Super-secure messaging app Signal has always guaranteed end-to-end encryption, but it’s now looking to push beyond that in order to protect user privacy.
The ‘sealed sender’ update will now hide almost all information relating to the user sending a message. This means that if an individual message is intercepted or scrutinized, the only discernible facts about it will be the transmission time and its intended recipient.
Signal explains how the updates work in a blog post: “While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is.
“It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where the ‘from’ address used to be.”
The same encrypted ‘envelope’ containing the digital message now also has the sender information inside it, rather than out. The sender certificate (a technical way of saying ‘the information on the sender’) is bundled along with the message, encrypted to the same standards, and then decrypted by the target party upon receipt of the message.
It sounds fairly complicated, but if you’re a user you won’t even notice a difference – all this new technology takes place behind the scenes.
You will have to opt in to sealed sender if you want to experience its benefits, though. This is to prevent abuse of the service, as it has great potential to be used as a force for harassment and abuse if not somehow regulated.
The way Signal safeguards against misuse is by offering users a delivery ‘token’. This unique token is linked to your user profile, and must be acknowledged by the recipient before they can open the message – or, in other words, both ends have to agree that they know one another and consent to sealed sender. By leaving it up to the recipient device to decrypt the sender information, Signal is able to facilitate its delivery while being none the wiser as to its sender’s identity.
The technology is still in beta for the time being, but receive a general release as soon as the creases are ironed out. If you’d rather not wait, you can jump straight in by signing up for the Signal open beta program.
Signal has proven its worth as a truly secure messaging app with a terrific track record when it comes to data logging. In October 2016 it was subpoenaed by a US federal grand jury and forced to hand over user data to aid a case. It responded to the subpoena with all the information it could offer: the date the user’s account was created and the date it last connected to the Signal servers.