Skip to content

why the most secure messaging app has not prevented Puigdemont’s messages from being filtered

27 mayo, 2021

The political situation in Catalonia is leaving us images as curious and striking as the one Puigdemont messages leak. This opens a great debate on the limits of what is news and what is crime, but from here we want to focus on the aspect that touches us most closely. It is not the first time, but it is interesting to see how politicians use the Signal messaging application to communicate.

Signal is an ultra-secure messaging application, promoted directly by Open Whispers System and sponsored by Edward Snowden. Under this simple application with a Material Design design hides one of the open source cryptographic protocols most important Android. In addition to Signal, we also find it in applications such as WhatsApp, Facebook Messenger, Allo or recently Skype.

How Signal works

Signal

The Signal’s design doesn’t differ much from other messaging apps. You insert your phone number, add other people, and start talking. However, it offers us very interesting options at the security level.

It is also an application completely oriented towards the privacy of conversations. Have end-to-end encryption, messages that self-destruct after a few seconds and a password so that no one who picks up our mobile phone can open the conversations.

Signal Num

Signal is an encrypted open source application with multiple options to improve the privacy of our conversations.

Screenshots cannot be taken either although unfortunately that has not served to ensure that the Catalan politicians in question have been able to maintain the privacy of their conversations.

More than five million users already use Signal and although it is not as popular as Telegram, let alone WhatsApp, it did get a lot of pull in Catalonia as a result of October 1, where CDR They took advantage of the privacy of this application to maintain secure conversations and to be able to manage the referendum.

What privacy options would have made this leak difficult

This leakage of messages would have been more carefully avoided. It is clear that if you take the message and show it, it is difficult to do much, but Signal does add a series of functions that protect these conversations in a certain way.

The most direct is that of messages that self-destruct. If the conversation is really going to be compromising and you know that someone is attentive on the other side, it is essential that this option is activated. Thus, in case there is no one else, there will be no trace of that message and no one will be able to know that it has been sent. These messages self-destruct after 5, 10s, 1min or up to a week. Depending on how long you want to keep them on your mobile.

Signal Settings

If Puigdemont had used self-destructing messages, the cameras might not have had time to capture the content of the conversation.

Another option is to automatically lock Signal after a specified period of inactivity. We also have options to lock messages with a password. In fact, even from Android notifications we will see this message blocked.

We also have the possibility to establish limits to the length of the conversation and trim them. This would have prevented the speeches of a lonely Puigdemont from suddenly reaching the cell phone of the former ERC clerk.

Security comparison: Signal vs Telegram vs WhatsApp

If the various messaging applications are encrypted, then what is the advantage of using Signal? Here you have to differentiate several points. On one side is the encryption protocol: Signal like WhatsApp uses Open Whispers Systems while Telegram has its own: MTProto.

Signal

Telegram

WhatsApp

Encryption

Open Whispers System

MTProto

Open Whispers System

Messages that self-destruct

Yes

Yes

Not

Saved data

Phone number

Last connection day

Phone number Last connection Contact lists Name Biography

Phone number Last connection Contact lists Name Status

Open Source

Yes

Yes

Not

But the thing to keep in mind is that even if end-to-end encryption is used this does not prevent collecting metadata. And some of them can compromise our conservation. WhatsApp and Facebook Messenger collect a large amount of data, in Telegram only secret chats are kept off the servers. And all these applications collect the list of users, so it is easy to establish a huge network of contacts.

In Signal only the phone number with which you are registered and the day of the last connection is registered. Not the hour or the minute, just the day. As we see a very high level of security but that also has a vital difference with respect to the rest. Signal is a totally open source, so anyone with enough knowledge can analyze the code and verify that everything is done correctly.

There is no use having maximum security if basic mistakes are made later

Puigdemont Android Signal Signal application with Puigdemont’s filtered messages | Image Telecinco

Events like today show that a lot of privacy education is still needed. It is useless to use ultra-encrypted applications such as Signal if then the practices we carry out are completely less secure. The application can make things easier for us but it is the end user who is ultimately responsible for keeping all their conversations private.

It is of little use if you have someone who is spying on you over your shoulder. But these ultra-secure messaging apps need to be accompanied by more privacy education.

The problem of Puigdemont and Comín could have happened the same with WhatsApp or TelegramBut then why use Signal? That fear that the Spanish government would intercept their communications has ended in a much more mundane way, with a simple oversight that highlights the personal and political situation of the actors involved. All in the supposed case that it has not really been filtered in an interested way.

We hope that from this event, applications such as Signal will continue to grow, but above all, users will be made aware that by the mere fact of using it, our conversations will not be automatically protected.

Signal

Signal4.14.10

In Engadget Android | 8 tips to protect your Android device