Is Signal a safe and secure app for iPhone? iMessage? Mac?
I am thinking about using Signal for iPhone communications.
https://signal.org/install/
for end-to-end encryption technology on my iPhone. But, what does this mean for my iMessage? Reading text messages on my MacBook?
How long does it take for a fast PC which a consumer may own, say a gaming PC, to crack the encryption?
Are there better options? Are there any brands which can communicate with other brands? Isn't there a communications/security standard I should be shopping for rather than a specific software product?
Thanks
https://signal.org/install/
for end-to-end encryption technology on my iPhone. But, what does this mean for my iMessage? Reading text messages on my MacBook?
How long does it take for a fast PC which a consumer may own, say a gaming PC, to crack the encryption?
Are there better options? Are there any brands which can communicate with other brands? Isn't there a communications/security standard I should be shopping for rather than a specific software product?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh, so Signal is app to app and outside of the text message stream. Using telephone number as the ID? Or, is the unique username?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If your goal is to have a way to send/receive messages with end-to-end encryption on your iPhone and Mac, then you don't need to do anything--iMessages already uses end-to-end encryption. The most significant drawback is that you can only communicate with other Apple/iMessages users. Regular SMS/text messages do not have the end-to-end encryption.
Signal is an open-source messaging app that competes with iMessages. There is an app for your iPhone and also your Mac that will let you send/receive messages with end-to-end encryption with other Signal users.
Signal is well-respected, but is not without flaws. Here's an example of an exploit that was discovered last year: https://www.forbes.com/sites/daveywinder/2019/10/05/signal-messenger-eavesdropping-exploit-confirmedwhat-you-need-to-know/
In addition to technical flaws, you always need to be concerned about someone inside the company providing access to accounts (including, but not limited to, law enforcement, for example). Telegram, another competitor to iMessages and Signal, appears to have suffered a breach like this that resulted in a massive political scandal in Brazil: https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash-leaks/
If you are looking for a standard technology you can use to secure an existing standard means of communication, your two main options are S/MIME (which uses certificates) and PGP (which uses keys) to encrypt emails.
While I actually use both of the above technologies, they are not without their own limitations, including: the email itself is encrypted, but not the to, from, and subject line; they can be rather complicated to set up for the average computer user; it is difficult/impossible to use with most webmail providers like Gmail, Yahoo!, etc.
Deciding which one is most secure may come down to deciding which company you trust the most.
Many experts would suggest relying on end-to-end encryption as implemented in the above products potentially gives you a false sense of security as you can't know an exploit won't be discovered at any time. Still, I suspect that for most people, most of the time, either Signal or iMessages is "good enough."
Signal is an open-source messaging app that competes with iMessages. There is an app for your iPhone and also your Mac that will let you send/receive messages with end-to-end encryption with other Signal users.
Signal is well-respected, but is not without flaws. Here's an example of an exploit that was discovered last year: https://www.forbes.com/sites/daveywinder/2019/10/05/signal-messenger-eavesdropping-exploit-confirmedwhat-you-need-to-know/
In addition to technical flaws, you always need to be concerned about someone inside the company providing access to accounts (including, but not limited to, law enforcement, for example). Telegram, another competitor to iMessages and Signal, appears to have suffered a breach like this that resulted in a massive political scandal in Brazil: https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash-leaks/
If you are looking for a standard technology you can use to secure an existing standard means of communication, your two main options are S/MIME (which uses certificates) and PGP (which uses keys) to encrypt emails.
While I actually use both of the above technologies, they are not without their own limitations, including: the email itself is encrypted, but not the to, from, and subject line; they can be rather complicated to set up for the average computer user; it is difficult/impossible to use with most webmail providers like Gmail, Yahoo!, etc.
Deciding which one is most secure may come down to deciding which company you trust the most.
Many experts would suggest relying on end-to-end encryption as implemented in the above products potentially gives you a false sense of security as you can't know an exploit won't be discovered at any time. Still, I suspect that for most people, most of the time, either Signal or iMessages is "good enough."
At least with Signal there still is an Open Source codebase.
ASKER