By: Igo Geurtjens Posted on

Many people are switching to the messenger Signal recently, or are considering doing so, the main reason being security and privacy concerns. Here are some points for consideration, and an alternative.


Signal

  1. First of all, Signal is a great alternative compared to messengers like Whatsapp, (FB) Messenger. Signal also works virtually the same as Whatsapp in use.
  2. However, Signal already falls under the US Cloud Act.
  3. The Cloud/wiretap Act gives access to active taps and thus metadata. Metadata is the information created when you send a message – e.g. everything about the message in addition to the actual content of the message itself. This can include information such as your IP address, the IP addresses of your contacts, mobile numbers (in Signal, you can also avoid using your mobile number), who your messages were sent to and the time and date the messages were sent. Signal records metadata.
  4. The chances of a significant further change in privacy law in the US are high in the short/mid-term (current dominance in the Senate).
  5. A vulnerability of Signal may be that it is currently dependent on a single big-tech donor, and on donations. On the one hand, that could mean causing problems when the big-tech donor goes away or changes his/her policies. On the other hand, it could cause server capacity problems, as well as maintenance and expansion thereof, when large numbers of people suddenly start using Signal.
  6. Signal does not operate on a decentralised network of servers. So there is a central point of control, so to speak. With a decentralised network, this is not the case which contributes to optimal privacy.

Session a powerful alternative

  1. When it comes to optimal privacy and recurring decentralisation trend, there is a strong alternative on the messenger front: Session. Based on Signal’s source code, Session has been further developed as a new and independent software project. Like Signal, Session is available for familiar mobile & desktop systems.
  2. Unlike traditional messaging apps, Session operates on a blockchain-based decentralised network of servers, creating a global routing system that eliminates the need for personal information during account registration. Also, personal information such as e.g. IP or phone number of the recipient does not need to be known by the sender when connecting and/or sending messages. Only the Session ID number (or QR code) created at login is required. No metadata is used.
  3. While Session itself is a decentralised global ecosystem, its steward is based in Switzerland. Switzerland was chosen as a home jurisdiction for its legal protections regarding personal privacy, world-class cybersecurity and computer science industry, and sophisticated regulation relating to decentralised technologies.
  4. As a web3 application for consumers, it has a lot of potential towards the future, short- and long-term.
  5. You do have to invite people yourself as Session does not use your contact list. A random number (the Session ID) is generated upon registration, which you then share when inviting others.
  6. Phone and video calls can be turned on by yourself in smartphone Session app under the “privacy” settings.

Tip!

Signal:

  • Remember to save your recovery passphrase securely!!

Session:

  • When you create a Session account in e.g. the smartphone app, you can retrieve the recovery passphrase via ‘Settings’ and e.g. use it in your desktop app after (a new) installation – this also works visa versa. All your messages are then immediately visible in the newly installed app as well. It is still wise to save your recovery passphrase securely, and possibly hide its visibility in the app permanently.


Categories: Articles, Media Tags: , , ,