Welcome to “Ask a security trainer,” the column where the Digital Security Training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Let’s jump right into this week’s question.
Dear DST,
I’ve been trying to get my family to use the Signal messaging app but they don’t trust it. That led me to wonder as well, why should I trust Signal with my data?
Signed,
Security Skeptic
Subscribe to our digital security newsletter
Our short digital security digest newsletter gives you the newest in security news, what you can do about it, and updates from our team. Subscribe here.
Dear Skeptic, the short answer: Signal offers end-to-end encryption, meaning only people invited to a conversation can read the messages. It retains virtually no metadata. This architecture has led to a strong track record when responding to legal requests. It’s also a free and open source project operated by a nonprofit and has been extensively audited. Our team wouldn’t want to recommend any single piece of software without reservation, but these attributes make us feel much more confident.
The longer answer: These decisions are not just based on trust — they are also based on practicality. For example, who you can talk to on the app and whether you are willing to have yet another app to manage. Let’s not be too partisan on any particular messaging app. They’re just tools, and it could be that another tool works better for you. Likewise, if you’re in a region where this or similar apps would invite increased scrutiny, it might not be the right choice for you.
But there are some meaningful advantages to Signal:
- Signal is built from the ground up to use end-to-end encryption for every conversation, without exception. Many messengers in this space (e.g., Telegram) have optional or limited end-to-end encryption. Others (e.g., WhatsApp) allow you to easily back up unencrypted copies of conversations to Google Drive or iCloud, which could compromise your privacy, and they also typically require sharing your contact list with the service provider. Signal doesn’t mess around here. With Signal, your entire contact list is legible only on your device. Whether you use phone numbers in your “Contacts” app or in Signal itself, or by connecting with people through usernames, Signal doesn’t get a copy of your contact list.
- Signal also does something clever to minimize how much information it has about your conversations. Similar to the way you can send a physical letter in the mail without providing a return address, preventing any intermediaries from being able to read who sent the message, Signal uses a feature called “sealed sender” that prevents even Signal from being able to see who sent a message. It doesn’t stockpile metadata — that is, information about your conversations, such as who spoke to whom and when. Because it uses end-to-end encryption, in practice this means Signal can produce very little in response to government data requests — historically, just the sign-up time and last login time. If you’d like to confirm this for yourself, Signal makes it easy to double-check how it responds to these data requests by making public government requests available.
- Finally, because it’s an open source project, it’s straightforward for the security community to take a close look at the code (and it has done so extensively) to ensure Signal is doing what it promises.
If you’d like to learn more about it, check out our guides to getting started with Signal and how to lock down Signal.
Hope this all helps at your next family meeting!
Securely yours,
Martin Shelton