Last month, cryptographer and programmer Moxie Marlinspike settled on a plane when his seatmate, a midwest man in his sixties, asked for help. He couldn't figure out how to activate airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment whether it was being trolled: there was signal among just a handful of apps installed on the phone.
Marlinspike launched Signal, considered the most secure end-to-end encrypted messaging app in the world, almost five years ago, and now heads the non-profit Signal Foundation, which manages it. But the man on the plane didn't know about it. In fact, he didn't troll Marlinspike, who politely showed him how to activate Airplane Mode and returned the phone.
"I'm trying to remember moments like this when building signal," Marlinspike said in an interview with Wired the day after this flight about a signal-controlled call. "The decisions we make, the app we want to create, have to be for people who don't know how to turn airplane mode on their phone," says Marlinspike.
Marlinspike has always talked about making encrypted communication easy enough for everyone. The difference today is that Signal is finally reaching the mass audience it was always intended for – not just the data protection diehards, activists and cybersecurity nerds who have been its main user base for years – also thanks to a concerted effort The app is more accessible and appeals to the mainstream.
This new phase in Signal's development began two years ago this month. At the time, WhatsApp co-founder Brian Acton, who left months after leaving the app he had created after conflicting with Facebook management after the acquisition, invested $ 50 million in Marlinspike's end-to-end encrypted messaging project. Acton also joined the newly founded Signal Foundation as Executive Chairman. The pairing made sense; WhatsApp had used Signal's open source protocol to encrypt all WhatsApp communications consistently by default, and Acton was unhappy with Facebook's attempts to undermine WhatsApp's privacy.
Since then, Marlinspike's Actons nonprofit has deployed millions – and his experience building an app with billions of users. After years of scraping with just three revised full-time employees, the Signal Foundation now has 20 employees. Signal has been a pure SMS and call app for years and has increasingly developed into a fully equipped mainstream communication platform. With its new encoding muscle, features have been introduced at breakneck speed: Over the past three months, Signal has added support for iPad, short-lived images and videos that should disappear after a single display, downloadable customizable "stickers" and emoji responses. In particular, plans have been announced to introduce a new group messaging system and an experimental method for storing encrypted contacts in the cloud.
"The big transition that Signal went through is from a small effort of three people to something that is now a serious project and has the ability to do what is required for today's software development in the world," says Marlinspike.
Many of these functions may sound trivial. They are certainly not the sort that appealed to the earliest main users of Signal. Instead, Acton calls them "enrichment functions". They were developed to attract ordinary people who want a multifunctional messaging app like WhatsApp, iMessage or Facebook Messenger, but still appreciate the widely trusted security of Signal and the fact that virtually no user data is collected. "This is not just for hyperparanoid security researchers, but for the masses," says Acton. "There is something for everyone in the world."
Even before these crowd-pullers, Signal grew at a rate most startups would envy. When Wired profiled Marlinspike in 2016, he only confirmed that Signal had at least two million users. Today he is still aware of Signal's entire user base, but according to the number of Google Play Stores, more than 10 million downloads have been made on Android alone. Acton adds that another 40 percent of users of the app use iOS.
His adoption has expanded from Black Lives Matters and pro-choice activists in Latin American politicians and political aides – even technically incompetent ones like Rudy Giuliani – to NBA and NFL players. In 2017, it appeared on the hacking show Mr. Robot and the political thriller House of Cards. Last year it emerged as a changing audience in the teen drama Euphoria.
It is not that difficult to identify the functions that the mass audience desires. However, creating even simple-sounding improvements within Signal's privacy restrictions – including a lack of metadata that even WhatsApp doesn't promise – can require significant security engineering efforts and, in some cases, actual new research in cryptography.
Take stickers, one of the simpler recent signal upgrades. On a less secure platform, this type of integration is fairly simple. For Signal, a system had to be designed in which each sticker "pack" is encrypted with a "pack key". This key is self-encrypted and passed from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decoded stickers or even identify the signal user who created or sent them.
Signal's new group messaging, which allows administrators to add and remove people from groups without a signal server ever noticing the members of that group, had to go further. Signal has partnered with Microsoft Research to invent a new form of "anonymous credentials" that can manage a server that belongs to a group without ever knowing the members' identities. "It took some innovation in the world of cryptography," says Marlinspike. "And in the end it's just invisible. It's just groups, and it works the way we expect groups to."
Signal is rethinking how it also tracks its users' social graphics. Another new feature that is being tested and called "Secure Value Restoration" allows you to create an address book for your signal contacts and save them to a signal server instead of simply depending on your phone's contact list. This contact list saved by the server is retained even if you switch to a new phone. To prevent Signal's servers from seeing these contacts, they are encrypted with a key that is stored in the secure SGX enclave and is also intended to hide certain data from the rest of the server's operating system.
This feature could even allow Signal to one day abandon its current system of identifying users based on their phone numbers – a feature that many data protection advocates have criticized for forcing anyone who wants to be contacted through Signal to frequently give out a cell phone number to strangers. Instead, it could securely store permanent identities for users on its servers. "I'm just saying we're thinking about it," says Marlinspike. Safe recovery, he says, "would be the first step in solving this."
The new features add an additional level of complexity that could potentially lead to security gaps in signaling technology, warns Matthew Green, a cryptographer at Johns Hopkins University. Depending on Intel's SGX function, hackers could, for example, steal secrets the next time security researchers uncover a security hole in Intel hardware. For this reason, some of Signal's new functions should ideally be equipped with an opt-out switch. "I hope that's not all or nothing, Moxie gives me the option not to use this," says Green.
Overall, however, Green is impressed by the technology that Signal has brought into its development. And Signal's friendliness to ordinary people is becoming increasingly important as Silicon Valley companies are increasingly under pressure from governments to create encryption backdoors for law enforcement agencies, and Facebook suggests that its own ambitious end-to-end encryption plans are still in place Years are to be realized.
"Signal is thinking hard about how people can get the functionality they want without compromising privacy, and that's really important," adds Green. "If you see Signal as important for secure communication in the future – and may not see Facebook or WhatsApp as reliable – you definitely need to use Signal for a larger group of people. That means you have these features. "
Brian Acton doesn't hide his ambition that Signal could actually become a WhatsApp-sized service. Eventually, Acton not only founded WhatsApp and helped him grow to billions of users, but also came to Yahoo in the early, explosive growth days of the mid-1990s. He thinks he can do it again. "I want Signal to reach billions of users. I know what it takes. I did that," Acton says. "I would love it to happen in the next five years or less."
This wild ambition to have Signal installed on a significant portion of all the phones on the planet is a shift – if not for Acton, then for Marlinspike. Just three years ago, the creator of Signal in an interview with Wired considered that he hoped that Signal could one day "fade", ideally after its encryption had become widespread on other billion-user networks like WhatsApp. Well, it seems, Signal hopes not only to influence the giants of technology, but to become one.
However, Marlinspike argues that Signal's fundamental goals have not changed, only its strategy – and its resources. "It has always been the goal: to create something that people can use for everything," says Marlinspike. "I said we wanted to simplify private communications, make end-to-end encryption ubiquitous, and push the boundaries of privacy protection technology, which is what I meant."
This story originally appeared on wired.com.