iMessage vs. Signal and others

[AMSOS]

Other than iMessages and FaceTime which other texting and audio-video calling service do you use?

Some friends have been telling me to check out Signal that is apparently the most secure app out there. Apparently, other popular apps such as WhatsApp or FB messenger are not as secure.

1- How does iMessage compare with Signal (and these other apps) as far as security and privacy are concerned? I am assuming Signal will not be able to compete on the feature set.

2- Is it sufficient to use an app with end-to-end encryption or are there other important features an app should have or measures one should take for security/privacy?

3- Is there even a point to shifting to a new app because it has the best security/privacy? If the app becomes a hit, one of the big companies - FB/Google/Microsoft - will eventually buy them out.

Thanks!

 

[I7guy]

Signal looks interesting, but my family is on iMessage. The entropy to switch would be amazing.

 

[AMSOS]

The entropy to switch would be amazing.

Exactly. And, even if this happen by some superhuman feat, there's the question of the app being simply bought by one of the giants. And then they can do what they want with it all.

 

[jtara]

Signal is now published by The Signal Foundation, a non-profit organization.

They recently received a $50M donation from one of the founders of WhatsApp, Brian Acton. This was his F U to Facebook!

https://www.wired.com/story/signal-foundation-whatsapp-brian-acton/

That - and that alone - is enough to sway me toward Signal.

They are not going to be "bought out".

 

[AMSOS]

That - and that alone - is enough to sway me toward Signal.

That's amazing. I remember reading how the old team of WhatsApp left seeing the new changes coming in. Also, read something similar about the founder of Instagram.

But, what do you think of iMessage vs. Signal (and the likes)? How is Signal better than iMessage?

 

[jtara]

How is Signal better than iMessage?

Define "better".

With Signal, you can't make fireworks or kittens crawl over the screen. To me, that is "better".

Signal is end-to-end encrypted, and messages are not stored on a server. Signal only has very limited metadata (your phone number) and you supply no personal information. (Though, obviously, a phone number can be easily associated with an individual.) Messages are encrypted at rest on the device.

The server and app code are published open-source. Experts (and anybody who wants) can examine and have examined the source code. You are free to build it yourself and install on your device. (With an Apple developer account.) There is a mechanism for verifying that the app you are running was built from the public code repository.

Apple can and does provide iMessage content in response to subpoenas, etc.

Not that I don't trust Apple, but I don't trust whatever bent government we might have in 20-50 years. Were I younger, I would be more paranoid... The fact that there is the ABILITY for Apple to read the messages is enough to declare it "insecure". Because in the future, they could be compelled to share the data in violation of the promises they have made to users.

 

[willmtaylor]

Define "better".

With Signal, you can't make fireworks or kittens crawl over the screen. To me, that is "better".

Signal is end-to-end encrypted, and messages are not stored on a server. Signal only has very limited metadata (your phone number) and you supply no personal information. (Though, obviously, a phone number can be easily associated with an individual.) Messages are encrypted at rest on the device.

The server and app code are published open-source. Experts (and anybody who wants) can examine and have examined the source code. You are free to build it yourself and install on your device. (With an Apple developer account.) There is a mechanism for verifying that the app you are running was built from the public code repository.

Apple can and does provide iMessage content in response to subpoenas, etc.

Not that I don't trust Apple, but I don't trust whatever bent government we might have in 20-50 years. Were I younger, I would be more paranoid... The fact that there is the ABILITY for Apple to read the messages is enough to declare it "insecure". Because in the future, they could be compelled to share the data in violation of the promises they have made to users.

...well...if it has cats and fireworks....

 

[seezar]

Signal is cross platform so iOS and android users can use the same encryption to message each other.

 

[Apple_Robert]

Signal is excellent. Just remember you can’t save messages or export them. There is no history. That is what privacy is about.

 

[AMSOS]

Apple can and does provide iMessage content in response to subpoenas, etc.

Wait, that’s news to me. I always thought that given end to end encryption there was no way anyone could read message contents without actually breaking the encryption code.

And if it is as you say it is, how some is touted as secure?
[doublepost=1561683324][/doublepost]

With Signal, you can't make fireworks or kittens crawl over the screen. To me, that is "better".

Totally agree!
[doublepost=1561683393][/doublepost]

Signal is end-to-end encrypted, and messages are not stored on a server. Signal only has very limited metadata (your phone number) and you supply no personal information. (Though, obviously, a phone number can be easily associated with an individual.) Messages are encrypted at rest on the device.

Sounds solid. And you’re saying iMessage has none of these features?
[doublepost=1561683662][/doublepost]

Signal is end-to-end encrypted, and messages are not stored on a server. Signal only has very limited metadata (your phone number) and you supply no personal information. (Though, obviously, a phone number can be easily associated with an individual.) Messages are encrypted at rest on the device.

Wonder what you think of Wickr? I hear they are even more secure and private as in don’t even store your phone or email.

 

[MrRabuf]

Other than iMessages and FaceTime which other texting and audio-video calling service do you use?

Just WhatsApp but only when I talk to my European friends since it's so popular over there and what they prefer to use. Aside from that, I have no desire to use anything other than iMessage/FaceTime because almost everyone I regularly talk to has an iPhone and they all use those services as well.

 

[1185544]

Wait, that’s news to me. I always thought that given end to end encryption there was no way anyone could read message contents without actually breaking the encryption code.

And if it is as you say it is, how some is touted as secure?
[doublepost=1561683324][/doublepost]
Totally agree!
[doublepost=1561683393][/doublepost]
Sounds solid. And you’re saying iMessage has none of these features?
[doublepost=1561683662][/doublepost]
Wonder what you think of Wickr? I hear they are even more secure and private as in don’t even store your phone or email.

from what I’ve heard it’s possible for Apple to get your iMessages from a court order by resetting your iCloud password since they hold the keys for it so they could pretty much unlock any iCloud data requested theoretically.

 

[Reksy]

from what I’ve heard it’s possible for Apple to get your iMessages from a court order by resetting your iCloud password since they hold the keys for it so they could pretty much unlock any iCloud data requested theoretically.

Look into Wire. It's amazing. Cross platform as well. My biggest beef with signal is no iPad app.

 

[1185544]

Look into Wire. It's amazing. Cross platform as well. My biggest beef with signal is no iPad app.

Id love to use wire but nobody I know uses it luckily I have some people on signal

 

[MisterSavage]

As for video I was completely shocked that Group Facetime doesn't work on older iPads (it's audio-only) that can handle group calling with other apps. We've been using Google Duo for group video calls and have been really happy with it.

 

[1185544]

As for video I was completely shocked that Group Facetime doesn't work on older iPads (it's audio-only) that can handle group calling with other apps. We've been using Google Duo for group video calls and have been really happy with it.

I just wish signal had group video calling it’s only 1 on 1 unfortunately maybe one day I’ve heard good things about duo though

 

[MisterSavage]

I just wish signal had group video calling it’s only 1 on 1 unfortunately maybe one day I’ve heard good things about duo though

I was underwhelmed with Duo at first when it was just one to one chatting but adding group video changed that.

 

[mike.a]

from what I’ve heard it’s possible for Apple to get your iMessages from a court order by resetting your iCloud password since they hold the keys for it so they could pretty much unlock any iCloud data requested theoretically.

You may be referring to the FBI-Apple encryption dispute involving a San Bernardino shooter covered here
https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute and specifically mentioned in several papers including the LA Times here https://www.latimes.com/business/la-fi-tn-apple-fbi-call-20160219-story.html

However, the LA Times ended with "Apple deliberately changed its iPhone software in 2014 to make it nearly impossible for anyone besides a device’s user to unlock it. It’s now refusing to weaken some of the security measures to provide the government with an easier route in. The company has said allowing even one exception to that policy, including for a terrorism case, would open the floodgates for authorities to seek the same workaround in all types of investigations."

So I'm not sure about the strength of the theoretical "they could pretty much unlock any iCloud data requested" argument at this point — I'm happy to be corrected however.

 

[1185544]

You may be referring to the FBI-Apple encryption dispute involving a San Bernardino shooter covered here
https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute and specifically mentioned in several papers including the LA Times here https://www.latimes.com/business/la-fi-tn-apple-fbi-call-20160219-story.html

However, the LA Times ended with "Apple deliberately changed its iPhone software in 2014 to make it nearly impossible for anyone besides a device’s user to unlock it. It’s now refusing to weaken some of the security measures to provide the government with an easier route in. The company has said allowing even one exception to that policy, including for a terrorism case, would open the floodgates for authorities to seek the same workaround in all types of investigations."

So I'm not sure about the strength of the theoretical "they could pretty much unlock any iCloud data requested" argument at this point — I'm happy to be corrected however.

I believe you’re right in that regard but I believe in apples iCloud security they state iMessage uses end to end encryption in iCloud but when iCloud backup is turned on it backs up your private key with the backup, which does add convenience but makes it so if they got subpoenaed for an iCloud account the messages could be disclosed although Apple could fight giving that key if they wanted to but I haven’t heard that they have since the fbi case.