WhatsApp is the most popular communications app on the planet with over two billion users using it for messaging. Bought by Facebook in 2014, the service popularised the use of end-to-end encryption in day-to-day communications, introducing it as its default for messaging in 2016.
To do so it cooperated with Moxy Marlinspike’s Open Whisper Systems to integrate the Signal encrypted messaging protocol. Microsoft and Google have also used the protocol, widely regarded as the gold standard in encrypted communications.
It has direct and group messaging, as well as one-to-one audio and video chat, and there are very good reasons to opt for secure messaging’s Cool Original flavour over WhatsApp. In February, the European Commission advised its staff to do exactly that.
Here’s why you should use Signal for any conversation where privacy matters – even if that’s just giving your family the shared Disney+ password – and why your friends should, too.
1. Signal has more up-to-date security features
New security features come to Signal first. For example, Signal has had disappearing messages – which are automatically deleted after a specified period of time – since 2016 but the feature is still being tested with small numbers of WhatsApp users.
Signal also has a slightly broader range of clients, with a dedicated client for Linux desktop users – likely to appeal to those in the security and data analysis fields, while WhatsApp directs them to its web app.
2. Signal is open source
All of Signal’s source code is published for anyone to examine and use under a GPLv3 license for clients and an AGPLv3 license for the server. This means that you can see what’s going on inside it – or, more usefully, rely on the specialist expertise of people who review the code and know exactly what they’re looking for.
3. Signal has less potential for hidden vulnerabilities
As a larger platform, WhatsApp is more inviting to malicious actors to start with, but the fact that its codebase is a proprietary closed box means that it may take longer for dangerous vulnerabilities to be detected. Any application can and eventually will suffer vulnerabilities – Signal has resolved a few of its own.
But WhatsApp’s closed-source code (beyond its use of the open Signal protocol) means that there are a lot of potential targets that remain unknown until they’re exploited. A particularly worrying example was a vulnerability in WhatsApp’s VoIP stack, used by intelligence agencies to inject spyware in 2019.
4. You can run your own Signal server (but probably shouldn’t)…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
