THIS POST IS OUTDATED AND WILL NOT BE UPDATED – PLEASE DO NOT TREAT THIS AS ADVICE OR AS AN ACCURATE REPRESENTATION OF THE CURRENT STATE OF AFFAIRS
As a response to the Snowden revelations, the number of messaging apps that promise security against surveillance has rapidly multiplied. There seems to be an emerging consensus – ranging from Edward Snowden to the New York Times – that Signal is the best choice for those nervous about the privacy of their messages.
Indeed, Signal has a number of advantages that set it apart from many competitors: The encryption algorithm that it uses is well-reviewed and most experts in the field think that it can indeed protect against dragnet surveillance. It also allows experts to inspect the source code of the entire app for back doors which makes it more trustworthy than competitors such as WhatsApp. Finally, OpenWhisperSystems – the company that produces Signal – is known to log only minimal information about its users. As a result, when law enforcement agencies demand information about message “metadata” (who messages when with whom), they cannot supply them with much useful information.
However, the question what the best messaging app is for those who want to resist the surveillance state is not as clear-cut as it might seem. The answer to that question depends very much on why you think surveillance is bad.
One possible answer is that you just want to hide information about yourself (which is very often a completely legitimate wish). In that case, the only feature you will care about is whether the encryption can be cracked or whether the app that you use keeps you from accidentally revealing information.
Another reason to care about surveillance is that surveillance undermines collective, public freedom in a democracy by taking away control over the public sphere from citizens. If that is your main worry, then other criteria will become important as well. You will still care about the quality of encryption, but you will also care about whether the messaging app that you use actually allows ordinary people to take back control over their interactions with others.
It is this aspect where some features of Signal become problematic. The most important concern is that Signal is a silo. That means that, if you use Signal, you can only communicate with people who use Signal as well. This not only means that you also have to use the official Signal app and that alternative implementations of the app are discouraged by OpenWhisperSystems. It also means that you have to connect to OpenWhisperSystems servers to communicate with other users. In contrast to a system like e-mail, you cannot choose a provider out of many competing offers. This effectively creates a dependency on OpenWhisperSystems. As users can only communicate if they use OpenWhisperSystems servers, and can only do so using the OpenWhisperSystems version of Signal, it is not possible for users to change any aspect of Signal that they do not like by switching to a competing app or provider.
This is especially important because, while OpenWhisperSystems does not collect any metadata at the moment, they can start doing so at any time because all communications of Signal users go through their servers. If OpenWhisperSystems adopts any policy that goes against users’ interests in the future, users cannot switch providers without losing all their contacts. Perhaps this is unlikely, but it might be desirable to have a system where no single company has that much power.
An alternative to Signal is Riot. Riot is a messaging app that uses a form of encryption that is very similar to the one used by Signal and also allows anyone to inspect its source code. In these respects, Riot promises to be exactly as secure as Signal (but see below for a few issues that are being resolved at this moment; clarification update: Riot’s encryption is still in Beta. Do not use it for anything important until it is out of Beta and has been thoroughly reviewed).
But Riot has other advantages that make it, in some aspects, superior to Signal. Riot is based on the so-called Matrix protocol which is a federated protocol. That means that anyone who wants can run a Matrix server can do so and Riot users from all these servers can communicate with one another. There is no central instance that controls Matrix or Riot. In addition, people are writing alternative clients to access the Matrix/Riot network, implementing their favorite features and workflows. As users can vote with their feet for their own interests and choose providers and apps of their liking, this means that they really control their communication mode, adding an important element of freedom which distinguishes Matrix/Riot from Signal.
Apart from this fundamental difference, there is a number of further advantages of Riot/Matrix over Signal:
These features – together with the fact that Riot has a much better desktop client than Signal and additional features such as video calls – make Riot a better, and more sustainable choice.
It must be mentioned, however, that Riot also has some downsides at the moment:
While these are important issues, it must be mentioned that they are only minor in the sense that they can be fixed by the Riot people (or anyone else) by improving the software underlying it. By contrast, the silo nature of Signal is a structural problem that cannot easily be solved.
If you have reason to suspect that you are personally targeted for surveillance, then the fact that Signal has been more extensively reviewed, is a good enough reason to play safe and use Signal. However, if you want to help test a free and sustainable ecosystem for encrypted communication (clarification update: and if you don’t have to rely on the encryption for anything important as it is still in Beta at the moment), then Riot / Matrix is the better alternative.