2022 Review: Signal Messenger

What is Signal & Why Do You Need It?

Even if you’re not big into privacy or security, you’ve likely at least heard of Signal. The WhatsApp/Telegram competitor rose to mainstream prominence in 2021, largely thanks to Elon Musk’s timely “Use Signal” tweet that came on the heels of several unpopular WhatsApp changes. The app promptly skyrocketed to the number one spot in multiple countries’ app stores and even crashed the servers for a weekend.

Signal is an end-to-end encrypted messenger available on Linux, Mac, Windows, Android, and iOS. I have long touted the need for E2EE in your daily communications for both practical and philosophical reasons. For practical reasons, it can protect sensitive communications like financial discussions, upcoming plans, and NSFW pics/texts if that’s your thing. For philosophical reasons, I think that everyone should use encryption whenever possible to normalize it and make mass surveillance less feasible/practical/economical.

The Good

Signal has a lot to like. Let’s start at the top with installation: I like to call Signal “insultingly easy” to setup. You basically just download it and keep clicking through the prompts. The only way this gets even remotely complex is if you decide to sign up using a phone number other than your SIM card number, but even then “complex” simply means “you have to enter the number yourself instead of letting Signal read it from your messages automatically.” Side note: Signal allows you to register with a Voice-over-IP number. This is fantastic for privacy, which I’ll talk about in the next section.

Next, let’s talk about Signal’s encryption. You really can’t beat it, it’s some of the best in the world. It’s so good that allegedly even the CIA can’t crack it and companies like WhatsApp, Skype, Google, and Facebook Secret Messages all use it for encryption. Signal itself has been used by the EU Comission, numerous politicians and their cabinets, journalists, whistleblowers, and law enforcement.

Signal if fast, reliable, and as a plus Android users can set it to be their default messenger app. This means that both your encrypted Signal messages and your unencrypted SMS messages will both funnel into the same app. This has two advantages: for one, you don’t have to switch between apps (a common complaint for iOS users), and for another, if you message someone new who already has Signal, it will automatically send as an encrypted Signal message. If they don’t have Signal, it will automatically send as a regular SMS. Very convenient. Speaking of convenience, Signal also offers a huge array of mainstream features that are sure to reel in even those who don’t care about privacy, like GIPHY support, stickers, and virtually unlimited attachment sizes (I’ve heard rumors of people sending 20-minute voice messages. Horrifying, but impressive). They also offer group chat and video calls of nearly any size you could want – including up to 40 people in a video call. Oh, and Signal is audited. That’s always a plus.

The Bad

Signal is not without flaws. The biggest one for most people (myself included) is the phone number requirement. Signal must have an active phone number to work. For those of you who like to use temporary verification number services, that means “don’t.” Once your burner number goes away, Signal will likely stop working a few days after. You’ll have to find a number that you control completely and use that. I prefer to have a number dedicated only to Signal and nothing else – this can be done with MySudo or Google Voice or pretty much any VoIP service that allows you to create multiple numbers – but that’s a pain for minimalists. Signal has been promising usernames for years, but at the time of this writing there’s still no sign of it coming any time soon. I think this is where we should note that Signal is not anonymous. While they make no effort to correlate or determine your identity, the fact is that most people won’t use VoIP numbers with Signal, and even those who do can still be traced back to the provider. Signal is very private and very secure, but anonymity really depends on you and the measures you take.

My other complaint with Signal is somewhat personal, but I think understandable even if you disagree: the “MobileCoin” incident. I gave a more detailed explanation of this in last year’s review as well as this blog post I wrote for Decentralize Today, but the short version is that Signal went nearly a year without publicly updating their server source code so that they could work out the kinks and introduce a new feature of sending and receiving money to friends and family via “MobileCoin,” a Monero variant. I personally am one of the people who’s not a fan of MobileCoin, but more importantly I don’t like that Signal felt the need to be so secretive about this. I understand they wanted to surprise everyone with what they thought was good news, but I wish they hadn’t. Save the surprises parties for my friends and family, not my encrypted messenger. It was a poor decision that they never really addressed, we all just sort of moved on cause we had no choice.

Signal’s other lesser flaws include being based in the United States, which I believe doesn’t really impact the efficacy of the service itself but it does call into question the future of the service as the United States becomes increasingly anti-encryption (though in the past, Signal did say that any laws banning encryption would simply result in the organization moving overseas to an encryption-friendly country). Signal is also centralized, and many of those central servers include ones owned by Google and Amazon. Signal goes to great lengths to create a zero-trust service where the server’s compromise means nothing, but it’s still sad to see yet another place where escaping the clutches of Big Tech isn’t possible. It’d be nice to see them invest in alternative infrastructure that doesn’t enable enemies of privacy.

Conclusion

Signal is one of the best messengers on the market. It is incredibly secure, very private (remember: not anonymous, but private), easy to use, and has very wide adoption. In fact, it was even casually featured in this year’s Google IO event during a feature demonstration. For the vast majority of people, Signal is without a doubt the best messenger because of the wide array of features, adoption, and user-friendliness. However, Signal does have drawbacks that make it not right for every situation. For those who don’t want to hand out a phone number or don’t want a phone at all, Signal presents serious challenges. Still, for a daily messenger I strongly encourage readers to look into Signal. It may be the gateway app that gets your friends and family deeper into encrypted messengers down the road.

You can check out Signal here.

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work in a variety of ways here.