Encryption App Signal Adds Video Calls—And a New Privacy Tradeoff
Credit to Author: Andy Greenberg| Date: Tue, 14 Feb 2017 18:55:08 +0000
Even as the encryption app Signal has become the go-to private communications channel for activists, journalists, politicians, and more, its encrypted calling feature has remained less than perfect. It lacks video, often drops calls, and doesn’t always integrate with a phone’s existing features. A Signal update gradually rolling out now will upgrade its calling features and add video, too—but might also require some of its most privacy-sensitive users to consider an extra step to protect themselves.
On Tuesday, Signal’s creators at the non-profit Open Whisper Systems announced a beta version of the app update that, in addition to video calling, will add the ability to answer calls from a locked screen, and what the group promises will be better call quality. For now, anyone who receives the update can choose to switch on those new features in the “advanced” menu under Signal’s settings. “We want Signal to be a joy to use,” says Moxie Marlinspike, Open Whisper Systems’ founder. “We’re constantly focused on continuing to refine it and add features and functionality that we think people will love.”
But anyone testing the beta who links their iPhone to iCloud and wants the same level of privacy Signal has always offered should consider an extra step, too: Disabling a setting that uploads their calls’ metadata to Apple. The beta upgrade to Signal will use CallKit, Apple’s framework for allowing VoIP calls like Signal’s, to be integrated more completely into the calling functionality of the phone. But that also means calls will be recorded in the iPhone’s call log and, for iCloud users, shared with Apple’s server. “iOS treats CallKit calls like any other call, however that also means some information will be synced to iCloud if enabled,” Open Whisper Systems warns. “This information includes who you called and how long you talked.”
For anyone who cringes at the thought of leaking that metadata, however, the new Signal beta will let you turn CallKit integration off on the same “Advanced” menu in the app’s settings. CallKit integration will only be used if it’s enabled on both ends of the call—if you disable it, your metadata won’t be leaked by your contact’s phone, either. And Open Whisper Systems is still considering whether the version of Signal it pushes out after this beta will integrate CallKit by default, or as an opt-in feature.
“How we handle CallKit once this is the default experience isn’t entirely resolved,” Marlinspike says. He suggests that the app could mere display “Signal users” in the iPhone’s call log to protect users’ identities, or Signal may walk users through its settings when once installed, to help people choose their privacy preferences. “There are a bunch of things we can do other than just having it on by default.”
Signal has exploded in popularity in part because it has long made certain privacy tradeoffs to make the app more usable. It integrates a phone’s existing contacts for convenience, for instance, but requires that a number be added to a phone’s contact list before it can be called. That means if the phone backs its contacts up to the cloud, some sensitive details could be leaked. And Signal has avoided a “federation” feature that would allow Signal users to set up their own server to communicate over, rather than use Signal’s more centralized system.
Aside from the CallKit change, Signal has also fully redesigned its VoIP protocol and reworked how it authenticates that bad actors aren’t surreptitiously impersonating users during calls. In the past, Signal has offered two unique words generated on the callers’ screens from their encryption keys. The callers each read out a word, and if they match, they can be sure no man-in-the-middle is eavesdropping on their call. In the new version, Signal’s voice and video calling will drop those word pairs and instead use the same authentication system as its text messaging feature, which depends instead on simply warning users if their contact’s encryption key has suspiciously changed.
All of that means Signal is making the process of an encrypted call feel far more like making a normal one. The next time you’re foiling the eavesdroppers trying to listen in on your secret conversations, in other words, you may not even notice.