Snowden said that Signal is "very good" and that he knew the security model.[89] Asked about encrypted messaging apps during a Reddit AMA in May 2015, he recommended Signal.[90][91] In November 2015, Snowden tweeted that he used Signal "every day".[33][92]

In September 2015, the American Civil Liberties Union called on officials at the U.S. Capitol to ensure that lawmakers and staff members have secure communications technology.[93] One of the applications that the ACLU recommended in their letter to the Senate Sergeant at Arms and to the House Sergeant at Arms was Signal, writing:

One of the most widely respected encrypted communication apps, Signal, from Open Whisper Systems, has received significant financial support from the U.S. government, has been audited by independent security experts, and is now widely used by computer security professionals, many of the top national security journalists, and public interest advocates. Indeed, members of the ACLU’s own legal department regularly use Signal to make encrypted telephone calls.[94]

In March of 2017 Signal was approved by the Sergeant at Arms of the U.S. Senate for use by senators and their staff. [95][96]

Following the 2016 Democratic National Committee email leak, Vanity Fair reported that Marc Elias, the general counsel for Hillary Clinton's presidential campaign, had instructed DNC staffers to exclusively use Signal when saying anything "remotely contentious or disparaging" about Republican presidential nominee Donald Trump.[97][98]

-------------------------------------------------------------------------------------------------------------------------------------------------------
I am regularly impressed with the thought and care put into both the security and the usability of this app.
It's my first choice for an encrypted conversation.Bruce Schneier, internationally renowned security technologist
-------------------------------------------------------------------------------------------------------------------------

The following two paragraphs concern "WhatsApp" and the Google app "Allo".

When you first set up WhatsApp, you’re encouraged, but not required, to share your phone’s contact list with the app. This helps the WhatsApp service connect you with other users quickly and easily. A WhatsApp spokesperson confirmed to me that the company retains contact list data, which means that WhatsApp could also hand over your contact list in response to a government request.

The first thing to understand about Google’s forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an “incognito mode” within the app, which will be secure but include fewer features.

And on Signal:

The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app’s code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible. If you back up your phone to your Google or iCloud account, Signal doesn’t include any of your messages in this backup. WhatsApp’s gaping backup issue simply doesn’t exist with Signal, and there’s no risk of accidentally handing over your private messages to any third-party company.

---------------------------------------------------------------------------------------------
Signal is the most scalable encryption tool we have. It is free and peer reviewed.
I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist

---------------------------------------------------------------------------------------------

I'm not paranoid, but there is no way I want amateur chefs working at NSA or GCHQ finding out about my secret baked beans on toast recipe, But I will say I use in excess of eight ingredients!

Ampers

No comments: